TY - JOUR KW - ASCE plug-in KW - OTS component assessment KW - Safety case core KW - security KW - vulnerability KW - web service AU - Kateryna Netkachova AB -
The paper introduces a general concept of Safety Case Core, which is an extension of the Safety Case methodology. The definition of the safety case core is provided, the scope, principles and structure of a core are outlined, and a general set-theoretical model is presented. An approach to tracking and managing vulnerability information, assessing security and reliability characteristics of ready-made software components is discussed. To demonstrate the practical relevance and applicability of the proposed approach, a safety case core for assessing off-the-shelf components is developed. The database schema of the developed safety case core, modelled using the entity-relationship diagram, is presented; the important design and implementation details and techniques are outlined. The integration of the core with ASCE software tool as a plug-in and implementation as a web service for off-the-shelf component assessment are presented.
BT - Information & Security: An International Journal DA - 2012 DO - http://dx.doi.org/10.11610/isij.2823 IS - 2 LA - eng M1 - 23 N2 -The paper introduces a general concept of Safety Case Core, which is an extension of the Safety Case methodology. The definition of the safety case core is provided, the scope, principles and structure of a core are outlined, and a general set-theoretical model is presented. An approach to tracking and managing vulnerability information, assessing security and reliability characteristics of ready-made software components is discussed. To demonstrate the practical relevance and applicability of the proposed approach, a safety case core for assessing off-the-shelf components is developed. The database schema of the developed safety case core, modelled using the entity-relationship diagram, is presented; the important design and implementation details and techniques are outlined. The integration of the core with ASCE software tool as a plug-in and implementation as a web service for off-the-shelf component assessment are presented.
PY - 2012 SP - 286 EP - 295 T2 - Information & Security: An International Journal TI - Model and Implementation of Safety Case Cores VL - 28 ER -