As the complexity of computer systems increases, assuring safety and security is significant. The authors aim to construct a new development methodology CC-Case that can assure the demands of... Show More

As the complexity of computer systems increases, assuring safety and security is significant. The authors aim to construct a new development methodology CC-Case that can assure the demands of complex systems, including IoT and AI, using safety and security technologies in an integrated manner. As a central framework of CC-Case, this manuscript shows requirements extraction by STAMP/STPA extension to safety and security (STAMP S & S) and assurance using GSN divided into a logical model and a concrete model. STAMP S & S makes it possible to model requirements based on system theory and extract more comprehensive safety and security requirements in a single model diagram. Besides, the GSN defines the overall picture of the assurance and verifies and validates the hazards and threats extracted by STAMP S & S. This paper presents the procedures of CC-Case with STAMP, GSN, and show examples of level 3 autonomous driving.

Goal structuring notation (GSN) is widely used in safety cases and other methods for assuring reliability. Demonstrating the fulfillment of a claim in the GSN requires that its achievement be... Show More

Goal structuring notation (GSN) is widely used in safety cases and other methods for assuring reliability. Demonstrating the fulfillment of a claim in the GSN requires that its achievement be interpreted logically and structurally by the reader. This study proposes a typical pattern of interpreting these structural interpretations. Furthermore, the proposed patterns were verified for their application to actual GSN samples, and the applicability of these patterns was validated. In addition, these patterns were compared with the existing use of the so-called multi-legged arguments, and the differences between them were shown. Moreover, some of the proposed patterns show that there is a difference in the degree of certainty in the achievement of the converted claim, which indicates achievement of the claim from which it is derived.

When deciding and evaluating system security strategies, there is a trade-off relationship between security assuring effect and constraint condition, which has been revealed by many qualitative... Show More

When deciding and evaluating system security strategies, there is a trade-off relationship between security assuring effect and constraint condition, which has been revealed by many qualitative security assurance methods. However, the existing methods cannot be used to make quantitative analysis on security assurance and constraint conditions to support project managers and system engineers to decide system development strategies. Therefore, a quantitative method which can consider both security strategies and constraints is necessary. This paper proposes a semi-automatic, quantitative system security assurance approach for developing security requirement and security assurance cases by extending the traditional GSN (goal structuring notation). Next, two greedy algorithms for quantitative system security assurance are implemented and evaluated. In addition, a case study and an experiment are carried out to verify the effectiveness and efficiency of the proposed approach and the proposed algorithms.

This research considers the common understanding of proof-of-concept (PoC) projects developing AI service systems between business and IT divisions. The authors propose an enterprise architecture... Show More

This research considers the common understanding of proof-of-concept (PoC) projects developing AI service systems between business and IT divisions. The authors propose an enterprise architecture (EA)-based project assurance model for the PoC of AI service systems, and represented elements of the developed application, development processes, and project goals with relations in the model. The proposed model provides two views, the “Why-What-Who View” representing the relationships between goals, processes and actors, and “Who-What-How View” representing the relationships between actors, processes and applications. Through these views, this paper shows that project members can understand the development activities in which they are involved, and the impact or significance of each activity on the project, and the project goal is assured by executing each activity in the process. Through a case study the authors show that one can use the proposed model as a reference model when proposing and executing AI service system development projects.

Assurance case helps analyze the system dependability, but the relationships between system elements and assurance case are generally not clearly defined. In order to make system assurance more... Show More

Assurance case helps analyze the system dependability, but the relationships between system elements and assurance case are generally not clearly defined. In order to make system assurance more intuitive and reliable, this paper proposes an approach that clearly defines the relationships between safety issues and system elements and integrates them using ArchiMate. Also, the proposed method applies model checking to system safety assurance, and the checking results are regarded as evidence of assurance cases. This method consists of four steps: interaction visualization, processes model checking, assurance case creation, and composite safety assurance. The significance of this work is that it provides a formalized procedure for safety-critical system assurance, which could increase the confidence in system safety. It would be expected to make the safety of a system easier to explain to third parties and make the system assurance more intuitive and effective. Also, a case study on an automatic driving system is carried out to confirm the effectiveness of this approach.