CASUS: Building Security Assurance Cases in Automotive Open Systems
| Reference number | |
| Coordinator | Göteborgs universitet - Data- och informationsteknik |
| Funding from Vinnova | SEK 3 200 000 |
| Project duration | November 2017 - November 2022 |
| Status | Completed |
| End-of-project report | 2017-03071sv.pdf(pdf, 228 kB) (In Swedish) |
Purpose and goal
The goal of the project was to help project manager ensure that a product is cyber-secure enough to be released to the consumer market. The project has investigated what such an assurance needs to consist of and how it should be structured so that it can be easily created, understood and maintained. A study of the current state of research has been carried out as well as interviews at companies to understand the business interest in "cybersecurity assurance cases" to complement the product release perspective.
Expected results and effects
Studies of the current state of research as well as exploratory testing of various concepts have led to a structure for cybersecurity assurance cases centered on assets worth protecting. Cybersecurity assurance cases include the argumentation and evidence needed to ensure that is cyber-secure enough to be released to the market and can be used to plan. The project has partially achieved the quantitative goal of increasing the maturity level from "feasibility" to "application in real vehicle projects".
Planned approach and implementation
The project has been a collaboration between academia and industry where mainly a doctoral student from GU has the full-time contribution and several different participants from industry the contribution to academic articles. Otherwise, the work has been planned and carried out according to a traditional plan with a focus on deliverables, which in this case consist of reports. Dissemination of the results has been done through academic articles and conferences. Regional forums have also been used to spread awareness in an industrial context.