research-article

Public Access

Resolute assurance arguments for cyber assured systems engineering

Authors:

Isaac Amundson,

Darren CoferAuthors Info & Claims

Destion '21: Proceedings of the Workshop on Design Automation for CPS and IoT

Pages 7 - 12

https://doi.org/10.1145/3445034.3460507

Published: 18 May 2021 Publication History

Abstract

Resolute is a tool and language for embedding an assurance argument in a system architecture model and evaluating the validity of the associated evidence. In this paper we report on a number of extensions to Resolute that support systems engineers in developing safe and cyber-resilient systems. System requirements are imported as assurance goals to be satisfied. Architectural transforms are applied to the system model to address these requirements, while corresponding assurance strategies and evidence are automatically added to document how the requirements have been satisfied. Subsequent changes to the model that invalidate any of the assurance claims can be detected and corrected. We also use Resolute to check that the model satisfies rules for code generation and other modeling guidelines. We conclude with an application of the Resolute assurance process to the design of a mission planning system for an unmanned air vehicle.

References

[1]

Anaheed Ayoub, BaekGyu Kim, Insup Lee, and Oleg Sokolsky. 2012. A Safety Case Pattern for Model-Based Development Approach. 141--146.

[2]

Darren D. Cofer, Andrew Gacek, John Backes, Michael W. Whalen, Lee Pike, Adam Foltzer, Michal Podhradsky, Gerwin Klein, Ihor Kuz, June Andronick, Gernot Heiser, and Douglas Stuart. 2018. A Formal Approach to Constructing Secure Air Vehicle Software. Computer 51, 11 (2018), 14--23.

Digital Library

[3]

E. Denney and G. Pai. 2013. A Formal Basis for Safety Case Patterns. In Proceedings of the 2013 International Conference on Computer Safety, Reliability and Security (SAFECOMP) (Toulouse, France).

[4]

Ewen Denney and Ganesh Pai. 2018. Tool Support for Assurance Case Development. Automated Software Engineering 25 (09 2018).

[5]

Andrew Gacek, John Backes, Darren D. Cofer, Konrad Slind, and Mike Whalen. 2014. Resolute: an assurance case language for architecture models. In Proceedings of the 2014 ACM SIGAda annual conference on High integrity language technology, HILT 2014, Portland, Oregon, USA, October 18--21, 2014, Michael Feldman and S. Tucker Taft (Eds.). ACM, 19--28.

Digital Library

[6]

P. Graydon, J. Knight, and E. Strunk. 2007. Assurance Based Development of Critical Systems. In 2007 International Symposium on Dependable Systems and Networks (DSN) (Edinburgh, Scotland).

[7]

HAMR 2021. High Assurance Modeling and Rapid engineering for embedded systems. Retrieved Feb 26, 2021 from http://sireum.hamr.org

[8]

R. Hawkins, K. Clegg, R. Alexander, and T. Kelly. 2011. Using a Software Safety Argument Pattern Catalogue: Two Case Studies. In Proceedings of the 2011 International Conference on Computer Safety, Reliability and Security (SAFECOMP).

[9]

T. Kelly and J. McDermid. 1997. Safety case construction and reuse using patterns. In Proceedings of the 1997 International Conference on Computer Safety, Reliability, and Security (SAFECOMP).

[10]

Derek B. Kingston, Steven Rasmussen, and Laura R. Humphrey. 2016. Automated UAV tasks for search and surveillance. In 2016 IEEE Conference on Control Applications, CCA 2016, Buenos Aires, Argentina, September 19--22, 2016. IEEE, 1--8.

[11]

Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, Thomas Sewell, Harvey Tuch, and Simon Winwood. 2009. seL4: formal verification of an OS kernel. In Proceedings of the 22nd ACM Symposium on Operating Systems Principles 2009, SOSP 2009, Big Sky, Montana, USA, October 11--14, 2009, Jeanna Neefe Matthews and Thomas E. Anderson (Eds.). ACM, 207--220.

Digital Library

[12]

Robert Laddaga, Paul Robertson, Howard E. Shrobe, Dan Cerys, Prakash Manghwani, and Patrik Meijer. 2019. Deriving Cyber-security Requirements for Cyber Physical Systems. CoRR abs/1901.01867 (2019). arXiv:1901.01867 http://arxiv.org/abs/1901.01867

[13]

Mitchell D. Patten, T. and C. Call. 2020. Cyber Attack Grammars for Risk-Cost Analysis. In Proceedings of the 15th International Conference on Cyber Warfare and Security. Norfolk, VA.

[14]

SAE. 2009. Architecture Analysis and Design Language (AADL). Technical Report AS-5506. SAE International. https://www.sae.org/standards/content/as5506a/

[15]

SCSC-141B. 2011. Goal Structuring Notation Community Standard (Version 2). The Assurance Case Working Group.

[16]

Konrad Slind. 2020. Take a Seat: Security-Enhancing Architecture Transforms. In Proceedings of the 20th High Confidence Software and Systems Conference. https://cps-vo.org/hcss2020/slind

[17]

L. Sun, O. Lisagor, and T. Kelly. 2011. Justifying the Validity of Safety Assessment Models with Safety Case Patterns. In Proceedings of the 6th IET System Safety Conference (Birmingham, UK).

[18]

Michael W. Whalen, Andrew Gacek, Darren D. Cofer, Anitha Murugesan, Mats Per Erik Heimdahl, and Sanjai Rayadurgam. 2013. Your "What" Is My "How": Iteration and Hierarchy in System Design. IEEE Softw. 30, 2 (2013), 54--60.

Digital Library

Cited By

Hasan SAmundson IHardin D(2024)Zero-trust design and assurance patterns for cyber–physical systemsJournal of Systems Architecture10.1016/j.sysarc.2024.103261155(103261)Online publication date: Oct-2024
https://doi.org/10.1016/j.sysarc.2024.103261
Hasan SAmundson IHardin DHasan SAmundson IHardin D(2023)Zero Trust Architecture Patterns for Cyber-Physical SystemsSAE Technical Paper Series10.4271/2023-01-1001Online publication date: 14-Mar-2023
https://doi.org/10.4271/2023-01-1001
Belt JHatcliff JRobby Shackleton JCarciofini JCarpenter TMercer EAmundson IBabar JCofer DHardin DHoech KSlind KKuz IMcleod K(2023)Model-driven development for the seL4 microkernel using the HAMR frameworkJournal of Systems Architecture: the EUROMICRO Journal10.1016/j.sysarc.2022.102789134:COnline publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1016/j.sysarc.2022.102789
Show More Cited By

Recommendations

Resolute: an assurance case language for architecture models
HILT '14

Arguments about the safety, security, and correctness of a complex system are often made in the form of an assurance case. An assurance case is a structured argument, often represented with a graphical interface, that presents and supports claims about ...
Combining GSN and STPA for Safety Arguments
Computer Safety, Reliability, and Security
Abstract
Dependability case, assurance case, or safety case is employed to explain why all critical hazards have been eliminated or adequately mitigated in mission-critical and safety-critical systems. Goal Structuring Notation (GSN) is the most employed ...
Resolute: an assurance case language for architecture models
HILT '14: Proceedings of the 2014 ACM SIGAda annual conference on High integrity language technology

Arguments about the safety, security, and correctness of a complex system are often made in the form of an assurance case. An assurance case is a structured argument, often represented with a graphical interface, that presents and supports claims about ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

Destion '21: Proceedings of the Workshop on Design Automation for CPS and IoT

May 2021

41 pages

ISBN:9781450383165

DOI:10.1145/3445034

Conference Chair:
Qi Zhu
Northwestern University
,
Program Chairs:
Abhishek Dubey
Vanderbilt University
,
Alessandro Pinto
Raytheon Technologies

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGBED: ACM Special Interest Group on Embedded Systems

In-Cooperation

IEEE Signal Processing Society
IEEE CS

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 May 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Defense Advanced Research Projects Agency

Conference

CPS-IoT Week '21

Sponsor:

SIGBED

CPS-IoT Week '21: Cyber-Physical Systems and Internet of Things Week 2021

May 18, 2021

Tennessee, Nashville

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
162
Total Downloads

Downloads (Last 12 months)56
Downloads (Last 6 weeks)9

Reflects downloads up to 12 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Hasan SAmundson IHardin D(2024)Zero-trust design and assurance patterns for cyber–physical systemsJournal of Systems Architecture10.1016/j.sysarc.2024.103261155(103261)Online publication date: Oct-2024
https://doi.org/10.1016/j.sysarc.2024.103261
Hasan SAmundson IHardin DHasan SAmundson IHardin D(2023)Zero Trust Architecture Patterns for Cyber-Physical SystemsSAE Technical Paper Series10.4271/2023-01-1001Online publication date: 14-Mar-2023
https://doi.org/10.4271/2023-01-1001
Belt JHatcliff JRobby Shackleton JCarciofini JCarpenter TMercer EAmundson IBabar JCofer DHardin DHoech KSlind KKuz IMcleod K(2023)Model-driven development for the seL4 microkernel using the HAMR frameworkJournal of Systems Architecture: the EUROMICRO Journal10.1016/j.sysarc.2022.102789134:COnline publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1016/j.sysarc.2022.102789
Mercer ESlind KAmundson ICofer DBabar JHardin D(2023)Synthesizing verified components for cyber assured systems engineeringSoftware and Systems Modeling (SoSyM)10.1007/s10270-023-01096-322:5(1451-1471)Online publication date: 21-Mar-2023
https://dl.acm.org/doi/10.1007/s10270-023-01096-3
Cofer DAmundson IBabar JHardin DSlind KAlexander PHatcliff JRobby Klein GLewis CMercer EShackleton J(2022)Cyberassured Systems Engineering at ScaleIEEE Security & Privacy10.1109/MSEC.2022.315173320:3(52-64)Online publication date: May-2022
https://doi.org/10.1109/MSEC.2022.3151733
Mercer ESlind KAmundson ICofer DBabar JHardin D(2021)Synthesizing Verified Components for Cyber Assured Systems Engineering2021 ACM/IEEE 24th International Conference on Model Driven Engineering Languages and Systems (MODELS)10.1109/MODELS50736.2021.00029(205-215)Online publication date: Oct-2021
https://doi.org/10.1109/MODELS50736.2021.00029
Hartsell CMahadevan NDubey AKarsai G(2021)Automated Method for Assurance Case Construction from System Design Models2021 5th International Conference on System Reliability and Safety (ICSRS)10.1109/ICSRS53853.2021.9660735(230-239)Online publication date: 24-Nov-2021
https://doi.org/10.1109/ICSRS53853.2021.9660735

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents