A systems approach for eliciting mission-centric security requirements

Carter, Bryan T.; Bakirtzis, Georgios; Elks, Carl; Fleming, Craig

doi:10.1109/syscon.2018.8369539

Cited by 21 publications

(20 citation statements)

References 6 publications

(5 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Mailloux et al (2019) used the STPA-Sec to elicit systems security requirements for a notional autonomous space system. Carter et al (2018) used STPA-Sec with a previous information elicitation process to analyze a small reconnaissance unmanned aerial vehicles. A further modeling technique has also been proposed by the same researchers to support a more efficient and traceable analysis (Carter et al, 2019).…”

Section: Stpa-sec Applications and Gapsmentioning

confidence: 99%

Data-flow-based adaption of the System-Theoretic Process Analysis for Security (STPA-Sec)

Wagner

Luo

2021

PeerJ Computer Science

View full text Add to dashboard Cite

Security analysis is an essential activity in security engineering to identify potential system vulnerabilities and specify security requirements in the early design phases. Due to the increasing complexity of modern systems, traditional approaches lack the power to identify insecure incidents caused by complex interactions among physical systems, human and social entities. By contrast, the System-Theoretic Process Analysis for Security (STPA-Sec) approach views losses as resulting from interactions, focuses on controlling system vulnerabilities instead of external threats, and is applicable for complex socio-technical systems. However, the STPA-Sec pays less attention to the non-safety but information-security issues (e.g., data confidentiality) and lacks efficient guidance for identifying information security concepts. In this article, we propose a data-flow-based adaption of the STPA-Sec (named STPA-DFSec) to overcome the mentioned limitations and elicit security constraints systematically. We use the STPA-DFSec and STPA-Sec to analyze a vehicle digital key system and investigate the relationship and differences between both approaches, their applicability, and highlights. To conclude, the proposed approach can identify information-related problems more directly from the data processing aspect. As an adaption of the STPA-Sec, it can be used with other STPA-based approaches to co-design systems in multi-disciplines under the unified STPA framework.

show abstract

Section: Stpa-sec Applications and Gapsmentioning

confidence: 99%

Data-flow-based adaption of the System-Theoretic Process Analysis for Security (STPA-Sec)

Wagner

Luo

2021

PeerJ Computer Science

View full text Add to dashboard Cite

show abstract

“…The proposed metamodel is an integration of multiple technology areas into a unified ontology. This integration leverages advances in MBSE [48], safety through STAMP [49], and mission aware cybersecurity [7,17]. Mission aware is a systems engineering methodology that attempts to bridge system design with safety, security, and resilience.…”

Section: Literature Reviewmentioning

confidence: 99%

“…For example, in the field of safety, Leveson has developed systems-theoretic accident model and process (STAMP) [49], which examines safety incidents in terms of hierarchical control and unacceptable losses. In the intersection of security and resilience, there is System Aware [42,43] and its evolution Mission Aware [16,17], which see mitigation in terms of resilient modes in addition to traditional security defenses. Finally, the general field of model-based systems engineering (MBSE) has produced both methods and tools in assessing the safety and security posture of system designs and is the paradigm in which the majority of system models must conform to.…”

Section: Introductionmentioning

confidence: 99%

An ontological metamodel for cyber-physical system safety, security, and resilience coengineering

et al. 2021

Self Cite

View full text Add to dashboard Cite

Cyber-physical systems are complex systems that require the integration of diverse software, firmware, and hardware to be practical and useful. This increased complexity is impacting the management of models necessary for designing cyber-physical systems that are able to take into account a number of “-ilities”, such that they are safe and secure and ultimately resilient to disruption of service. We propose an ontological metamodel for system design that augments an already existing industry metamodel to capture the relationships between various model elements (requirements, interfaces, physical, and functional) and safety, security, and resilient considerations. Employing this metamodel leads to more cohesive and structured modeling efforts with an overall increase in scalability, usability, and unification of already existing models. In turn, this leads to a mission-oriented perspective in designing security defenses and resilience mechanisms to combat undesirable behaviors. We illustrate this metamodel in an open-source GraphQL implementation, which can interface with a number of modeling languages. We support our proposed metamodel with a detailed demonstration using an oil and gas pipeline model.

show abstract

“…In our previous work, we describe how to generate the mission context information and how the model can be applied to vulnerability analysis . This paper instead focuses on applying the modeling methodology to use a case, assuming that all the information in the model is known ahead of time.…”

Section: Introductionmentioning

confidence: 99%

“…While this is a necessary characteristic of any good model, evaluating a vulnerability in the mission context, however, requires that specific, low‐level vulnerabilities within components can be traced to potentially compromised mission requirements. Therefore, we need a systematic process for modeling the mission context, the system architecture, and linking those two together …”

Section: Introductionmentioning

confidence: 99%

Systems‐theoretic security requirements modeling for cyber‐physical systems

Carter

Bakirtzis

Elks

et al. 2019

Systems Engineering

Self Cite

View full text Add to dashboard Cite

Cyber‐physical systems (CPS) present a unique modeling challenge due to their numerous heterogeneous components, complex physical interactions, and disjoint communication networks. Modeling CPS to aid security analysis further adds to these challenges, because securing CPS requires not only understanding of the system architecture, but also the system's role within its broader expected service. This is due to the infeasibility of completely securing every single component, network, and part within a CPS. As such it is necessary to be cognizant of the system's expected service, or mission, so that the effects of an exploit can be mitigated and the system can perform its mission at least in a partially degraded manner—in other words, a mission‐aware approach to security. As such, a security analysis methodology based on this philosophy is greatly aided by the creation of a model that combines system architecture information, its admissible behaviors, and its mission context. This paper presents a technique for creating such a model using the Systems Modeling Language.

show abstract

A systems approach for eliciting mission-centric security requirements

Cited by 21 publications

References 6 publications

Data-flow-based adaption of the System-Theoretic Process Analysis for Security (STPA-Sec)

Data-flow-based adaption of the System-Theoretic Process Analysis for Security (STPA-Sec)

An ontological metamodel for cyber-physical system safety, security, and resilience coengineering

Systems‐theoretic security requirements modeling for cyber‐physical systems

Contact Info

Product

Resources

About