Model-Based Security Requirements for Cyber-Physical Systems in SysML

Paul Wach, Alejandro Salado

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Scopus citations


Capturing system requirements with accuracy and precision remains a challenge for secure cyber-physical systems. Current research efforts continue to fundamentally rely on natural language (shall statements), which is inherently ambiguous, and thus unable to capture the problem space accurately and precisely. We suggest in this paper a model-based approach to security requirements that avoids the use of requirements in natural language and leverages formal modeling and system-theoretic constructs instead. Specifically, the proposed approach extends behavioral and structural model elements of the Systems Modeling Language (SysML) with a system-theoretic definition of a solution space. Considering a system model to be a transformation of inputs into output, we model the security problem space in this paper as a set of required transformations of inputs into outputs. The application of the proposed requirements modeling approach to security requirements is demonstrated with an application to authentication requirements derived from a need to grant access to a service or system to authorized users and to decline access to a service or system to unauthorized users.

Original languageEnglish (US)
Title of host publicationSystems Security Symposium, SSS 2020 - Conference Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781728143163
StatePublished - Jul 2020
Externally publishedYes
Event2020 Systems Security Symposium, SSS 2020 - Crystal City, United States
Duration: Jul 1 2020Aug 1 2020

Publication series

NameSystems Security Symposium, SSS 2020 - Conference Proceedings


Conference2020 Systems Security Symposium, SSS 2020
Country/TerritoryUnited States
CityCrystal City


  • Cyber-physical systems
  • Model-Based Systems Engineering
  • Problem Formulation
  • Security Requirements

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Information Systems
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality


Dive into the research topics of 'Model-Based Security Requirements for Cyber-Physical Systems in SysML'. Together they form a unique fingerprint.

Cite this