Abstract
Cyber-physical systems are characterized among others by strong interconnection with each other, but also with their environment. This interconnection enables on the one hand new functionality with a high complexity and leads on the other hand to a high demand on the security of the systems. Both aspects require tailored development processes with a rigorous requirements engineering. However, current requirements engineering approaches focus either on the functional or on the security aspects but lack an integrated view on modeling and analysing both aspects. Therefore, we present in this paper ongoing research for a formal, model- and scenario-based requirements engineering approach for cyber-physical systems. Our approach enables the requirements engineer in an early stage of the development whether the modeled security requirements are sufficient to mitigate attacks and whether the security requirements influence the functional behavior. We illustrate the approach by means of an advanced driver assistance system from the automotive domain.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Basin, D., Doser, J., Lodderstedt, T.: Model driven security: from UML models to access control infrastructures. ACM Trans. Softw. Eng. Methodol. 15, 39–91 (2006)
Chattopadhyay, A., Prakash, A., Shafique, M.: Secure cyber-physical systems: current trends, tools and open research problems. In: Design, Automation Test in Europe Conference Exhibition (DATE), pp. 1104–1109, March 2017
Firesmith, D.: Security use cases. J. Object Technol. 2(3), 53 (2003). http://www.jot.fm/issues/issue_2003_05/column6.pdf
Firesmith, D.G.: Engineering safety and security related requirements for software intensive systems. In: 29th International Conference on Software Engineering, p. 169. IEEE Computer Society, Los Alamitos (2007)
Fitzgerald, J., Larsen, P.G., Verhoef, M.: From embedded to cyber-physical systems: challenges and future directions. In: Fitzgerald, J., Larsen, P.G., Verhoef, M. (eds.) Collaborative Design for Embedded Systems, pp. 293–303. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54118-6_14
Geismann, J., Gerking, C., Bodden, E.: Towards ensuring security by design in cyber-physical systems engineering processes. In: International Conference on Software and System Processes (ICSSP), 26–27 May 2018
Giorgini, P., Mouratidis, H., Zannone, N.: Modelling security and trust with secure tropos. In: Integrating Security and Software Engineering: Advances and Future Vision, pp. 160–189 (2006)
Greenyer, J.: Scenario-based Design of Mechatronic Systems. Ph.D. thesis, University of Paderborn (2011). http://dups.ub.uni-paderborn.de/hs/urn/urn:nbn:de:hbz:466:2--7690
Haley, C.B., Laney, R., Moffett, J.D., Nuseibeh, B.: Security requirements engineering: a framework for representation and analysis. IEEE Trans. Softw. Eng. 34(1), 133–153 (2008)
Harel, D., Marelly, R.: Come, Let’s Play: Scenario-Based Programming Using LSC’s and the Play-Engine. Springer, New York (2003). https://doi.org/10.1007/978-3-642-19029-2
Holtmann, J., Bernijazov, R., Meyer, M., Schmelter, D., Tschirner, C.: Integrated and iterative systems engineering and software requirements engineering for technical systems. J. Softw. Evol. Process. 28(9), 722–743 (2016)
Holtmann, J., Fockel, M., Koch, T., Schmelter, D., Brenner, C., Bernijazov, R., Sander, M.: The MechatronicUML requirements engineering method: process and language (2016)
Jürjens, J.: UMLsec: extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45800-X_32
Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2005). https://doi.org/10.1007/b137706
Liu, L., Yu, E., Mylopoulos, J.: Security and privacy requirements analysis within a social setting. In: Proceedings of the 11th IEEE International Requirements Engineering Conference, 2003, pp. 151–161 (2003). https://doi.org/10.1109/ICRE.2003.1232746
Mead, N.R., Stehney, T.: Security quality requirements engineering (SQUARE) methodology (2005)
Pauli, J.J., Xu, D.: Misuse case-based design and analysis of secure software architecture. In: ITCC 2005, vol. 2, pp. 398–403. IEEE Computer Society, Los Alamitos (2003)
Ramos, A.L., Ferreira, J.V., Barceló, J.: Model-based systems engineering: an emerging approach for modern systems. IEEE Trans. Syst. Man Cybern. Part C (Appl. Rev.) 42(1), 101–111 (2012)
Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requir. Eng. 10(1), 34–44 (2005)
VDI: Design methodology for mechatronic systems (VDI 2206)
Whittle, J., Wijesekera, D., Hartong, M.: Executable misuse cases for modeling security concerns. In: Schäfer, W. (ed.) Proceedings of the 30th International Conference on Software Engineering, p. 121. ACM Press, New York (2008)
Win, B.D., Scandariato, R., Buyens, K., Grégoire, J., Joosen, W.: On the secure software development process: CLASP, SDL and touchpoints compared. Inf. Softw. Technol. 51(7), 1152–1171 (2009). http://www.sciencedirect.com/science/article/pii/S0950584908000281. Special Section: Software Engineering for Secure Systems
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Koch, T. (2018). Towards Scenario-Based Security Requirements Engineering for Cyber-Physical Systems. In: Mazzara, M., Ober, I., Salaün, G. (eds) Software Technologies: Applications and Foundations. STAF 2018. Lecture Notes in Computer Science(), vol 11176. Springer, Cham. https://doi.org/10.1007/978-3-030-04771-9_48
Download citation
DOI: https://doi.org/10.1007/978-3-030-04771-9_48
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-04770-2
Online ISBN: 978-3-030-04771-9
eBook Packages: Computer ScienceComputer Science (R0)