Loading [a11y]/accessibility-menu.js
A Software Security Case Developing Method Based on Hierarchical Argument Strategy | IEEE Conference Publication | IEEE Xplore

Scheduled Maintenance: On Tuesday, May 20, IEEE Xplore will undergo scheduled maintenance from 1:00-5:00 PM ET (6:00-10:00 PM UTC). During this time, there may be intermittent impact on performance. We apologize for any inconvenience.

Subscribe
ADVANCED SEARCH
Conferences >2017 IEEE International Confe...

A Software Security Case Developing Method Based on Hierarchical Argument Strategy

PDF
 << Results  
Biao Xu; Minyan Lu; Dajian Zhang
All Authors

Abstract:

Security cases-which document the rationale for believing that a system is adequately secure-have not been sufficiently used for a lack of practical construction method. ...Show More

Metadata

Abstract:

Security cases-which document the rationale for believing that a system is adequately secure-have not been sufficiently used for a lack of practical construction method. This paper presents a hierarchical software security case development method to address this issue. We present a security concept relationship model first, then come up with a hierarchical asset-threat-control measure argument strategy, together with the consideration of an asset classification and threat classification for software security case. Lastly, we propose 11 software security case patterns and illustrate one of them.
Published in: 2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C)
Date of Conference: 25-29 July 2017
Date Added to IEEE Xplore: 10 August 2017
ISBN Information:
DOI: 10.1109/QRS-C.2017.124
Conference Location: Prague, Czech Republic
Contents

I. Introduction

Assurance case in safety domain has been studied extensively for years, but the application of assurance case technology to security has been explored far less thoroughly [1], [2]. Although researches on software security case have made some progress [3]–[10], there has been a limited use of security case so far, partly because that the details of argument construction strategy are not clear enough and the corresponding security case patterns are not adequate.

  Back to Results  
Contact IEEE to Subscribe
More Like This
Software Reliability, Safety and Security

2005 IEEE Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications

Published: 2005

Does software reliability engineering (SRE) offer any benefits to mobile code's security woes?

Proceedings Ninth International Symposium on Software Reliability Engineering (Cat. No.98TB100257)

Published: 1998

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.