iic security: trustworthiness and assurance martin.pdfevidence of trustworthiness as assurance cases...
TRANSCRIPT
IIC Security:Trustworthiness and AssuranceRobert A. MartinThe MITRE CorporationIndustrial Internet Consortium
September 2017
© 2017 MITRE. All rights reserved, all other material used with permission. Approved for Public Release; Distribution Unlimited. Case Number 17-3226-002
TRUSTWORTHY SYSTEMS
© 2017 MITRE. All rights reserved, all other material used with permission. Approved for Public Release; Distribution Unlimited. Case Number 17-3226-002
Perspectives on Trustworthiness
Acquirer
• How do I express requirements?
• Will it work they way it should?
RegulatorIs it safe?
Community• Do I want this in my
backyard?
• Can I count on it?
Patron• Is it safe?
• Should I use it?
• Can I count on it?
Insurer
How do I underwrite?
Operator• How do I use this?
• Can I trust it?
• Am I responsible if it makes a mistake?
Creator• How should I design
and build?
• Will I be liable for problems?
Commander/Supervisor• Can I reliably use in
operations?
• What changes operationally?
ResearcherWhat technology is needed to ensure trust?
© 2017 MITRE. All rights reserved, all other material used with permission. Approved for Public Release; Distribution Unlimited. Case Number 17-3226-002
Claims, Arguments, and Evidence
Evidence = required documentation
Claim
Claim Claim
Argument Argument
Evidence Evidence
Argument = how evidence supports claim
Claim = assertion to be proven
© 2017 MITRE. All rights reserved, all other material used with permission. Approved for Public Release; Distribution Unlimited. Case Number 17-3226-002
Safety Case Tooling –Claims-Evidence-Argument in Use for <17 Years
© 2017 MITRE. All rights reserved, all other material used with permission. Approved for Public Release; Distribution Unlimited. Case Number 17-3226-002
OMG Structured Assurance Case MetaModel
Exchange and Composition of Assurance Cases between tools and programs
© 2017 MITRE. All rights reserved, all other material used with permission. Approved for Public Release; Distribution Unlimited. Case Number 17-3226-002
Interaction and relations
Security Privacy SafetyReliabilityResilience
The Key System Characteristics of Trustworthiness as a Quality Measure
0
0.2
0.4
0.6
0.8
1
Security
Privacy
ResilienceReliability
Safety
Vertical Customer
Trustworthiness Measure
• Industrial IoT Quality is a continuum of
system characteristics within a context• OT Safety (IEC 62443*) meets IT Security (ISO 27000*)
• Privacy (GDPR*), Resilience (ISO*, IEC*), Reliability
(NIS*) are quality features in both OT and IT
• Determine and ensure quality measures per vertical, e.g.
audit, certification
* examples
© 2017 MITRE. All rights reserved, all other material used with permission. Approved for Public Release; Distribution Unlimited. Case Number 17-3226-002
Interaction and relations
Security Privacy SafetyReliabilityResilience
Composition of a Trustworthiness Quality Measure
0
0.5
1Art 1
Art 2
Art 3Art 4
Art 4
EU: NIS
UK: … (after Brexit)
US: ...
CN: ()
JP: analog NIS
…
Reliability*
0
0.1
0.2
0.3
0.4Art 88
Art 99
Art 111
Art 222
EU: GDPR
UK: … (after Brexit)
US: …
CN: ()
JP: analog GDPR
…
Privacy*
0
1
2
3
4SL
REQ A
REQ B
REQ CREQ D
…
REQ N
Safety*EU: IEC 61508/62626
UK: … (after Brexit)
US: IEC 61508
CN: ()
JP: IEC 61508
…
* examples
0
10
20
30
40Art1
Art2
Art3
Art4Art5
Art6
Art7
Security*
0
20
40
60Art1
Art2
Art3
Art4
Art5
Art7
Resilience*
© 2017 MITRE. All rights reserved, all other material used with permission. Approved for Public Release; Distribution Unlimited. Case Number 17-3226-002
Evidence of Trustworthiness as Assurance Cases
0
1
2
3
4SL
REQ A
REQ B
REQ CREQ D
…
REQ N
0
0.1
0.2
0.3
0.4Art 88
Art 99
Art 111
Art 2220
0.5
1Art 1
Art 2
Art 3Art 4
Art 4
EU: NIS
UK: … (after Brexit)
US: ...
CN: ()
JP: analog NIS
…
Reliability*EU: GDPR
UK: … (after Brexit)
US: …
CN: ()
JP: analog GDPR
…
Privacy* Safety*EU: IEC 61508/62626
UK: … (after Brexit)
US: IEC 61508
CN: ()
JP: IEC 61508
…
0
10
20
30
40Art1
Art2
Art3
Art4Art5
Art6
Art7
Security*
01020304050
Art1
Art2
Art3
Art4
Art5
Art7
Resilience*
Evidence-based
Assurance Case
supporting
Resilience
claims
Evidence-based
Assurance Case
supporting
Reliability claims
Evidence-based
Assurance Case
supporting
Security claims
Evidence-based
Assurance Case
supporting
Privacy claims
Evidence-based
Assurance Case
supporting
Safety claims* examples
© 2017 MITRE. All rights reserved, all other material used with permission. Approved for Public Release; Distribution Unlimited. Case Number 17-3226-002
TRUSTWORTHINESS MANAGEMENT CONSIDERATIONS
Evidence-based Assurance Case supporting Trustworthiness claims
© 2017 MITRE. All rights reserved, all other material used with permission. Approved for Public Release; Distribution Unlimited. Case Number 17-3226-002
TRUST RELATIONSHIP BETWEEN COMPONENT BUILDERS
© 2017 MITRE. All rights reserved, all other material used with permission. Approved for Public Release; Distribution Unlimited. Case Number 17-3226-002
© 2017 MITRE. All rights reserved, all other material used with permission. Approved for Public Release; Distribution Unlimited. Case Number 17-3226-002