Assuring Trustworthiness via Structured Assurance Cases
c) Safety of the components and the
system
mechanisms used to secure data in transit
and rest, software updates and validating
the source, are the next major components.
Newer trustworthiness criteria in the IIoT
world for software and the security of
systems also includes:
Finally, if we had a market ecosystem where
hardware,
services
and
software
components – whether at the part level or
system level – all had assurance cases for
themselves and that set of claims and
assumptions was available to the market, we
could understand what the value of the item
was not only from its functionality and price,
but also from the level of assurance and
integrity it offered to those leveraging it and
how well it could be leveraged and
composed into a system that met their
trustworthiness goals.
d) The integrity and authenticity of the
components and system
e) The confidentiality of the data used
by the components and system
f) The reputability of the data from the
components and system
g) The privacy of the data used by the
components and system
h) The
maintainability
of
the
components and system
i) The ability of the components and
system for easy and modifiable
configuration
j) The resilience of the components
and system to an attack or misuse
k) The usability of the components and
system for its intended use
C ONCLUSIONS
In an ever-increasing connected world with
exponential software components, ensuring
that systems designed today can provide
trustworthiness in security, safety, privacy,
resilience and reliability is necessary.
Understanding how to define what
trustworthiness is by focusing on a definition
of a system’s trustworthiness and
assumptions made can be used to develop
assurance cases. These assurance cases
allow the ability to specify and then measure
the trustworthiness. Using internationally
recognized techniques to build on
assessment capabilities for trustworthiness,
such as CVE, CWE and CAPEC, provide a
robust global standard that would allow an
easy method to communicate the
trustworthiness measure. Recognizing also
that identifying the trustworthiness criteria
that is applicable to the system, in the
environment that it is operating, provides
Trustworthiness Assurance
Finding
ways
to
measure
the
trustworthiness criteria can provide
techniques to measure and qualify the
trustworthiness of a system. Finding ways to
measure (a) to (k) is the new challenge for
defining trustworthiness in the IIoT world.
The first steps are to define the
trustworthiness scale needed for the
intended application. Is it a mission critical
system, a safety system or a general business
application? Defining the expectations for
(a) to (k) is the first step. If the first metric of
integrity and authenticity is investigated,
then looking at the ability for users that are
authorized to use the system, the
September 2018
- 60 -