Constructing security cases based on formal verification of security requirements in alloy - IRIT - Université Toulouse Jean Jaurès Access content directly
Conference Papers Year : 2023

Constructing security cases based on formal verification of security requirements in alloy

Abstract

Assuring that security requirements have been met in design phases is less expensive compared with changes after system development. Security-critical systems deployment requires providing security cases demonstrating whether the design adequately incorporates the security requirements. Building arguments and generating evidence to support the claims of an assurance case is of utmost importance and should be done using a rigorous mathematical basis, namely formal methods. In this paper, we propose an approach that uses formal methods to construct security assurance cases. This approach takes a list of security requirements as input and generates security cases to assess their fulfillment. Furthermore, we define security argument patterns supported by the formal verification results presented using the GSN pattern notation. The overall approach is validated through a case study involving an autonomous drone
Embargoed file
Embargoed file
0 1 14
Year Month Jours
Avant la publication
Saturday, April 6, 2024
Embargoed file
Saturday, April 6, 2024
Please log in to request access to the document

Dates and versions

cea-04232793 , version 1 (09-10-2023)

Identifiers

Cite

Marwa Zeroual, Brahim Hamid, Morayo Adedjouma, Jason Jaskolka. Constructing security cases based on formal verification of security requirements in alloy. 42nd International Conference on Computer Safety, Reliability and Security (SAFECOMP 2023) Workshops, Sep 2023, Toulouse, France. pp.15-25, ⟨10.1007/978-3-031-40953-0_2⟩. ⟨cea-04232793⟩
108 View
19 Download

Altmetric

Share

Gmail Facebook X LinkedIn More