Using argumentation to evaluate software assurance standards

↓ Direkt till sidans innehåll
↓ Direkt till sidans sekundära innehåll (sidomenyn)

Sökning: onr:"swepub:oai:DiVA.org:mdh-18676" > Using argumentation...

1 av 1
Föregående post
Nästa post
Till träfflistan

Graydon, PatrickMälardalens högskola,Akademin för hälsa, vård och välfärd (författare)

Using argumentation to evaluate software assurance standards

Artikel/kapitelEngelska2013

Förlag, utgivningsår, omfång ...

Elsevier BV,2013
printrdacarrier

Nummerbeteckningar

LIBRIS-ID:oai:DiVA.org:mdh-18676
https://urn.kb.se/resolve?urn=urn:nbn:se:mdh:diva-18676URI
https://doi.org/10.1016/j.infsof.2013.02.008DOI

Kompletterande språkuppgifter

Språk:engelska
Sammanfattning på:engelska

Ingår i deldatabas

SwePubSwePub

Klassifikation

Ämneskategori:ref swepub-contenttype
Ämneskategori:art swepub-publicationtype

Anmärkningar

Context: Many people and organisations rely upon software safety and security standards to provide confidence in software intensive systems. For example, people rely upon the Common Criteria for Information Technology Security Evaluation to establish justified and sufficient confidence that an evaluated information technology product's contributions to security threats and threat management are acceptable. Is this standard suitable for this purpose? Objective: We propose a method for assessing whether conformance with a software safety or security standard is sufficient to support a conclusion such as adequate safety or security. We hypothesise that our method is feasible and capable of revealing interesting issues with the proposed use of the assessed standard. Method: The software safety and security standards with which we are concerned require evidence and discuss the objectives of that evidence. Our method is to capture a standard's evidence and objectives as an argument supporting the desired conclusion and to subject this argument to logical criticism. We have evaluated our method by case study application to the Common Criteria standard. Results: We were able to capture and criticise an argument from the Common Criteria standard. Review revealed 121 issues with the analysed use of the standard. These range from vagueness in its text to failure to require evidence that would substantially increase confidence in the security of evaluated software. Conclusion: Our method was feasible and revealed interesting issues with using a Common Criteria evaluation to support a conclusion of adequate software security. Considering the structure of similar assurance standards, we see no reason to believe that our method will not prove similarly valuable in other applications. © 2013 Elsevier B.V. All rights reserved.

Ämnesord och genrebeteckningar

Assessing standards
Assurance arguments
Common Criteria
Safety standards
Security standards

Biuppslag (personer, institutioner, konferenser, titlar ...)

Kelly, T. P.University of York (författare)
Mälardalens högskolaAkademin för hälsa, vård och välfärd (creator_code:org_t)

Sammanhörande titlar

Ingår i:Information and Software Technology: Elsevier BV55:9, s. 1551-15620950-58491873-6025

Internetlänk

Hitta via bibliotek

Information and Software Technology (Sök värdpublikationen i LIBRIS)

Till lärosätets databas

1 av 1
Föregående post
Nästa post
Till träfflistan

Hitta mer i SwePub

Av författaren/redakt...: Graydon, Patrick; Kelly, T. P.

Artiklar i publikationen: Information and ...

Av lärosätet: Mälardalens universitet

Sök utanför SwePub

Sök vidare i:: Google; Google Book Search; Google Scholar

Kungliga biblioteket hanterar dina personuppgifter i enlighet med EU:s dataskyddsförordning (2018), GDPR. Läs mer om hur det funkar här.
Så här hanterar KB dina uppgifter vid användning av denna tjänst.

LIBRIS.kb.se