Using Relax Operators into an MDE Security Requirement Elicitation Process for Systems of Systems

Systems of systems (SoS) are large-scale systems composed of complex systems with difficult to elicit and model emergent properties. One of the most significant challenges in the engineering of such systems is how to elicit their non-functional requirements such as security. In this proposal paper we introduce a Model Driven Engineering (MDE) security requirement process for SoS. It is based on the Relax language to define invariant and relaxed security requirements. This enables taking into account security concerns early in the requirements phase of the SoS. We illustrate our process on a maritime safety and security case study.

[1]  Cihan H. Dagli,et al.  System of Systems Architecting , 2008 .

[2]  Nelly Bencomo,et al.  RELAX: Incorporating Uncertainty into the Specification of Self-Adaptive Systems , 2009, 2009 17th IEEE International Requirements Engineering Conference.

[3]  John Klein,et al.  A systematic review of system-of-systems architecture research , 2013, QoSA '13.

[4]  Jean-Michel Bruel,et al.  Modeling and verification of Functional and Non-Functional Requirements of ambient Self-Adaptive Systems , 2015, J. Syst. Softw..

[5]  Mark W. Maier Architecting Principles for Systems‐of‐Systems , 1996 .

[6]  Brian J. Sauser,et al.  System of Systems Management: A Network Management Approach , 2007, 2007 IEEE International Conference on System of Systems Engineering.

[7]  M. Janishidi System of Systems - Innovations for 21st Century , 2008, 2008 IEEE Region 10 and the Third international Conference on Industrial and Information Systems.

[8]  Iulian Ober,et al.  Early Analysis of Ambient Systems SYSML Properties using OMEGA2-IFx , 2013, SIMULTECH.

[9]  Axel van Lamsweerde,et al.  Requirements Engineering: From System Goals to UML Models to Software Specifications , 2009 .

[10]  Roland Rieke,et al.  Identification of Security Requirements in Systems of Systems by Functional Security Analysis , 2009, WADS.

[11]  Sam Nunn,et al.  Vulnerabilities and Failures of Complex Systems , 2003 .

[12]  Philippe Aniorte,et al.  Challenges in Security Engineering of Systems-of-Systems , 2014 .

[13]  Amel Mammar,et al.  Using Requirements Engineering in an Automatic Security Policy Derivation Process , 2011, DPM/SETOP.

[14]  Jean-Michel Bruel,et al.  Self-adaptive systems requirements modelling: Four related approaches comparison , 2013, 2013 3rd International Workshop on Comparing Requirements Modeling Approaches (CMA@RE).

[15]  Alexandre Miège,et al.  Definition of a formal framework for specifying security policies. The Or-BAC model and extensions. , 2005 .

[16]  Daniel Mellado,et al.  A systematic review of security requirements engineering , 2010, Comput. Stand. Interfaces.

[17]  Sandro Etalle,et al.  A Semantic Security Framework for Systems of Systems , 2013, Int. J. Cooperative Inf. Syst..