Trust Case Templates to Support Standards Conformity Achievement and Assessment

Objectives:

To specialize Trust-IT approach to support standards conformity by application of argument templates and argument apraisal.

Contact:

The contact for this research project is here.

PhD Thesis:

The research project has been summarized in a PhD thesis presented at the Gdansk University of Technology in 2008.

Łukasz Cyra:
"A Method of Trust Case Templates to Support Standards Conformity Achievement and Assessment"
(The Polish title: "Metoda szablonów dowodowych do wspomagania osiągania i oceny zgodności z wybranymi standardami”)
Download PDF (2.7 MB)

Rationale:

Compliance and conformity achievement and assessment involve significant cost in contemporary economies. Despite the importance of the subject the tool support given to conformity achievement and assessment processes is rather poor. In particular, the techniques applied to assess conformity are mostly restriced to binary assessment of the fulfillment of particular requirements of a standard and the final decision on the conformance is besed on simple calculations made on these assessments.

This project aims to investigate: (1) to which extent argument templates can be used to represent conformance argument structure, and (2) to investigate how Dempster-Shaffer belief functions can be used to support assessment of the 'compelling power' of conformance arguments

Approach:

The following were the basic observations formin the base for this project:

  1. The proposed solution is based on the observation that assessing and/or achieving conformity with a standard mainly involves producing and gathering conformity demonstrating evidence and then presenting it in a way which leaves no doubt about fulfilment of the requirements of a standard. Therefore, conformity demonstration can be treated as creation of an appropriate argument. Trust-IT was chosen as a methodology of argument structures creation. It was adjusted to support the demonstration of conformity with standards by identification of common argument structures and their representation in the form of a template. Such templates can be derived from the contents of a standard by application of a template derivation procedure.

  2. Each claim of being conformant with a standard is supported by an argument which refers to evidence represented as facts, assumptions or sub-claims. These items of evidence together provide a certain degree of support for a given claim. Mathematical Theory of Evidence (a.k.a. Dempster-Shafer Theory of Evidence) is being applied as the framework for quantitative assessment of the level of this support. The framework involves assigning the degrees of support provided by a claim's items of evidence, aggregating them at a local level, propagating to the upper claim and performing computations to obtain total belief functions of selected claims.

Applicability of the proposed solutions was demonstrated in a number of case studies.

Schedule:

  • The project started in 2004.

  • In 2004-2005 templates for some standards were developed, a prototype of a tool was created and first case studies were performed.

  • In 2006 the final version of the framework was defined.

  • In 2006-2007 the supporting tool was created and a number of case studies and experiments were carried out.

  • In 2008 a PhD thesis summarizing the results of the research was prepared and defended.

Results:

  • Definition of a method of supporting application of standards by developing conformance templates.
  • Conformance templates for selected standards (e.g Common Criteria, ISO/IEC 27001, ISO 14971, etc.)
  • Case studies demonstrating applicability of conformance templates at different stages of achieving and assessing conformity with standards.
  • Definition of a method for quantitative assessment of a 'compelling power' of arguments expressed in accordance with Trust-it methodology.
  • Experimental validation and calibration of the assessment method.
  • Performance of industrial case studies of application of the method.
  • Development of a supp[ortig tool.

Publications:

  1. Ł. Cyra, J. Górski, Supporting Compliance with Safety Standards by Trust Case Templates, The Proceedings of European Safety and Reliability Conference ESREL 2007, Stavenger, Norway, 2007, pp 1367-1374.
  2. Download PDF (304 kB)

  3. Ł. Cyra, J. Górski, Standard Compliance Framework for Effective Requirements Communication, Polish Journal of Environmental Studies, Volume 16 no. 5B, Poland, 2007, pp 312-316.

  4. Ł. Cyra, J. Górski, Supporting Compliance with Security Standards by Trust Case Templates, The Proceedings of International Conference on Dependability of Computer Systems DepCoS RELCOMEX, Szklarska Poreba, Poland, 2007, pp 91-98.

  5. Ł. Cyra, J. Górski, Standards Conformity Framework in Comparison with Contemporary Methods Supporting Standards Application, The Proceedings of International Conference on Dependability of Computer Systems DepCoS-RELCOMEX, Szklarska Poreba, Poland, 2008, pp 95-102.
  6. Download PDF (143 kB)

  7. Ł. Cyra, J. Górski, Common Criteria Utilisation Supported by Trust Case Templates (in Polish: Praca z normą Common Criteria wspomagana szablonami Trust Case), The Proceedings of IV Krajowa Konferencja Technologie Informacyjne, Gdansk, Poland, 2006, Zeszyty Naukowe Wydziału ETI Politechniki Gdańskiej, Gdańsk, Poland, 2006, pp 615-622.

  8. Ł. Cyra, J. Górski, BS 7799 Utilisation Supported by Trust Case Templates (in Polish: Zastosowanie szablonów Trust Case w pracy z normą BS 7799), The Proceedings of X Krajowa Konferencja Zastosowań Kryptografii ENIGMA, Warsaw, Poland, 2006, pp 303-320.

  9. J. Górski, Ł. Cyra, A. Jarzębowicz, J. Miler, Argument Strategies and Patterns of the Trust-IT Framework, The Proceedings of 15th International Multi-Conference Advanced Computer Systems ACS, Miedzyzdroje, Poland, 2008, pp 1-10.

  10. Ł. Cyra, J. Górski, Using Argument Structures to Create a Measurement Plan, Polish Journal of Environmental Studies, Volume 16 no. 5B, Poland, 2007, pp 230-234.

  11. Ł. Cyra, J. Górski, Extending GQM by Argument Structures, Springer, Lecture Notes in Computer Science, Volume 5082, Berlin/Heidelberg, Germany, 2008, pp 26-39.
  12. Download PDF (202 kB)

  13. Ł. Cyra, J. Górski, Expert Assessment of Arguments: a Method and its Experimental Evaluation, The Proceedings of the 27th International Conference on Computer Safety, Reliability and Security SAFECOMP 2008, Newcastle, UK, 2008, Springer, Lecture Notes in Computer Science, Volume 5219, Berlin/Heidelberg, 2008, pp 291-304.
  14. Download PDF (431 kB)

  15. Ł. Cyra, J. Górski, Supporting Expert Assessment of Argument Structures in Trust Cases, The Proceedings of Ninth International Probabilistic Safety Assessment and Management Conference PSAM, Hong Kong, China, 2008, pp 1-9.
  16. Download PDF (138 kB)

  17. Ł. Cyra, J. Górski, An Approach to Evaluation of Arguments in Trust Cases, The Proceedings of International Conference on Dependability of Computer Systems DepCoS-RELCOMEX, Szklarska Poreba, Poland, 2008, pp 103-110.

  18. J. Górski, Ł. Cyra, A. Jarzębowicz, J. Miler, Representing and Appraising Toulmin Model Arguments in Trust Cases, The Proceedings of 8th Workshop on Computational Models of Natural Argument, Patras, Greece, 2008, pp 26-30.

  19. Ł. Cyra, J. Górski, Expert Assessment of Arguments: a Method and its Experimental Evaluation, The Proceedings of the 27th International Conference on Computer Safety, Reliability and Security SAFECOMP 2008, Newcastle, UK, 2008, Springer, Lecture Notes in Computer Science, Volume 5219, Berlin/Heidelberg, 2008, pp 291-304.
  20. Download PDF (431 kB)

  21. Ł. Cyra, J. Górski, Supporting Expert Assessment of Argument Structures in Trust Cases, The Proceedings of Ninth International Probabilistic Safety Assessment and Management Conference PSAM, Hong Kong, China, 2008, pp 1-9.
  22. Download PDF (138 kB)

  23. J. Górski, M. Zagórski: An approach for evaluating trust in IT infrastructures, Proceedings of DepCoS - RELCOMEX 2006 : International Conference on Dependability of Computer Systems, Szklarska-Poręba, Poland 25-27 May, pp. 92-98.

  24. J. Górski, M. Zagórski: Reasoning about trust in IT infrastructures, Proceedings (vol. 1) of ESREL 2005 (European Safety an Reliability Conference), Tri City (Gdynia-Sopot-Gdańsk), Poland, 27-30 June, 2005, pp. 689-695.

  25. J. Górski, Zagórski: Using Dempster-Shafer approach to support reasoning about trust in IT infrastructures, Proceedings of First Warsaw International Seminar on Intelligent Systems, Warsaw, Poland 2004, pp. 39-57.