Lukasz Cyra

Support for argument structures review and assessment

Abstract Argument structures are commonly used to develop and present cases for safety, security and for other properties of systems. Such structures tend to grow excessively, which causes problems with their review and assessment. Two issues are of particular interest: (1) systematic and explicit assessment of the compelling power of an argument, and (2) communication of the result of such an assessment to relevant recipients. The paper presents a solution to these problems. The method of Visual Assessment of Arguments (VAA), being this solution, is based on the Dempster–Shafer theory of evidence applied to the assessment of the strength of arguments, and a visual mechanism of issuing and presenting assessments, supported by the so-called opinion triangle. In the paper we explain theoretical grounding for the method and provide guidance on its application. The results of some validation experiments are also presented.

Expert Assessment of Arguments: A Method and Its Experimental Evaluation

Argument structures are commonly used to develop and present cases for safety, security and other properties. Such argument structures tend to grow excessively. To deal with this problem, appropriate methods of their assessment are required. Two objectives are of particular interest: (1) systematic and explicit assessment of the compelling power of an argument, and (2) communication of the result of such an assessment to relevant recipients. The paper gives details of a new method which deals with both problems. We explain how to issue assessments and how they can be aggregated depending on the types of inference used in arguments. The method is fully implemented in a software tool. Its application is illustrated by examples. The paper also includes the results of experiments carried out to validate and calibrate the method.

Supporting Compliance with Security Standards by Trust Case Templates

Trust cases are used to justify that a given object (a system, an infrastructure, an organization) exhibits certain properties. One of possible applications of trust cases is related to the processes of achieving and demonstrating the compliance with standards. A trust case template derived from a given standard constitutes a skeleton of justification (encompassing evidence and argumentation) of the compliance with the standard. The article explains the notion of trust case templates and provides some details on the template development process and a generic procedure of template application. The applicability of the proposed approach is demonstrated by referring to the results of a case study of evaluating an example (real) system against the BS 7799 security management standard.

Combining testing and proof to gain high assurance in software: A case study

Dynamic software test methods are generally easy to use, but the results only apply to the specific input values tested. Static analysis produces results which are more general, but can require more effort to perform. There are potential benefits in combining both types of techniques because the results obtained can be more general than standalone dynamic testing but less resource-intensive than standalone static analysis. This paper presents a specific example of this approach applied to the verification of continuous monotonic functions. This approach combines a monotonicity analysis with a defined set of tests to demonstrate the accuracy of a software function over its entire input range. Unlike “standalone” dynamic methods, our approach provides full coverage, and guarantees a maximal error. We present a case study of the application of our approach to the analysis and testing of the software-implemented transfer function in a smart sensor. This demonstrated that relatively low levels of effort were needed to apply the approach. We conclude by discussing future developments of this approach.

SCF - A framework supporting achieving and assessing conformity with standards

Standards Conformity Framework (SCF) presented in this paper encompasses methods and tools which provide support for application of standards and other normative documents. The approach taken focuses on development, assessment and maintenance of an electronic document which demonstrates conformity. Such a document contains an argument structure developed in accordance with the Trust-IT methodology. The paper discusses details of the SCF approach, provides the definition of SCF application processes, presents a developed software tool, which supports the method, and reports on the experience collected in numerous projects of application of the framework.

An integrated framework for security protocol analysis

Assurance of security protocols needs particular attention. Flaws in a protocol can devastate security of the applications that rely on it. Analysis of the protocols is difficult and it is recommended that formal methods are employed to provide for higher levels of assurance. However, the formal methods can cover only a part of the scope of the problem. It is important that the formal models are valid representations of the protocol and that the application context is adequately represented. In the paper we present an analytical framework that integrates the object-oriented and formal modeling approaches. Object models are used to capture the relevant aspects of the protocol and its security context and to communicate with the protocol designers. Formal models are applied to verify the protocol security properties. Applicability of the framework was demonstrated by several industrial case studies.

Standards Conformity Framework in Comparison with Contemporary Methods Supporting Standards Application

Achieving and assessing conformity with standards and compliance with various sets of requirements generates significant costs for contemporary economies. Great deal of this is spent on fulfilment of safety and security requirements. However, standards application is not supported sufficiently by the tools available on the market. Therefore, standards conformity framework (SCF) containing methods and tools which provide support for application of standards was proposed. The framework is based on trust case methodology being used to provide arguments demonstrating properties of IT systems. The article describes SCF and shows how it fits into the processes of achieving and assessing conformity. It identifies other methods and tools supporting standards application and compares them with the framework.