Assuring Trustworthiness via Structured Assurance Cases
requirements of the trustworthiness 4,5,6 , and
how can the fulfillment of those
requirements be captured and conveyed to
others and then combined into systems,
components and value-chains.
I NTRODUCTION
This paper proposes key elements of a
process for supporting an open global
marketplace of trustworthy Industrial IoT
(IIoT) Systems. We offer that in such a
marketplace, creating, exchanging and
integrating
components
that
are
trustworthy as well as entering into value-
chain relationships with trustworthy
partners and service suppliers will become
common if we can provide a method for
explicitly defining what is meant by the word
“trustworthy.” The approach in this paper
leverages Structured Assurance Cases 1,2,3 to
explicitly identify the detailed requirements
“about what is needed to know about
something for it to be worthy of trust based
on the risk associated” and to do that in a
methodology that is scalable to differing sets
of hazards and environments; and is
applicable to most sectors, domains, and
industries.
S OFTWARE -E NABLED C ONNECTED
M ICROELECTRONICS
With the advent of the internet of things and
the continued progression of micro
technology
and
software-enabled
connected
microelectronics
(SECM),
addressing the security assurance of the
individual components of a system is
becoming more and more prevalent.
In 1976, for example, there was no software
in a Chevy Vega because there were no
microelectronics. However, over the
subsequent years many of the critical
functions of the car moved from physical
connections to software and networked
Organizations Will Require a Mechanism to
Measure Trust in Their Supply Chain
Questions about trustworthiness that need
to be addressed are, what does it mean to
those involved, how can they measure and
specify the different aspects and
1 ISO/IEC 15026-2 Assurance Case, 2011, https://www.iso.org/obp/ui/#iso:std:iso-iec:15026:-2:ed-1:v1:en
2 Open Group Dependability Through Assuredness (O-DA), 22 Jul 2013, https://publications.opengroup.org/c13f
3 OMG’s Structured Assurance Case Metamodel 2.0 (SACM 2.0), March 2018, https://www.omg.org/spec/SACM
4
Industrial Internet Consortium, "Industrial Internet of Things Volume G4: Security Framework,” IIC:PUB:G4:V1.0:PB:20160926,
(2016), https://www.iiconsortium.org/IISF.htm.
5
Industrial Internet Consortium, "Industrial Internet of Things Volume G8: Vocabulary,” IIC:PUB:G8:V2.0:PB:20170719, (2017),
https://www.iiconsortium.org/vocab/.
6
NIST Interagency Report 7755 Toward a Preliminary Framework for Assessing the Trustworthiness of Software
https://www.nist.gov/publications/toward-preliminary-framework-assessing-trustworthiness-software
- 45 -
IIC Journal of Innovation