01432nas a2200217 4500000000100000000000100001000000100002008004100003260000900044653001700053653002900070653002100099653001300120653001800133653001600151100002400167245005000191300001200241490000700253520095400260 2012 d c201210aASCE plug-in10aOTS component assessment10aSafety case core10asecurity10avulnerability10aweb service1 aKateryna Netkachova00aModel and Implementation of Safety Case Cores a286-2950 v283 a
The paper introduces a general concept of Safety Case Core, which is an extension of the Safety Case methodology. The definition of the safety case core is provided, the scope, principles and structure of a core are outlined, and a general set-theoretical model is presented. An approach to tracking and managing vulnerability information, assessing security and reliability characteristics of ready-made software components is discussed. To demonstrate the practical relevance and applicability of the proposed approach, a safety case core for assessing off-the-shelf components is developed. The database schema of the developed safety case core, modelled using the entity-relationship diagram, is presented; the important design and implementation details and techniques are outlined. The integration of the core with ASCE software tool as a plug-in and implementation as a web service for off-the-shelf component assessment are presented.