Visible to the public A Top Down Approach for Eliciting Systems Security Requirements for a Notional Autonomous Space System

TitleA Top Down Approach for Eliciting Systems Security Requirements for a Notional Autonomous Space System
Publication TypeConference Paper
Year of Publication2019
AuthorsMailloux, L. O., Span, M., Mills, R. F., Young, W.
Conference Name2019 IEEE International Systems Conference (SysCon)
Keywordsaerospace computing, architectural-level security specifications, Cyber-physical systems, cybersecurity, formal specification, functional-level security requirements, IEC standards, IEEE standards, ISO standards, ISO/IEC/IEEE 152SS, NIST SP SOO-160, notional autonomous space system, notional space system, pubcrawl, requirements analysis, resilience, Resiliency, resiliency requirements, Resilient Security Architectures, Safety, secure cyber-physical systems, security, security of data, software architecture, software engineering processes, space missions, Space vehicles, Stakeholders, STPA-Sec, system architecture, system life cycle, system operation, system-theoretic process analysis approach for security, systems security analysis, systems security engineering, systems security requirements, top down approach, top down systems security requirements analysis approach, traceable security
AbstractToday's highly interconnected and technology reliant environment places great emphasis on the need for secure cyber-physical systems. This work addresses this need by detailing a top down systems security requirements analysis approach for understanding and eliciting security requirements for a notional space system. More specifically, the System-Theoretic Process Analysis approach for Security (STPA-Sec) is used to understand and elicit systems security requirements during the conceptual stage of development. This work employs STPA-Sec in a notional space system to detail the development of functional-level security requirements, design-level engineering considerations, and architectural-level security specifications early in the system life cycle when the solution trade-space is largest rather than merely examining components and adding protections during system operation, maintenance, or sustainment. Lastly, this approach employs a holistic viewpoint which aligns with the systems and software engineering processes as detailed in ISO/IEC/IEEE 152SS and NIST SP SOO-160 Volume 1. This work seeks to advance the science of systems security by providing insight into a viable systems security requirements analysis approach which results in traceable security, safety, and resiliency requirements that can be designed-for, built-to, and verified with confidence.
Citation Keymailloux_top_2019