Our recent paper “Formal Model-Based Argument Patterns for Security Cases” is now available online! This paper proposes an approach to constructing security assurance cases using formal methods. The proposed approach involves the following three steps: (1) decomposing security requirements and deriving security threats; (2) formalizing the system model and security threats; and (3) deriving the security argument patterns supported by the results of the formal verification of the security requirements. We apply the patterns to build security cases of an autonomous drone case study system.
This work is the result of a collaboration with with colleagues at IRIT and CEA List. It was presented at the 28th European Conference on Pattern Languages of Programs (EuroPLoP 2023) in July 2023. See Publications for more details!