TY - GEN
T1 - Dynamic Checks of Evidence Models for Assurance Projects in Eclipse OpenCert
AU - Martinez, Jabier
AU - Varela-Vaca, Ángel Jesús
N1 - Publisher Copyright:
© 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.
PY - 2022
Y1 - 2022
N2 - The modelling of regulatory frameworks and industry standards, including their argumentation and expected evidence, are used during assurance processes to demonstrate the compliance of systems. However, this is handled mainly in a static fashion, and using these models for dynamic evidence checking along the system life-cycle, including operation (checking the model at runtime), is not yet mainstream. This preliminary work shows a tool-supported modelling method for the automatic and dynamic evaluation of evidence. The solution is supported by an Eclipse OpenCert tool extension where the capabilities of evidence models are extended with automatic checks. The user monitoring the assurance project receives alerts when evidence are unsatisfied. It also exports a continuous log of these checks using the XES standard to enable traceability and historical creation of passing and failing checks for analysis and auditing purposes. While some evidence checks are generic, the diversity of checking processes required our solution to be extensible.
AB - The modelling of regulatory frameworks and industry standards, including their argumentation and expected evidence, are used during assurance processes to demonstrate the compliance of systems. However, this is handled mainly in a static fashion, and using these models for dynamic evidence checking along the system life-cycle, including operation (checking the model at runtime), is not yet mainstream. This preliminary work shows a tool-supported modelling method for the automatic and dynamic evaluation of evidence. The solution is supported by an Eclipse OpenCert tool extension where the capabilities of evidence models are extended with automatic checks. The user monitoring the assurance project receives alerts when evidence are unsatisfied. It also exports a continuous log of these checks using the XES standard to enable traceability and historical creation of passing and failing checks for analysis and auditing purposes. While some evidence checks are generic, the diversity of checking processes required our solution to be extensible.
KW - Dynamic check
KW - Reference frameworks
KW - Safety
KW - Security
UR - http://www.scopus.com/inward/record.url?scp=85139010244&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-14862-0_12
DO - 10.1007/978-3-031-14862-0_12
M3 - Conference contribution
AN - SCOPUS:85139010244
SN - 9783031148613
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 158
EP - 165
BT - Computer Safety, Reliability, and Security. SAFECOMP 2022 Workshops - DECSoS, DepDevOps, SASSUR, SENSEI, USDAI, and WAISE, Proceedings
A2 - Trapp, Mario
A2 - Schoitsch, Erwin
A2 - Guiochet, Jérémie
A2 - Bitsch, Friedemann
PB - Springer Science and Business Media Deutschland GmbH
T2 - Workshops on DECSoS, DepDevOps, SASSUR, SENSEI, USDAI, and WAISE, held in conjunction with the 41st International Conference on Computer Safety, Reliability, and Security, SAFECOMP 2022
Y2 - 6 September 2022 through 9 September 2022
ER -