Skip to main content
Conference ProceedingsOPEN ACCESS

Evaluating security assurance case adaptation

Proceedings of the Annual Hawaii International Conference on System Sciences (2019) 2019-January 7312-7321
DOI: 10.24251/hicss.2019.878
6Citations
Citations of this article
5Readers
Mendeley users who have this article in their library.

Abstract

Security certification processes for information systems involve expressing security controls as functional and non-functional requirements, monitoring deployed mechanisms that satisfy the requirements, and measuring the degree of confidence in system compliance. With the potential for systems to perform runtime self-adaptation, functional changes to remedy system performance may impact security control compliance. This impact can extend throughout a network of related controls causing significant degradation to the system's overall compliance status. We represent security controls as security assurance cases and implement them in XML for management and evaluation. The approach maps security controls to softgoals, introducing achievement weights to the assurance case structure as the foundation for determining security softgoal satisficing levels. Potential adaptations adjust the achievement weights to produce different satisficing levels. We show how the levels can be propagated within the network of related controls to assess the overall security control compliance of a potential adaptation.

References Powered by Scopus

GenProg: A generic method for automatic software repair

IEEE Transactions on Software Engineering
834Citations
N/AReaders
Get full text

Representing and Using Nonfunctional Requirements: A Process-Oriented Approach

IEEE Transactions on Software Engineering
662Citations
N/AReaders
Get full text

Evaluating the effectiveness of the rainbow self-adaptive system

Proceedings of the 2009 ICSE Workshop on Software Engineering for Adaptive and Self-Managing Systems, SEAMS 2009
112Citations
N/AReaders
Get full text
View more at Scopus

Cited by Powered by Scopus

AC-ROS: Assurance case driven adaptation for the robot operating system

Proceedings - 23rd ACM/IEEE International Conference on Model Driven Engineering Languages and Systems, MODELS 2020
27Citations
N/AReaders
Get full text

MAPE-SAC: A framework to dynamically manage security assurance cases

Proceedings - 2019 IEEE 4th International Workshops on Foundations and Applications of Self* Systems, FAS*W 2019
7Citations
N/AReaders
Get full text

Assessing adaptations based on change impacts

Proceedings - 2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems, ACSOS 2020
3Citations
N/AReaders
Get full text
View more at Scopus

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Cite

CITATION STYLE

APA

Jahan, S., Marshall, A., & Gamble, R. F. (2019). Evaluating security assurance case adaptation. In Proceedings of the Annual Hawaii International Conference on System Sciences (Vol. 2019-January, pp. 7312–7321). IEEE Computer Society. https://doi.org/10.24251/hicss.2019.878

Readers' Seniority

Tooltip

PhD / Post grad / Masters / Doc 1

50%

Researcher 1

50%

Readers' Discipline

Tooltip

Arts and Humanities 1

50%

Engineering 1

50%

Save time finding and organizing research with Mendeley

Sign up for free