Scientific research

Research basis

The basis for NOR-STA services is TRUST-IT methodology developed by the Information Assurance Group team at the Gdansk University of Technology. TRUST-IT is a methodology of representing and assessment of evidence-based arguments. TRUST-IT arguments are used in many applications, including safety and security analysis, validation mtrics definition and conformance management. Owing to the universal nature of TRUST-IT argument, the NOR-STA services can be applied to any standard or a set of requirements.

Innovative ideas, methods and tools enabling the NOR-STA services, and the TRUST-IT methodology and its supporting tools in particular, were developed in several research and development projects:

  • STREP Project DRIVE, 5th EU Framework Programme,
  • Integrated Project PIPS, 6th EU Framework Programme,
  • STREP Project ANGEL, 6th EU Framework Programme.

The conformance template and resulting conformance argument have hierarchical structure consisting of the following elements:

  • (claim) - requirement of the standard
  • (argumentation strategy) - strategy of arguing the conformance to a particular requirement
  • (rationale) - justification of the chosen argument strategy 
  • (fact) - facts referred to while arguing for conformance
  • (reference) - references to the evidence demonstrating the facts
  • (information) - additional information and explanation related to the conformance argument

Research methodology

The main focus of the NOR-STA project is to prepare the NOR-STA services for commercial deployment. The research is carried out in three cycles of case studies. The results of each case study are used to improve the services and to plan for the next cycle. This way a learning loop has been built into the NOR STA project structure.

The NOR-STA project is realized in an incremental way where each increment has its own objectives and the results are verified experimentally. The experiments (case studies) involve representatives of the key stakeholders (standard owners, standard users and conformance auditors). This makes proper infrastructure for identification of research goals and fair validation of the NOR-STA approach.

Incremental and iterative approach to project realization provides for project risk reduction. The project benefits from using the intermediate results for re-defining long term objectives.

Each iteration is characterized by the following model: Plan for objectives, Perform the cycle, Assess the results, Improve the services.

Project tasks structure

The backbone of the project is the task of realizing the case studies. The results of the case studies are used to further develop the NOR-STA approach, to develop business models for commercial deployment of the services and to develop the NOR-STA knowledge base for future users. The flow of information between the case studies and the other tasks is shown in the figure below.