search menu icon-carat-right cmu-wordmark

Arguing Security - Creating Security Assurance Cases

July 2013 White Paper
Charles B. Weinstock, Howard F. Lipson, John B. Goodenough

In this paper, the authors explain an approach to documenting an assurance case for system security.

Publisher:

CERT

Abstract

An assurance case is a body of evidence organized into an argument demonstrating that some claim about a system holds, i.e., is assured. An assurance case is needed when it is important to show that a system exhibits some complex property such as safety, security, or reliability. In this article, our objective is to explain an approach to documenting an assurance case for system security, i.e., a security assurance case or, more succinctly, a security case.