Assuring Trustworthiness via Structured Assurance Cases
of assurance cases. In this illustration there
are 28 different assurance cases shown.
Each of them can be constructed
independently. If your assumptions are
complete and you can argue that the
assumptions of each case are being fulfilled
by the encompassing system and its
assurance case, then you can compose the
safety, reliability, security, and functional
requirements of your subsystems and their
assurance.
T HE S TRUCTURED A SSURANCE C ASE
Deriving a methodology for trustworthiness
across a marketplace, we believe, requires
building assurance cases. One of the key
ideas with assurance cases is to develop and
gather all the evidence that is going to be
used to convince the stakeholders that the
system properties, the system claims and
requirements are being fulfilled with risks
that are acceptable or known.
There are two main prerequisites in
developing assurance cases:
You can find standards defining the process
and activities of creating an assurance case 1 ,
exchanging assurance cases 2 and using
assurance cases to hold the current
composite state of the systems key
behaviors 4 . Within the IIC Industrial Internet
Reference Architecture 12 and Industrial
Internet Security Framework 4 , we discuss
a) An explicit statement(s) of the
assumptions for the assurance
b) Claim of system trustworthiness and
its sub claims
Figure 10 shows a more realistic assurance
case illustration, which is an assurance case
Figure 10: A Composition of Assurance Cases
12
Industrial Internet Consortium, "Industrial Internet of Things Volume G1: Reference Architecture,”
IIC:PUB:G1:V1.80:PB:20170131, (2017), https://www.iiconsortium.org/IIRA.htm.
- 51 -
IIC Journal of Innovation