CHAPTER
21 Assuring Cybersecurity: Getting It Right
Overview
• 21.1 Cybersecurity Functionality Without Assurance Is Insecure
• 21.2 Treat Cybersecurity Subsystems as Critical Systems
• 21.3 Formal Assurance Arguments
• 21.3.1 Cybersecurity Requirements
• 21.3.2 Formal Security Policy Model
• 21.3.3 Formal Top-Level Specification
• 21.3.4 Security-Critical Subsystem Implementation
• 21.4 Assurance-in-the-Large and Composition
• 21.4.2 Trustworthiness Dependencies
• 21.4.3 Avoiding Dependency Circularity
• 21.4.4 Beware of the Inputs, Outputs, and Dependencies
• 21.4.5 Violating Unstated Assumptions
Learning Objectives
• Relate assurance and functionality to overall cybersecurity properties. ...
Get Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.