CASUS: Building Security Assurance Cases in Automotive Open Systems

The vehicle industry is going from traditionally isolated to open systems. As vehicles continuously increase their connectivity to the surrounding world, becoming part of the Internet of Things, exposure becomes potentially world-wide and attacks may happen with speed and scale not possible before.
Adopting secure development techniques provides organizations with a generic level of assurance against the above-mentioned attacks. The key research question at the core of this project is, however, how a project manager can get precise assurance based on material, project-specific evidence that a system being developed is secure enough and can be released.

The goal is to provide managers with a tool to make go/no-go security decisions on product delivery. Such decisions are currently based on experience and intuition, while we aim at supporting evidence-based decisions. The key contribution of this projects is a methodology to build security assurance cases.

Partner organizations

  • Volvo Cars (Private, Sweden)
  • Volvo Group (Private, Sweden)
Start date 01/11/2017
End date 31/12/2021

Published: Thu 31 May 2018.