Security & Safety by Model-based Requirements Engineering

Cyber-physical systems (CPS), like autonomous vehicles, are intelligent and networked. The development of such systems requires interdisciplinary cooperation between different stakeholders. A lack of system understanding between stakeholders can lead to unidentified security threats & safety hazards in requirements engineering, resulting in high costs in product development. In particular, a lack of an integrative consideration of security threats & safety hazards can compromise safety compliance for CPS. Model-based requirements engineering (MBRE) improves the understanding of systems between stakeholders by additionally creating supporting models to system requirements. However, MBRE approaches only partially address security threats & safety hazards. In particular, their integrative consideration is not taken into account. Established security & safety approaches are either only applicable to specific disciplines or only partially consider security threats & safety hazards. Overall, existing approaches do not fully cover the MBRE process. In the context of this paper, the results of three scientific papers are consolidated with the aim to create a basis for a holistic MBRE approach, which considers security threats & safety hazards integratively. In each of the papers, sub-criteria of the holistic MBRE approach are presented. Furthermore, elaborated and planned tools for the individual process steps are presented.

[1]  Jürgen Gausemeier,et al.  Design Methodology for Intelligent Technical Systems, Develop Intelligent Technical Systems of the Future , 2014, Design Methodology for Intelligent Technical Systems.

[2]  Shuhei Yamashita,et al.  Introduction of ISO 26262 'Road vehicles-Functional safety' , 2012 .

[3]  Daniel M. Johnson,et al.  Virtual Business Role-Play: Leveraging Familiar Environments to Prime Stakeholder Memory During Process Elicitation , 2015, CAiSE.

[4]  Volker Gruhn,et al.  Security Requirements Engineering: A Framework for Cyber-Physical Systems , 2018, 2018 International Conference on Frontiers of Information Technology (FIT).

[5]  A. Kharatyan,et al.  METHOD FOR 3D-ENVIRONMENT DRIVEN DOMAIN KNOWLEDGE ELICITATION AND SYSTEM MODEL GENERATION , 2020 .

[6]  Maritta Heisel,et al.  Pattern-based modeling of cyber-physical systems for analyzing security , 2019, EuroPLoP.

[7]  Steve Lipner,et al.  Security development lifecycle , 2010, Datenschutz und Datensicherheit - DuD.

[8]  Maria Pampaka,et al.  A driving simulator for discovering requirements in complex systems , 2015, SummerSim.

[9]  Patrick Link,et al.  The Design Thinking Playbook: Mindful Digital Transformation of Teams, Products, Services, Businesses and Ecosystems , 2018 .

[10]  Nancy R. Mead,et al.  Security quality requirements engineering (SQUARE) methodology , 2005, SESS@ICSE.

[11]  Ken Barker,et al.  ELICA: An Automated Tool for Dynamic Extraction of Requirements Relevant Information , 2018, 2018 5th International Workshop on Artificial Intelligence for Requirements Engineering (AIRE).

[12]  H. Anacker,et al.  PATTERN BASED SYSTEMS ENGINEERING – APPLICATION OF SOLUTION PATTERNS IN THE DESIGN OF INTELLIGENT TECHNICAL SYSTEMS , 2020, Proceedings of the Design Society: DESIGN Conference.

[13]  Seiko Shirasaka,et al.  Applying Design Thinking in Systems Engineering Process as an Extended Version of DIKW Model , 2017 .

[14]  Klaus Pohl,et al.  Requirements Engineering - Fundamentals, Principles, and Techniques , 2010 .

[15]  Betty H.C. Cheng,et al.  Security Patterns for Automotive Systems , 2019, 2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems Companion (MODELS-C).

[16]  Roman Dumitrescu,et al.  Potentials for the Integration of Design Thinking along Automotive Systems Engineering Focusing Security and Safety , 2019 .

[17]  Eduardo B. Fernandez,et al.  Security patterns in practice : designing secure architectures using software patterns , 2013 .

[18]  Yannis C. Stamatiou,et al.  Model-based risk assessment – the CORAS approach , 2002 .

[19]  Roman Dumitrescu,et al.  Model Checking of Integratively Designed Product and Production Systems , 2019 .

[20]  Christoph Schmittner,et al.  Systematic Pattern Approach for Safety and Security Co-engineering in the Automotive Domain , 2017, SAFECOMP.

[21]  Chris Rupp,et al.  Requirements-Engineering und -Management: Aus der Praxis von klassisch bis agil , 2014 .

[22]  Eric Armengaud,et al.  SAHARA: A security-aware hazard and risk analysis method , 2015, 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE).