Assuring Trustworthiness via Structured Assurance Cases
The assurance case for software and
software-enabled systems can include
details about the SBOM, why each meets its
respective trustworthiness needs, and what
the evidence is to support that claim.
Additionally, as the software elements are
updated and revised, the assurance case for
the system can be updated to reflect the
current state of the assurance of its
trustworthiness.
attack patterns and hazard structures that
can be executed by attackers or happen in
the physical world and are applicable to the
software. Mitigation strategies for those
attack patterns can be code reviews, design
reviews,
dynamic
testing,
fuzzing
communications and interfaces, attack
surface analysis or pen testing. This can
provide confidence that either the
vulnerabilities are not there or that their
impact to the operations has been
mitigated. This process is illustrated in Figure
11 below.
G ATHERING AND S HARING E VIDENCE
B ASED ON N ORMS & S TANDARDS
One of the ways that industry uses to
articulate potential software vulnerabilities,
so that they can understand when others are
talking about the same thing, is through the
use of the Common Vulnerabilities and
Another key aspect about the software and
software-enabled components of a system is
the need for a focus on the software’s
intended use in supporting its objective and
the need to actively try to determine
whether the software can be influenced by
hazards and attacks and threats in a way that
impacts that purpose which the software is
supporting or delivering. There are known
Known
Threats
& Hazards
Hazard/Attack
Activation
Patterns
(CAPECs)
Hazard
/Attack
Weaknesses
(CWEs)
Counter
Measures
- Actions*
Technical Mission/Business
Impacts
Impacts to
Mission
Capabilities
Impact
Item
Weakness
Asset
Hazard
/Attack
Hazard/
Attack
Weakness Item
Weakness System &
System Security
Engineering
Trades
Impact
Function
Impact
Asset
Item
Weakness
“Counter Measures - Actions” include:
choices about architecture, design, physical decomposition, and operational approaches;
adding/changing security/safety functions, protection schemes, activities & processes;
use of static & dynamic code assessments, dynamic testing, physical testing, and pen testing;
attack surface & fault-tree analysis, architecture and design reviews
?
Most
Important
Weakness
Figure 11: Hazards & Attacks that can impact Mission/Business Functions
- 53 -
IIC Journal of Innovation