Model and Implementation of Safety Case Cores

Publication Type:

Journal Article

Source:

Information & Security: An International Journal, Volume 28, Issue 2, Number 23, p.286-295 (2012)

Keywords:

ASCE plug-in, OTS component assessment, Safety case core, security, vulnerability, web service

Abstract:

The paper introduces a general concept of Safety Case Core, which is an extension of the Safety Case methodology. The definition of the safety case core is provided, the scope, principles and structure of a core are outlined, and a general set-theoretical model is presented. An approach to tracking and managing vulnerability information, assessing security and reliability characteristics of ready-made software components is discussed. To demonstrate the practical relevance and applicability of the proposed approach, a safety case core for assessing off-the-shelf components is developed. The database schema of the developed safety case core, modelled using the entity-relationship diagram, is presented; the important design and implementation details and techniques are outlined. The integration of the core with ASCE software tool as a plug-in and implementation as a web service for off-the-shelf component assessment are presented.