Applying and Maintaining Security Assurance Cases in the Medical Domain: A Case Study at AstraZeneca
Examensarbete för masterexamen
As there are constant innovations within the medical field, it should come as no surprise that software is often included in new medical technology. Concurrent with this, there are also actors who for different reasons want to gain access to, or to use a product in malicious ways. As their actions may have serious effects on end user safety there are strict regulations, such as ISO 14971, that these products need to comply with. One way for companies to show compliance with these regulations is through detailed documentation. Security Assurance Cases, is a structured argument used for documenting the security of a system through the use of claims supported by evidence. CASCADE is an approach for creating such cases, which introduces a block based methodology, with an emphasis on arguing quality for the supplied evidence, as well as arguing completeness for the decomposition of claims. While the CASCADE approach was developed in close collaboration with the automotive industry, a knowledge transfer to the medical domain might be possible, as they are both safety critical domains with security critical systems. To investigate this, a case study at AstraZeneca was performed, which utilized interviews, focus groups and a regulatory documentation analysis. These showed significant overlap between the requirements in the medical domain and the properties of CASCADE. However, they also showed the need for CASCADE to incorporate patient safety to some degree. An incorporation method found was through the use of risk assessment matrix ratings as these are already used for similar purposes in the domain. As software is continuously evolving and any changes made to a system will require a reevaluation of the associated assurance case in order for it to be up to date. Such a process is not yet included in agile work approaches, however the hypothetical inclusion has been found feasible mainly through the addition of a role responsible for ensuring that the Security Assurance Case (SAC) is updated before the feature begins development, and before the feature is released, utilizing input from other roles involved in system development. All things considered, this study has found CASCADE a beneficial and potentially desirable tool for complying with several requirements posed in the medical domain given that traceability to safety related risks is provided. It has also been concluded that the iterative process at the case company can host a maintainability mechanism for CASCADE but that lack of knowledge among the practitioners involved might require the introduction of a new role.
security assurance cases , medical domain , SAC , CASCADE , case study , maintainability , knowledge transfer