Visible to the public A Systems Security Approach for Requirements Analysis of Complex Cyber-Physical Systems

TitleA Systems Security Approach for Requirements Analysis of Complex Cyber-Physical Systems
Publication TypeConference Paper
Year of Publication2018
AuthorsSpan, M. T., Mailloux, L. O., Grimaila, M. R., Young, W. B.
Conference Name2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)
Keywordsarchitectural-level engineering considerations, complex cyber-physical systems, Cyber-physical systems, dependably secure systems, design-level security criteria, eliciting security requirements, formal specification, functional-level security requirements, key architectural analysis definitions, pubcrawl, readily understandable description, requirements analysis, resilience, Resiliency, resiliency requirements, security architecture analysis approaches, security of data, security processes, software engineering, software engineering processes, STPA-Sec, system-theoretic process analysis approach, systems security analysis, systems security engineering, technology reliant environment, traceable security, viable systems security analysis approach
AbstractToday's highly interconnected and technology reliant environment places greater emphasis on the need for dependably secure systems. This work addresses this problem by detailing a systems security analysis approach for understanding and eliciting security requirements for complex cyber-physical systems. First, a readily understandable description of key architectural analysis definitions and desirable characteristics is provided along with a survey of commonly used security architecture analysis approaches. Next, a tailored version of the System-Theoretic Process Analysis approach for Security (STPA-Sec) is detailed in three phases which supports the development of functional-level security requirements, architectural-level engineering considerations, and design-level security criteria. In particular, these three phases are aligned with the systems and software engineering processes defined in the security processes of NIST SP 800-160. Lastly, this work is important for advancing the science of systems security by providing a viable systems security analysis approach for eliciting, defining, and analyzing traceable security, safety, and resiliency requirements which support evaluation criteria that can be designed-for, built-to, and verified with confidence.
Citation Keyspan_systems_2018