{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T17:05:41Z","timestamp":1763831141131,"version":"3.40.3"},"publisher-location":"Cham","reference-count":49,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030522421"},{"type":"electronic","value":"9783030522438"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-52243-8_37","type":"book-chapter","created":{"date-parts":[[2020,7,3]],"date-time":"2020-07-03T11:03:49Z","timestamp":1593774229000},"page":"511-531","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":16,"title":["Recommendations for Effective Security Assurance of Software-Dependent Systems"],"prefix":"10.1007","author":[{"given":"Jason","family":"Jaskolka","sequence":"first","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,7,4]]},"reference":[{"key":"37_CR1","doi-asserted-by":"crossref","unstructured":"McLean, J., Heitmeyer, C.L.: High assurance computer systems: a research agenda. In: America in the Age of Information, National Science and Technology Council Committee on Information and Communications Forum (1995)","DOI":"10.21236\/ADA465571"},{"key":"37_CR2","doi-asserted-by":"publisher","first-page":"68","DOI":"10.1109\/MSECP.2003.1203217","volume":"1","author":"NR Mead","year":"2003","unstructured":"Mead, N.R.: SEHAS 2003: the future of high-assurance systems. IEEE Secur. Priv. 1, 68\u201372 (2003)","journal-title":"IEEE Secur. Priv."},{"key":"37_CR3","unstructured":"Government of Canada: National electric grid security and resilience action plan, December 2016. https:\/\/www.publicsafety.gc.ca\/cnt\/rsrcs\/pblctns\/pln-crtcl-nfrstrctr-2014-17\/index-en.aspx"},{"key":"37_CR4","unstructured":"U.S.A. Department of Homeland Security: National critical infrastructure security and resilience research and development plan, November 2015"},{"key":"37_CR5","unstructured":"Weinstock, C.B., Lipson, H.F.: Evidence of assurance: laying the foundation for a credible security case. Technical report, Software Engineering Institute, August 2013"},{"key":"37_CR6","doi-asserted-by":"crossref","unstructured":"Agudo, I., Vivas, J.L., L\u00f3pez, J.: Security assurance during the software development cycle. In: International Conference on Computer Systems and Technologies, CompSysTech 2009, pp. 20:1\u201320:6 (2009)","DOI":"10.1145\/1731740.1731763"},{"key":"37_CR7","unstructured":"Winograd, T., McKinley, H.L., Oh, L., Colon, M., McGibbon, T., Fedchak, E., Vienneau, R.: Software Security Assurance: A State-of-the Art Report (SOAR). Information Assurance Technology Analysis Center (IATAC), July 2007"},{"key":"37_CR8","unstructured":"Federal Trade Commission: Internet of things: privacy and security in a connected world. FTC Staff Report, Federal Trade Commission, January 2015"},{"key":"37_CR9","unstructured":"Common Criteria Recognition Arrangement: Common Criteria for Information Technology Security Evaluation (CC). No. CCMB-2009-07, Common Criteria Recognition Arrangement, July 2009"},{"key":"37_CR10","unstructured":"Communications Security Establishment Canada: Annex 2 - Information System Security Risk Management Activities: IT Security Risk Management: A Lifecycle Approach. Communications Security Establishment Canada (2012)"},{"key":"37_CR11","unstructured":"Gilsinn, J.D., Schierholz, R.: Security assurance levels: a vector approach to describing security requirements. NIST, October 2010"},{"key":"37_CR12","unstructured":"Chandra, P.: Software assurance maturity model, a guide to building security into software development, version 1.0 (2009). http:\/\/www.opensamm.org\/downloads\/SAMM-1.0.pdf"},{"issue":"3","key":"37_CR13","first-page":"28","volume":"5","author":"CC Woody","year":"2017","unstructured":"Woody, C.C., Ellison, R.J.: Software assurance measurement - establishing a confidence that security is sufficient-establishing a confidence that security is sufficient. J. Cyber Secur. Inf. Syst. 5(3), 28\u201336 (2017)","journal-title":"J. Cyber Secur. Inf. Syst."},{"key":"37_CR14","doi-asserted-by":"crossref","unstructured":"Ross, R.S., McEvilley, M., Oren, J.C.: Systems security engineering: considerations for a multidisciplinary approach in the engineering of trustworthy secure systems. Special Publication (NIST SP) 800-160, NIST, November 2016","DOI":"10.6028\/NIST.SP.800-160"},{"key":"37_CR15","unstructured":"National Institute of Standards and Technology: Framework for improving critical infrastructure cybersecurity, version 1.1, April 2018. https:\/\/nvlpubs.nist.gov\/nistpubs\/CSWP\/NIST.CSWP.04162018.pdf"},{"key":"37_CR16","unstructured":"GSN Working Group: GSN community standard version 2, January 2018"},{"key":"37_CR17","unstructured":"Rushby, J., Xu, X., Rangarajan, M., Weaver, T.L.: Understanding and evaluating assurance cases. NASA Contractor Report NASA\/CR\u20132015-218802, NASA Langley Research Center, September 2015"},{"key":"37_CR18","unstructured":"Rinehart, D.J., Knight, J.C., Rowanhill, J.: Current practices in constructing and evaluating assurance cases with applications to aviation. NASA Contractor Report NASA\/CR\u20132015-218678, NASA Langley Research Center, January 2015"},{"key":"37_CR19","unstructured":"Rushby, J.: The interpretation and evaluation of assurance cases. Technical report, SRI-CSL-15-01, SRI International, July 2015"},{"key":"37_CR20","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"206","DOI":"10.1007\/978-3-642-21292-5_12","volume-title":"Monterey Workshop 2010: Foundations of Computer Software. Modeling, Development, and Verification of Adaptive Systems","author":"A Wassyng","year":"2011","unstructured":"Wassyng, A., Maibaum, T., Lawford, M., Bherer, H.: Software certification: is there a case against safety cases? In: Calinescu, R., Jackson, E. (eds.) Monterey Workshop 2010: Foundations of Computer Software. Modeling, Development, and Verification of Adaptive Systems. LNCS, vol. 6662, pp. 206\u2013227. Springer, Heidelberg (2011)"},{"key":"37_CR21","unstructured":"Alexander, R., Hawkins, R., Kelly, T.: Security assurance cases: motivation and the state of the art. Technical report CESG\/TR\/2011\/1, University of York, April 2011"},{"key":"37_CR22","unstructured":"Weinstock, C.B., Lipson, H.F., Goodenough, J.B.: Arguing security - creating security assurance cases. Technical report, Software Engineering Institute, January 2007"},{"key":"37_CR23","unstructured":"U.S.A. Computer Emergency Readiness Team: Build security in: setting a standard for software assurance (2015). https:\/\/www.us-cert.gov\/bsi"},{"key":"37_CR24","doi-asserted-by":"crossref","unstructured":"Jaskolka, J.: Challenges in assuring security and resilience of advanced metering infrastructure. In: 18th Annual IEEE Canada Electrical Power and Energy Conference, EPEC 2018, pp. 1\u20136 (2018)","DOI":"10.1109\/EPEC.2018.8598444"},{"key":"37_CR25","unstructured":"U.S.A. Department of Homeland Security: Sector risk snapshots, March 2014"},{"issue":"4","key":"37_CR26","doi-asserted-by":"publisher","first-page":"2820","DOI":"10.1109\/COMST.2017.2720195","volume":"19","author":"MR Asghar","year":"2017","unstructured":"Asghar, M.R., D\u00e1n, G., Miorandi, D., Chlamtac, I.: Smart meter data privacy: a survey. IEEE Commun. Surv. Tutor. 19(4), 2820\u20132835 (2017)","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"37_CR27","unstructured":"Ibarra, I., Ward, D.: Assurance cases to argue system resilience properties for road vehicles. In: 2013 Workshop on Human Factors in the Safety and Security of Critical Systems, March 2013"},{"key":"37_CR28","doi-asserted-by":"crossref","unstructured":"Pantazopoulos, P., Haddad, S., Lambrinoudakis, C., Kalloniatis, C., Maliatsos, K., Kanatas, A., Var\u00e1di, A., Gay, M., Amditis, A.: Towards a security assurance framework for connected vehicles. In: 19th IEEE International Symposium on A World of Wireless, Mobile and Multimedia Networks, pp. 1\u20136 (2018)","DOI":"10.1109\/WoWMoM.2018.8449811"},{"issue":"5","key":"37_CR29","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1109\/MDAT.2015.2462720","volume":"32","author":"A Wassyng","year":"2015","unstructured":"Wassyng, A., Singh, N.K., Geven, M., Proscia, N., Wang, H., Lawford, M., Maibaum, T.: Can product-specific assurance case templates be used as medical device standards? IEEE Des. Test 32(5), 45\u201355 (2015)","journal-title":"IEEE Des. Test"},{"key":"37_CR30","unstructured":"Jackson, D., Thomas, M., Millett, L.I. (eds.): Software for Dependable Systems: Sufficient Evidence? National Academies Press, Washington, DC (2007)"},{"key":"37_CR31","unstructured":"U.S.A. Department of Defense: Trusted Computer System Evaluation Criteria (TCSEC). No. DoD 5200.28-STD in Defense Department Rainbow Series (Orange Book), Department of Defense\/National Computer Security Center, December 1985"},{"key":"37_CR32","doi-asserted-by":"publisher","first-page":"75","DOI":"10.2201\/NiiPi.2008.5.8","volume":"5","author":"A Nhlabatsi","year":"2008","unstructured":"Nhlabatsi, A., Laney, R., Nuseibeh, B.: Feature interaction: the security threat from within software systems. Prog. Inform. 5, 75\u201389 (2008)","journal-title":"Prog. Inform."},{"key":"37_CR33","volume-title":"Secure by Design","author":"D Deogun","year":"2018","unstructured":"Deogun, D., Sawano, D., Bergh Johnsson, D.: Secure by Design. Manning Publications Company, Shelter Island (2018)"},{"key":"37_CR34","unstructured":"Tverdyshev, S.: Security by design: introduction to MILS. In: International Workshop on MILS: Architecture and Assurance for Secure Systems (2017)"},{"key":"37_CR35","volume-title":"DevOps: A Software Architect\u2019s Perspective","author":"L Bass","year":"2015","unstructured":"Bass, L., Weber, I., Zhu, L.: DevOps: A Software Architect\u2019s Perspective. Addison-Wesley Professional, New York (2015)"},{"key":"37_CR36","volume-title":"Threat Modeling: Designing for Security","author":"A Shostack","year":"2014","unstructured":"Shostack, A.: Threat Modeling: Designing for Security. Wiley, Hoboken (2014)"},{"key":"37_CR37","doi-asserted-by":"publisher","DOI":"10.1002\/9781118988374","volume-title":"Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis","author":"T UcedaV\u00e9lez","year":"2015","unstructured":"UcedaV\u00e9lez, T., Morana, M.M.: Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis, 1st edn. Wiley, Hoboken (2015)","edition":"1"},{"key":"37_CR38","unstructured":"Chong, S., Guttman, J., Datta, A., Myers, A., Pierce, B., Schaumont, P., Sherwood, T., Zeldovich, N.: Report on the NSF workshop on formal methods for security. Technical report (2016). http:\/\/arxiv.org\/abs\/1608.00678"},{"key":"37_CR39","unstructured":"Mandrioli, D.: The role of formal methods in developing high assurance systems: some old and some less old thoughts. In: Workshop on Software Engineering for High Assurance Systems, SEHAS 2003, pp. 29\u201332 (2003)"},{"key":"37_CR40","doi-asserted-by":"crossref","unstructured":"Rouland, Q., Hamid, B., Jaskolka, J.: Formalizing reusable communication models for distributed systems architecture. In: 8th International Conference on Model and Data Engineering, MEDI 2018, pp. 198\u2013216 (2018)","DOI":"10.1007\/978-3-030-00856-7_13"},{"key":"37_CR41","unstructured":"International Electrotechnical Commission: IEC Standard: 62351, May 2007. http:\/\/www.iec.ch\/smartgrid\/standards\/"},{"key":"37_CR42","unstructured":"The Smart Grid Interoperability Panel\u2013Smart Grid Cybersecurity Committee: Guidelines for smart grid cybersecurity: Volume 1 \u2013 smart grid cybersecurity strategy, architecture, and high-level requirements. Interagency Report NISTIR 7628 Revision 1, NIST, September 2014"},{"key":"37_CR43","unstructured":"Dobbing, B., Lautieri, S.: SafSec methodology: Standard 3.1. SafSec: Integration of Safety & Security Certification S.P1199.50.2, Altran Praxis, November 2006"},{"key":"37_CR44","unstructured":"U.S.A. Department of Defense: DoD Instruction 8510.01, Risk Management Framework (RMF) for DoD Information Technology (IT), March 2014. http:\/\/www.nist.gov\/cyberframework\/upload\/cybersecurity-framework-021214.pdf"},{"key":"37_CR45","unstructured":"U.K. Department of Trade & Industry: Information Technology Security Evaluation Criteria (ITSEC), COM(90) 314. Department of Trade & Industry, June 1991"},{"key":"37_CR46","unstructured":"Communications Security Establishment Canada: Canadian Trusted Computer Product Evaluation Criteria (CTCPEC). Communications Security Establishment Canada (1993)"},{"key":"37_CR47","unstructured":"Feiler, P.: Automated assurance of security-policy enforcement in critical systems. SEI Blog, February 2018. https:\/\/insights.sei.cmu.edu\/sei_blog\/2018\/02\/automated-assurance-of-security-policy-enforcement-in-critical-systems.html"},{"key":"37_CR48","doi-asserted-by":"crossref","unstructured":"Sljivo, I., Gallina, B.: Building multiple-viewpoint assurance cases using assumption\/guarantee contracts. In: 10th European Conference on Software Architecture Workshops, ECSAW 2016, pp. 39:1\u201339:7. ACM (2016)","DOI":"10.1145\/2993412.3007555"},{"key":"37_CR49","volume-title":"Hands-On Security in DevOps: Ensure Continuous Security, Deployment, and Delivery with DevSecOps","author":"THC Hsu","year":"2018","unstructured":"Hsu, T.H.C.: Hands-On Security in DevOps: Ensure Continuous Security, Deployment, and Delivery with DevSecOps. Packt Publishing Ltd., Birmingham (2018)"}],"container-title":["Advances in Intelligent Systems and Computing","Intelligent Computing"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-52243-8_37","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,10,31]],"date-time":"2022-10-31T23:59:20Z","timestamp":1667260760000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-52243-8_37"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030522421","9783030522438"],"references-count":49,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-52243-8_37","relation":{},"ISSN":["2194-5357","2194-5365"],"issn-type":[{"type":"print","value":"2194-5357"},{"type":"electronic","value":"2194-5365"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"4 July 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SAI","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Science and Information Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"London","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Kingdom","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 July 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 July 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"sai2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/saiconference.com\/Computing","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}