After an organization makes the decision to adopt model‐based systems engineering (MBSE), it must go a long way before this decision proves right. There are many obstacles in this way, like stories about unsuccessful MBSE applications, insufficient information on how to proceed, and employee resistance to the cultural change to name a few. Neither of them is a true issue, if suitable enablers for MBSE adoption are chosen. Nowadays, MBSE is enabled by Systems Modeling Language (SysML). However, SysML is neither a framework nor a method: it provides no information about the modeling process and thus must be combined with some methodology to become truly applicable. This paper summarizes the experience of various MBSE adoption projects in the form of a new approach for MBSE. The approach is based on the framework organized in a matrix view and is designated to guide system engineers through the modeling process and help them answer the questions, like how to start, how to structure the model, what views to build, which artefacts to deliver, and in what sequence.
This paper presents how Model-Based System Engineering (MBSE) could be leveraged in order to mitigate security risks at an early stage of system development. Primarily, MBSE was used to manage complex engineering projects in terms of system requirements, design, analysis, verification, and validation activities, leaving security aspects aside. However, previous research showed that security requirements and risks could be tackled in the MBSE model, and powerful MBSE tools such as simulation, change impact analysis, automated document generation, validation, and verification could be successfully reused in the multidisciplinary field. This article analyzes various security-related techniques and then clarifies how these techniques can be represented in the Systems Modeling Language (SysML) model and then further exploited with MBSE tools. The paper introduces the MBSEsec method, which gives guidelines for the security analysis process, the SysML/UML-based security profile, and recommendations on what security technique is needed at each security process phase. The MBSEsec method was verified by creating an application case study that reflects real-world problems and running an experiment where systems and security engineers evaluated the feasibility of our approach.
Model-Based System Engineering (MBSE) provides a number of ways on how to create, validate, and verify the complex system design; unfortunately, the inherent security aspects are addressed neither by the SysML language that is the main MBSE enabler nor by popular MBSE methods. Although there are many common points between MBSE and security requirements engineering, the key advantages of MBSE (such as managed complexity, reduced risk and cost, and improved communication across a multidisciplinary team) have not been exploited enough. This paper reviews security requirements engineering processes and modeling methods and standards and provides the MBSE security profile as well, which is formalized with the UML 2.5 profiling capability. The new UML-based security profile conforms to the ISO/IEC 27001 information security standard. In addition to the MBSE security profile, this paper also presents the security profile application use case and the feasibility study of current status for security and systems engineering processes.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.