Structuring Trust: A Quantitative and Traceable Framework for Hardware Security Assurance

The security assurance of hardware systems is increasingly critical in connected and safety-sensitive infrastructures, where compromised components can endanger human safety or disrupt essential services. However, current assurance practices remain largely qualitative and fragmented across overlapping standards, leading to duplicated evaluation efforts and inconsistent interpretations of system trustworthiness. This paper introduces a structured, multi-level framework that links security requirements to verification evidence through six traceable layers, enabling reproducible and partially quantitative assessment of hardware assurance. The framework supports lifecycle reasoning and transparent traceability, allowing assurance arguments to be consolidated across complex, multi-component systems. Its applicability is demonstrated through a wireless fingertip oximeter used in healthcare infrastructure, illustrating how traceable evidence and quantitative scoring can provide measurable subsystem evaluation and diagnostic insight into system-level resilience.