A Security Property Decomposition Argument Pattern for Structured Assurance Case Models

ABSTRACTDemonstrating that a system satisfies a complete, adequate, and consistent set of security requirements to protect its critical assets is an essential aspect of security evaluation and assurance. Arguing that each of the security properties for a given system is satisfied and supported by evidence is a requirement for presenting an effective and compelling security assurance argument. The decomposition of a security assurance case to support this argumentation can be challenging as different systems have different security objectives and, consequently, different security requirements. In this paper, we propose a security assurance argument pattern called Security Property Decomposition. This pattern is extracted by studying existing security assurance case models and their decomposition to argue the satisfaction of security properties such as confidentiality, integrity, and availability. It also considers the requirements prescribed by several prominent security standards for developing secure and trustworthy systems in different application domains. As a result, the Security Property Decomposition pattern can be instantiated in the context of different application domains to demonstrate that the security requirements related to the functionality of the system have been adequately satisfied as part of a structured security assurance case. To illustrate the applicability of the proposed pattern, we present an application of the pattern demonstrating compliance with a relevant security standard in the automotive domain.