Security Requirements Engineering: A Framework for Cyber-Physical Systems

Réhman, Shafiq Ur; Allgaier, Christopher; Gruhn, Volker

doi:10.1109/fit.2018.00062

Cited by 17 publications

(5 citation statements)

References 129 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…А также с помощью утилит nmap можно просканировать сеть, порты устройств, протоколы передачи данных между устройствами. Из-за чего существует множество ограничений для более широкого промышленного применения КФС на реальных производствах [15] и [16].…”

Section: рис 6 база данных часть 1 рис 7 база данных частьunclassified

Defining a set of metrics for detecting attacks at FSC

Basan¹,

Mikhailova²,

Shulika³

et al. 2023

Proceedings of X All-Russian Scientific Conference &Amp;quot;System Synthesis and Applied Synergetics"

View full text Add to dashboard Cite

Section: рис 6 база данных часть 1 рис 7 база данных частьunclassified

Defining a set of metrics for detecting attacks at FSC

Basan¹,

Mikhailova²,

Shulika³

et al. 2023

Proceedings of X All-Russian Scientific Conference &Amp;quot;System Synthesis and Applied Synergetics"

View full text Add to dashboard Cite

“…These are annotated in the design model of any system. Other researches developed a security requirements engineering framework for CPSs, that is an extension of SREP [31]. The capacity to support the high variability in the security context though Feature Models appeared in previous papers [23], where the authors study the possible vulnerabilities to create attack scenarios, but not it does not apply to a complex scenario as the CPSs need.…”

Section: Cybersecurity and Feature Model Analysismentioning

confidence: 99%

Definition and Verification of Security Configurations of Cyber-Physical Systems

et al. 2020

View full text Add to dashboard Cite

The proliferation of Cyber-Physical Systems (CPSs) is raising serious security challenges. These are complex systems, integrating physical elements into automated networked systems, often containing a variety of devices, such as sensors and actuators, and requiring complex management and data storage. This makes the construction of secure CPSs a challenge, requiring not only an adequate specification of security requirements and needs related to the business domain but also an adaptation and concretion of these requirements to define a security configuration of the CPS where all its components are related. Derived from the complexity of the CPS, their configurations can be incorrect according to the requirements, and must be verified. In this paper, we propose a grammar for specifying business domain security requirements based on the CPS components. This will allow the definition of security requirements that, through a defined security feature model, will result in a configuration of services and security properties of the CPS, whose correctness can be verified. For this last stage, we have created a catalogue of feature models supported by a tool that allows the automatic verification of security configurations. To illustrate the results, the proposal has been applied to automated verification of requirements in a hydroponic system scenario.

show abstract

“…In recent years, security requirements engineering (SRE) has grown, and security frameworks have been proposed in the academic community and other scientific publications (Rehman et al, 2018). There are now various approaches to security requirements engineering, including "Secure Quality Requirements Engineering" SQUARE, CLASP, secure i*, UMLsec , SREP, secure Tropos and MORSE etc.…”

Section: Introductionmentioning

confidence: 99%

“…The use of security requirement assurance is increasing in the development of secure critical systems, especially in industries such as transportation systems, medical devices, financial systems, military systems, healthcare, and automotive (Mohamad et al, 2021). Therefore, one of the primary reasons for the success of the threats and attacks is lack of attention to the elicitation and analysis of security requirements (Anderson, 2020), and cannot be neglected any longer (Rehman et al, 2018). The increasing amount of software security threats, along with increased security awareness, implies that software security assurance is no longer an option, but rather a requirement (Khan & Khan, 2018a).…”

Section: Introductionmentioning

confidence: 99%

Securing Software Development: A Holistic Exploration of Security Awareness in Software Development Teams

Janisar,

Shafee,

Sarlan

et al. 2024

IJARBSS

View full text Add to dashboard Cite

Security awareness is crucial at every stage of the software development life cycle. Studies emphasize the importance of addressing security requirements (SR) early in the requirement engineering phase to effectively mitigate security issues. However, the software development team (SDT) currently lacks sufficient awareness regarding the security requirements assurance (SRA) for mitigating security issues in secure software development. The objective of this study is to assess the (SDT) security knowledge in early software development. A survey was distributed, questions were based on (SR) within the context of security requirement engineering (SRE). A total of 58 responded to the survey. The results indicate that the (SDT) demonstrates a satisfactory level of knowledge regarding security (KOS), security requirements elicitation and analysis (SREA), and approaches within the domain of SRE. However, the results pertaining to security requirement assurance (SRA) were found unsatisfactory. Descriptive statistics were employed to analyse the mean scores of KOS=3.79, SRE=3.61, SREA=3.67, and SRA=2.71. SRE presented the strong Pearson correlation with SREA=.596**. Also, regression coefficient produces positive outcome with (SRA) and (SREA). Though, software development teams need to collaborate with the researcher to enhance the awareness about security requirement assurance during the secure development process.

show abstract

Security Requirements Engineering: A Framework for Cyber-Physical Systems

Cited by 17 publications

References 129 publications

Defining a set of metrics for detecting attacks at FSC

Defining a set of metrics for detecting attacks at FSC

Definition and Verification of Security Configurations of Cyber-Physical Systems

Securing Software Development: A Holistic Exploration of Security Awareness in Software Development Teams

Contact Info

Product

Resources

About