search menu icon-carat-right cmu-wordmark

Evidence of Assurance: Laying the Foundation for a Credible Security Case

August 2013 White Paper
Charles B. Weinstock, Howard F. Lipson

In this paper, the authors provide examples of several of the kinds of evidence that can contribute to a security case.

Publisher:

CERT

Abstract

A security case bears considerable resemblance to a legal case, and demonstrates that security claims about a given system are valid. Persuasive argumentation plays a major role, but the credibility of the arguments and of the security case itself ultimately rests on a foundation of evidence. This article describes and gives examples of several of the kinds of evidence that can contribute to a security case. Our main focus is on how to understand, gather, and generate the kinds of evidence that can build a strong foundation for a credible security case.