The security assurance of computer-based systems that rely on safety and security assurance, such as consistency, durability, efficiency and accessibility, require or need resources. This targets the System-of-home security system quotes of difficulties and concerns that apply similarly to subsystem interactions on a single system and system-as-component interactions on a large information system. This research addresses security and information assurance for safety-critical systems, where security and safety are addressed before going to actual implementation/development phase for component-based systems. For this purpose, require a conceptual idea or strategy that deals with the application logic security assurance issues. This may explore the vulnerability in single component or a reuse of specification in existing logic in component-based system. Keeping in view this situation, we have defined seven concepts of security assurance and security assurance design strategy for safety-critical systems.
The integration of components into industrial control systems such as railway control and management systems (CCS) is ongoing of commercial off-the-shelf hardware and software (COTS). However, the use of COTS components in a pre-owned security framework results in new security risks. The interplay of security is an important field of study in which several questions still need to be addressed. To mitigate risk and ensure the programme is dependable and secure; security assurance is an essential part of the safety-critical software development process. Deficiencies in infrastructure and deficiencies also can lead to software bugs and abuse by hackers and offenders seeking to manipulate flaws in the tech industry. Testing, accreditation and evaluation are carried out to justify the level of assurance of safety of logical function during the intercommunication interaction process. This strategy is applied at design stage that refers to traditional use to increase the trust of the programme in the programme validation process [1].
Software assurance during the engineering/development process has been an integral aspect of contemporary safety-critical systems’ overall innovation, ranging from weapons, avionic, even automotive control systems, industrial control systems and medical equipment. Software is used for tracking and regulating physical processes in these systems increasing failure may lead to loss of life or other catastrophic malfunction. Therefore, software assurance for safety-critical systems performs a role as backbone in commercial-off-the-shelf component-based system [2].
Ever more software, including embedded systems, is no longer purpose-built in security systems. Instead, they are used (or reused) for COTS, GOTS Government off-the-shelf for software and hardware, open source, and other non-developmental applications, often without alteration or advanced setup changes. Much of this no developmental software—especially COTS and open source software—is component: stand-alone software pieces which can be used as a building block for creating larger and more complicated systems of software. The smallest independent decomposition unit in a software-based system may or may not be a component [3]. In certain cases, components with smaller modules are assembled. To be usable as a component of a broader framework, an autonomous programme must provide interface(s), typically standardising to allow the integrating or mounting of other components. In this case, degree of component assurance and system safety is foremost priority in information assurance for safety-critical component-based software systems in organizational [4].
The most important aspect in security assurance of computer-based systems is inter-component specification. Interactions between the systems may be separated by one component and another function consumption [5]. The service (function or calculation) provided to another component can be specified as a contract between the consumer component and the supplier component by one component and the services requested from the other component and details of interface(s) by which these provisions and applications are made [6]. The expectations one component has regarding the contractual commitments other components may meet are clearly specified as the preconditions or constraints the component sets on the other components with which it may communicate.