Evidence of Assurance: Laying the Foundation for a Credible Security Case

Abstract

A security case bears considerable resemblance to a legal case, and demonstrates that security claims about a given system are valid. Persuasive argumentation plays a major role, but the credibility of the arguments and of the security case itself ultimately rests on a foundation of evidence. This article describes and gives examples of several of the kinds of evidence that can contribute to a security case. Our main focus is on how to understand, gather, and generate the kinds of evidence that can build a strong foundation for a credible security case.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Aug 01, 2013
Accession Number
AD1098234

Entities

People

  • Charles Weinstock
  • Howard F. Lipson

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber
  • Engineered Resilient Systems

DTIC Thesaurus Topics

  • Best Practices
  • Commerce
  • Computer Programming
  • Computer Science
  • Computers
  • Control Systems
  • Engineering
  • Law
  • Life Cycles
  • Materials
  • Reliability
  • Risk
  • Software Development
  • Systems Engineering
  • Test Methods
  • Trade Associations
  • Vulnerability

Fields of Study

  • Computer science

Readers

  • Government and Public Administration Law.
  • Theoretical Analysis.