Deriving model-based safety and security assurance cases from design rationale of countermeasure patterns

Cyber-physical Systems are computerized systems that control mechanical parts. These systems have to be both, safe and secure. Established safety and security standards therefore mandate the creation of assurance cases (ACs) which argue that the system is safe and secure, i.e., that all safety and security goals have been achieved. However, in practice, safety and security teams often work separated and ACs are usually created late in the development in a manual manner. In addition to the high effort required to reconstruct taken design decisions, this approach leads to conflicts being found late, when changes are hardly possible. As engineers often make use of mitigation strategies and countermeasure patterns to achieve the stated safety and security goals, I propose an approach to augment these patterns with additional design rationale and AC fragments to support the creation of complete ACs in a semi-Automatic manner. With this approach, I want to pave the way towards an integrated Safety & Security by Design process by bringing together safety and security experts in early stages of the development. This objective shall be achieved by allowing them to work on a common design rationale, which shall further be re-used to automatically derive ACs. Thereby, the manual effort of AC creation is reduced and the susceptibility to errors is decreased.