Capturing system requirements with accuracy and precision remains a challenge for secure cyber-physical systems. Current research efforts continue to fundamentally rely on natural language (shall statements), which is inherently ambiguous, and thus unable to capture the problem space accurately and precisely. We suggest in this paper a model-based approach to security requirements that avoids the use of requirements in natural language and leverages formal modeling and system-theoretic constructs instead. Specifically, the proposed approach extends behavioral and structural model elements of the Systems Modeling Language (SysML) with a system-theoretic definition of a solution space. Considering a system model to be a transformation of inputs into output, we model the security problem space in this paper as a set of required transformations of inputs into outputs. The application of the proposed requirements modeling approach to security requirements is demonstrated with an application to authentication requirements derived from a need to grant access to a service or system to authorized users and to decline access to a service or system to unauthorized users.