Applying and Maintaining Security Assurance Cases in the Medical Domain: A Case Study at AstraZeneca
Typ
Examensarbete för masterexamen
Program
Publicerad
2022
Författare
Andersson, Adam
Fransson, Max
Modellbyggare
Tidskriftstitel
ISSN
Volymtitel
Utgivare
Sammanfattning
As there are constant innovations within the medical field, it should come as no surprise
that software is often included in new medical technology. Concurrent with this, there
are also actors who for different reasons want to gain access to, or to use a product in
malicious ways. As their actions may have serious effects on end user safety there are strict
regulations, such as ISO 14971, that these products need to comply with. One way for
companies to show compliance with these regulations is through detailed documentation.
Security Assurance Cases, is a structured argument used for documenting the security of
a system through the use of claims supported by evidence. CASCADE is an approach for
creating such cases, which introduces a block based methodology, with an emphasis on
arguing quality for the supplied evidence, as well as arguing completeness for the decomposition
of claims. While the CASCADE approach was developed in close collaboration
with the automotive industry, a knowledge transfer to the medical domain might be possible,
as they are both safety critical domains with security critical systems. To investigate
this, a case study at AstraZeneca was performed, which utilized interviews, focus groups
and a regulatory documentation analysis. These showed significant overlap between the
requirements in the medical domain and the properties of CASCADE. However, they also
showed the need for CASCADE to incorporate patient safety to some degree. An incorporation
method found was through the use of risk assessment matrix ratings as these are
already used for similar purposes in the domain.
As software is continuously evolving and any changes made to a system will require a
reevaluation of the associated assurance case in order for it to be up to date. Such a process
is not yet included in agile work approaches, however the hypothetical inclusion has
been found feasible mainly through the addition of a role responsible for ensuring that the
Security Assurance Case (SAC) is updated before the feature begins development, and before
the feature is released, utilizing input from other roles involved in system development.
All things considered, this study has found CASCADE a beneficial and potentially desirable
tool for complying with several requirements posed in the medical domain given that
traceability to safety related risks is provided. It has also been concluded that the iterative
process at the case company can host a maintainability mechanism for CASCADE but
that lack of knowledge among the practitioners involved might require the introduction of
a new role.
Beskrivning
Ämne/nyckelord
security assurance cases , medical domain , SAC , CASCADE , case study , maintainability , knowledge transfer