{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2022,4,4]],"date-time":"2022-04-04T10:18:22Z","timestamp":1649067502835},"reference-count":35,"publisher":"IGI Global","issue":"1","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013,1]]},"abstract":"<jats:p>In this paper, the authors present a new method for writing assurance cases. Assurance cases are documented bodies of evidence that provide a convincing and valid argument that a system is adequately dependable for a given application in a given environment. Assurance cases have been used mostly in the safety field, but are now beginning to be widely applied in other areas. Cyber security is one such area, and recently, assuring security of cyber systems has become crucial. Several methods and various guidelines for writing assurance cases have been used. Unfortunately, only experts are currently able to write assurance cases, and it is still difficult for ordinary engineers to write them. This paper presents a new method for writing assurance cases. The main ideas are that (1) documents generated and used during the system lifecycle must be either used by the assurance cases or must be referred to in the assurance cases, and (2) typical patterns exist for assurance cases, and these patterns have not yet been well discussed. This paper presents the preliminary steps in developing a method for writing assurance cases. The authors also report on a preliminary experiment carried out on a web server demo system.<\/jats:p>","DOI":"10.4018\/jsse.2013010103","type":"journal-article","created":{"date-parts":[[2013,4,9]],"date-time":"2013-04-09T19:28:15Z","timestamp":1365535695000},"page":"31-49","source":"Crossref","is-referenced-by-count":1,"title":["A New Method for Writing Assurance Cases"],"prefix":"10.4018","volume":"4","author":[{"given":"Yutaka","family":"Matsuno","sequence":"first","affiliation":[{"name":"Strategy Office, Information and Communications Headquarters, Nagoya University, Furo-Cho, Chikusa-ku, Nagoya, Japan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shuichiro","family":"Yamamoto","sequence":"additional","affiliation":[{"name":"Strategy Office, Information and Communications Headquarters, Nagoya University, Furo-Cho, Chikusa-ku, Nagoya, Japan"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"2432","reference":[{"key":"jsse.2013010103-0","unstructured":"Adelard. (1998). Adelard safety case development manual. London, UK: Adelard."},{"key":"jsse.2013010103-1","unstructured":"Adelard. (n.d.). Claims, Arguments and Evidence (CAE). Retrieved from http:\/\/www.adelard.com\/web\/hnav\/ASCE\/choosingasce\/cae.html"},{"key":"jsse.2013010103-2","unstructured":"Alexander, R., Hawkins, R., & Kelly, T. (2011). Security assurance cases: Motivation and the state of the art (Tech. Rep. CESG\/TR\/2011\/1). York, UK: High Integrity Systems Engineering, Department of Computer Science, University of York. Retrieved from http:\/\/www-users.cs.york.ac.uk\/~rda\/York%20CESG%20security%20case%20report%20i1_1.pdf"},{"key":"jsse.2013010103-3","unstructured":"Alexander, R., Kelly, T., Kurd, Z., & McDermid, J. (2007). Safety cases for advanced control software: Safety case patterns (Tech. Rep.). York, UK: Department of Computer Science, University of York. Retrieved from http:\/\/www.dtic.mil\/cgi-bin\/GetTRDoc?AD=ADA491299"},{"key":"jsse.2013010103-4","doi-asserted-by":"crossref","unstructured":"Ankrum, T. S., & Kromholz, A. H. (2005, October 12-14). Structured assurance cases: Three common standards. In Proceedings of the International IEEE Symposium High Assurance Systems 2005, Heidelberg, Germany.","DOI":"10.1109\/HASE.2005.20"},{"key":"jsse.2013010103-5","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2004.2"},{"key":"jsse.2013010103-6","unstructured":"Basili, V. (2005). Using measurement to build core competencies in software. In Proceedings of the Seminar sponsored by Data and Analysis Center for Software."},{"key":"jsse.2013010103-7","doi-asserted-by":"crossref","DOI":"10.7551\/mitpress\/9780262026437.001.0001","author":"P.Besnard","year":"2008","journal-title":"Elements of argumentation"},{"key":"jsse.2013010103-8","doi-asserted-by":"crossref","unstructured":"Bishop, P., & Bloomfield, R. (1998). A methodology for safety case development. In Proceedings of the 6th Safety-critical Systems Symposium, Birmingham, UK.","DOI":"10.1007\/978-1-4471-1534-2_14"},{"key":"jsse.2013010103-9","doi-asserted-by":"crossref","unstructured":"Bloomfield, R., & Bishop, P. (2010). Safety and assurance cases: Past, present and possible future \u2013 an Adelard perspective. In Proceedings of the 18th Safety-Critical Systems Symposium.","DOI":"10.1007\/978-1-84996-086-1_4"},{"key":"jsse.2013010103-10","doi-asserted-by":"crossref","unstructured":"Bloomfield, R., Littlewood, B., & Wright, D. (2007, June 25-28). Confidence: Its role in dependability cases for risk assessment. In Proceedings of the Dependable Systems and Networks 2007, Edinburgh, UK.","DOI":"10.1109\/DSN.2007.29"},{"key":"jsse.2013010103-11","unstructured":"Build Security In. (2012). Build security in home. Retrieved from https:\/\/buildsecurityin.us-cert.gov\/bsi\/home.html"},{"key":"jsse.2013010103-12","unstructured":"Community, G. S. N. (2011). GSN community standard version 1. Retrieved from http:\/\/www.goalstructuringnotation.info\/documents\/GSN_Standard.pdf"},{"key":"jsse.2013010103-13","author":"D. W.Cullen","year":"1990","journal-title":"The public inquiry into the Piper Alpha Disaster"},{"key":"jsse.2013010103-14","unstructured":"D-Case Editor. (2011). D-case editor: A typed assurance case editor. Retrieved from http:\/\/www.dependable-os.net\/tech\/D-CaseEditor\/"},{"key":"jsse.2013010103-15","doi-asserted-by":"crossref","unstructured":"Denney, E., Pai, G., & Habli, I. (2012, June 25-28). Perspectives on software safety case development for unmanned aircraft. In Proceedings of the Dependable Systems and Networks 2012, Boston, MA.","DOI":"10.1109\/DSN.2012.6263939"},{"key":"jsse.2013010103-16","unstructured":"DEOS. (2012). Whitepaper of JST CREST dependable embedded operating system (DEOS) for practical use research area. Retrieved from http:\/\/www.dependable-os.net\/en\/topics\/file\/White_Paper_V3.0aE.pdf"},{"key":"jsse.2013010103-17","unstructured":"Despotou, G. (2007). Managing the evolution of dependability cases for systems of systems. PhD Thesis. High Integrity Research Group, Department of Computer Science, University of York, York, UK. YCST-2007-16."},{"key":"jsse.2013010103-18","unstructured":"Dobbing, B., & Lautieri, S. (2006). SafSec methodology: Standard (3.1. ed.). Bath, UK: Altran Praxis"},{"key":"jsse.2013010103-19","unstructured":"Eurocontrol. (2006). European organisation for the safety of air navigation. Safety Case development manual."},{"key":"jsse.2013010103-20","unstructured":"Homepage, K. A. O. S. (n.d.). Goal-driven requirements engineering: the KAOS approach. Retrieved from http:\/\/www.info.ucl.ac.be\/~avl\/ReqEng.html"},{"key":"jsse.2013010103-21","doi-asserted-by":"crossref","unstructured":"Howell, C. (2004, June 28-July 1). Workshop on assurance cases: Best practices, possible obstacles, and future opportunities. In Proceedings of the International Conference on Dependable Systems and Networks 2004, Florence, Italy.","DOI":"10.1109\/DSN.2004.1311964"},{"key":"jsse.2013010103-22","author":"D.Jackson","year":"2007","journal-title":"Software for dependable systems: Sufficient evidence?"},{"key":"jsse.2013010103-23","unstructured":"Japan National Police Agency. (2012). A report on cyber criminals arrested in January to June, 2012. Retrieved from http:\/\/www.npa.go.jp\/cyber\/statics\/h24\/pdf01-1.pdf"},{"key":"jsse.2013010103-24","doi-asserted-by":"publisher","DOI":"10.4018\/978-1-59140-375-3.ch006"},{"key":"jsse.2013010103-25","doi-asserted-by":"crossref","unstructured":"Kazman, R., Klein, M., Barbacci, M., Lipson, H., Longstaff, T., & Carriere, J. C. (1998, August 10-14). Architecture tradeoff analysis method. In Proceedings of International Conference on Engineering of Complex Computer Systems, Monteray, CA.","DOI":"10.21236\/ADA350761"},{"key":"jsse.2013010103-26","unstructured":"Kelly, T. (1998). Arguing safety, a systematic approach to managing safety cases. Unpublished PhD thesis, Department of Computer Science, University of York, York, UK."},{"key":"jsse.2013010103-27","unstructured":"Kelly, T. (2007, June 25-28). Reviewing assurance arguments \u2013 A step-by-step approach, In Proceedings of the International Conference on Dependable Systems and Networks 2007, Edinburgh, UK."},{"key":"jsse.2013010103-28","unstructured":"Kelly, T., & Weaver, R. (2004). The Goal Structuring Notation \u2013 a safety argument notation. In Proceedings of DSN 2004, Workshop on Assurance Cases."},{"key":"jsse.2013010103-29","unstructured":"Leveson, N. (2011). The use of safety cases in certification and regulation (ESD Working Paper Series). Cambridge, MA: MIT. Retrieved from http:\/\/sunnyday.mit.edu\/SafetyCases.pdf"},{"key":"jsse.2013010103-30","unstructured":"Lipson, H., & Weinstock, C. (2008). Evidence of assurance: Laying the foundation for a credible security case. Retrieved from https:\/\/buildsecurityin.us-cert.gov\/bsi\/articles\/knowledge\/assurance\/973-BSI.html"},{"key":"jsse.2013010103-31","doi-asserted-by":"crossref","unstructured":"Matsuno, Y., Takamura, H., & Ishikawa, Y. (2010, November 3-4). A dependability case editor with pattern library. In Proceedings of the IEEE High Assurance Systems Engineering Symposium, San Jose, CA (pp. 170-171).","DOI":"10.1109\/HASE.2010.26"},{"key":"jsse.2013010103-32","unstructured":"Menon, C., Hawkins, R., & McDermid, J. (2007, June 1). Defense standard 00-56, Issue 4: Towards evidence-based safety standards. London, UK: Ministry of Defence."},{"key":"jsse.2013010103-33","author":"S.Toulmin","year":"1958","journal-title":"The use of argument"},{"key":"jsse.2013010103-34","author":"C. B.Weinstock","year":"2004","journal-title":"Dependability cases (Tech Note CMU\/SEI-2004-TN-016)"}],"container-title":["International Journal of Secure Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=76354","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,7,25]],"date-time":"2020-07-25T04:04:09Z","timestamp":1595649849000},"score":1,"resource":{"primary":{"URL":"http:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/jsse.2013010103"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2013,1]]},"references-count":35,"journal-issue":{"issue":"1"},"URL":"https:\/\/doi.org\/10.4018\/jsse.2013010103","relation":{},"ISSN":["1947-3036","1947-3044"],"issn-type":[{"value":"1947-3036","type":"print"},{"value":"1947-3044","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013,1]]}}}