Accession Number:

AD1098234

Title:

Evidence of Assurance: Laying the Foundation for a Credible Security Case

Descriptive Note:

Technical Report

Corporate Author:

Carnegie Mellon University Pittsburgh United States

Report Date:

2013-08-01

Pagination or Media Count:

25.0

Abstract:

A security case bears considerable resemblance to a legal case, and demonstrates that security claims about a given system are valid. Persuasive argumentation plays a major role, but the credibility of the arguments and of the security case itself ultimately rests on a foundation of evidence. This article describes and gives examples of several of the kinds of evidence that can contribute to a security case. Our main focus is on how to understand, gather, and generate the kinds of evidence that can build a strong foundation for a credible security case.

Subject Categories:

  • Computer Programming and Software

Distribution Statement:

APPROVED FOR PUBLIC RELEASE