Assurance cases are widely used in the safely domain, where they pro-vide a way to justify the safety of a system and render that justification open to review. Assurance cases have not been widely used in security, but there is guid-ance available and there have been some promising experiments. There are a number of differences between safety and security which have implications for how we create security cases, but they do not appear to be insurmountable. It appears that the process of creating a security case is compatible with typical evaluation processes, and will have additional benefits in terms of training and corporate memory. In this paper we discuss some of the implications and chal-lenges of applying the practice of assurance case construction from the safety domain to the security domain.
|Published - Feb 2017