Assuring Trustworthiness via Structured Assurance Cases
explains under what operating conditions it
is trustworthy. This provides it a
continuously assessable live assurance case
about its operation that it is continuously
reevaluated to determine whether it is still
in a trustworthy state.
where the average user of automobiles
would drive. This is harder for software.
Software’s metrics would revolve around the
requirements, design and development of
the software – ultimate ly ending up with the
software coding and deployment and then
its use in its intended configuration and for
its intended use. With hardware, you can
look at the individual components, and
expand the encompassing component
structure. The tire pressure sensor can be
looked at as one component, then the
sensor and its housing as another
component, then the sensor, housing and
wiring. With software, to do this, you have to
define all the components (SBOM). By
utilizing the assumptions portion of an
assurance case and being rigorous about
capturing the things that need to be
true/available in order for the rest of the
assurance case to be true we can decouple
components from the system of which they
are components. As long as the
encompassing system can make sure the
assumptions are met, we can take trusted
components and put them together into a
system whose trustworthiness is assured.
The core item is to capture, as assumptions,
the things that will make the software
reliability, resilience, safety, security and
privacy possible.
T RUSTWORTHINESS M ODEL
Models of trustworthiness are element to
bringing repeatable and scalable approaches
that can be used across a marketplace or
sector. Trustworthiness Models are a
challenge in an interconnected world and
revolve around describing the acceptable
risks for a system and its context and these
in turn drive the definition of
trustworthiness for that system and its
context. A trustworthiness model needs to
define the required confidence level for the
assurance level of the overall system, its
individual components and connectivity.
Using a trustworthiness model to define
physical equipment trustworthiness has
historical metrics. Currently, to validate and
use a trustworthiness technique for physical
equipment revolves around wear and tear
for the environment, with a lifetime of usage
cycles. For an overall system it can be based
on the composition of the trustworthiness of
the individual components. Using the
automobile example, you can measure the
individual components, such as a tire
pressure sensor operating in cold and hot
environments, water and humidity. The
metrics around the cold and hot
environments, water and humidity can be
defined by the intended use of the physical
equipment. Therefore, a trustworthiness
model would be typically applied to general
environments during multiple seasons
Trustworthiness Criteria
A traditional model around trustworthiness
in the safety world focuses on:
a) Reliability of the components and the
system.
b) Availability of the components and
the system
- 59 -
IIC Journal of Innovation