TY - GEN
T1 - Model-Based Security Requirements for Cyber-Physical Systems in SysML
AU - Wach, Paul
AU - Salado, Alejandro
N1 - Publisher Copyright:
© 2020 IEEE.
PY - 2020/7
Y1 - 2020/7
N2 - Capturing system requirements with accuracy and precision remains a challenge for secure cyber-physical systems. Current research efforts continue to fundamentally rely on natural language (shall statements), which is inherently ambiguous, and thus unable to capture the problem space accurately and precisely. We suggest in this paper a model-based approach to security requirements that avoids the use of requirements in natural language and leverages formal modeling and system-theoretic constructs instead. Specifically, the proposed approach extends behavioral and structural model elements of the Systems Modeling Language (SysML) with a system-theoretic definition of a solution space. Considering a system model to be a transformation of inputs into output, we model the security problem space in this paper as a set of required transformations of inputs into outputs. The application of the proposed requirements modeling approach to security requirements is demonstrated with an application to authentication requirements derived from a need to grant access to a service or system to authorized users and to decline access to a service or system to unauthorized users.
AB - Capturing system requirements with accuracy and precision remains a challenge for secure cyber-physical systems. Current research efforts continue to fundamentally rely on natural language (shall statements), which is inherently ambiguous, and thus unable to capture the problem space accurately and precisely. We suggest in this paper a model-based approach to security requirements that avoids the use of requirements in natural language and leverages formal modeling and system-theoretic constructs instead. Specifically, the proposed approach extends behavioral and structural model elements of the Systems Modeling Language (SysML) with a system-theoretic definition of a solution space. Considering a system model to be a transformation of inputs into output, we model the security problem space in this paper as a set of required transformations of inputs into outputs. The application of the proposed requirements modeling approach to security requirements is demonstrated with an application to authentication requirements derived from a need to grant access to a service or system to authorized users and to decline access to a service or system to unauthorized users.
KW - Cyber-physical systems
KW - Model-Based Systems Engineering
KW - Problem Formulation
KW - Security Requirements
UR - http://www.scopus.com/inward/record.url?scp=85092691478&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85092691478&partnerID=8YFLogxK
U2 - 10.1109/SSS47320.2020.9174222
DO - 10.1109/SSS47320.2020.9174222
M3 - Conference contribution
AN - SCOPUS:85092691478
T3 - Systems Security Symposium, SSS 2020 - Conference Proceedings
BT - Systems Security Symposium, SSS 2020 - Conference Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2020 Systems Security Symposium, SSS 2020
Y2 - 1 July 2020 through 1 August 2020
ER -