IIC Journal of Innovation 9th Edition | Page 57

Assuring Trustworthiness via Structured Assurance Cases The assurance case for software and software-enabled systems can include details about the SBOM, why each meets its respective trustworthiness needs, and what the evidence is to support that claim. Additionally, as the software elements are updated and revised, the assurance case for the system can be updated to reflect the current state of the assurance of its trustworthiness. attack patterns and hazard structures that can be executed by attackers or happen in the physical world and are applicable to the software. Mitigation strategies for those attack patterns can be code reviews, design reviews, dynamic testing, fuzzing communications and interfaces, attack surface analysis or pen testing. This can provide confidence that either the vulnerabilities are not there or that their impact to the operations has been mitigated. This process is illustrated in Figure 11 below. G ATHERING AND S HARING E VIDENCE B ASED ON N ORMS & S TANDARDS One of the ways that industry uses to articulate potential software vulnerabilities, so that they can understand when others are talking about the same thing, is through the use of the Common Vulnerabilities and Another key aspect about the software and software-enabled components of a system is the need for a focus on the software’s intended use in supporting its objective and the need to actively try to determine whether the software can be influenced by hazards and attacks and threats in a way that impacts that purpose which the software is supporting or delivering. There are known Known Threats & Hazards Hazard/Attack Activation Patterns (CAPECs) Hazard /Attack Weaknesses (CWEs) Counter Measures - Actions* Technical Mission/Business Impacts Impacts to Mission Capabilities Impact Item Weakness Asset Hazard /Attack Hazard/ Attack Weakness Item Weakness System & System Security Engineering Trades Impact Function Impact Asset Item Weakness “Counter Measures - Actions” include: choices about architecture, design, physical decomposition, and operational approaches; adding/changing security/safety functions, protection schemes, activities & processes; use of static & dynamic code assessments, dynamic testing, physical testing, and pen testing; attack surface & fault-tree analysis, architecture and design reviews ? Most Important Weakness Figure 11: Hazards & Attacks that can impact Mission/Business Functions - 53 - IIC Journal of Innovation