Model-Based Security Requirements for Cyber-Physical Systems in SysML

Capturing system requirements with accuracy and precision remains a challenge for secure cyber-physical systems. Current research efforts continue to fundamentally rely on natural language (shall statements), which is inherently ambiguous, and thus unable to capture the problem space accurately and precisely. We suggest in this paper a model-based approach to security requirements that avoids the use of requirements in natural language and leverages formal modeling and system-theoretic constructs instead. Specifically, the proposed approach extends behavioral and structural model elements of the Systems Modeling Language (SysML) with a system-theoretic definition of a solution space. Considering a system model to be a transformation of inputs into output, we model the security problem space in this paper as a set of required transformations of inputs into outputs. The application of the proposed requirements modeling approach to security requirements is demonstrated with an application to authentication requirements derived from a need to grant access to a service or system to authorized users and to decline access to a service or system to unauthorized users.

[1]  Luisa Mich,et al.  Ambiguity Measures in Requirements Engineering , 2022 .

[2]  Ravishankar K. Iyer,et al.  Safety-critical cyber-physical attacks: analysis, detection, and mitigation , 2016, HotSoS.

[3]  Jos L. M. Vrancken,et al.  Model-Driven User Requirements Specification using SysML , 2008, J. Softw..

[4]  Cody H. Fleming,et al.  Systems-theoretic security requirements modeling for cyber-physical systems , 2019, Syst. Eng..

[5]  Roshanak Nilchiani,et al.  A contribution to the scientific foundations of systems engineering: Solution spaces and requirements , 2017 .

[6]  C.J.H. Mann,et al.  A Practical Guide to SysML: The Systems Modeling Language , 2009 .

[7]  Samir Ouchani,et al.  Attacks Generation by Detecting Attack Surfaces , 2014, ANT/SEIT.

[8]  Alexander Kossiakoff,et al.  Systems Engineering Principles and Practice , 2020 .

[9]  Sébastien Gérard,et al.  Towards Industry 4.0: Gap Analysis between Current Automotive MES and Industry Standards Using Model-Based Requirement Engineering , 2017, 2017 IEEE International Conference on Software Architecture Workshops (ICSAW).

[10]  François Terrier,et al.  Requirements Exchange: From Specification Documents to Models , 2011, 2011 16th IEEE International Conference on Engineering of Complex Computer Systems.

[11]  Lawrence D. Pohlmann,et al.  The Engineering Design of Systems – Models and Methods , 2000 .

[12]  Roshanak Nilchiani,et al.  Reducing Excess Requirements Through Orthogonal Categorizations During Problem Formulation: Results of a Factorial Experiment , 2017, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[13]  Kyo Chul Kang,et al.  Issues in Requirements Elicitation , 1992 .

[14]  Ruth Breu,et al.  Towards an Integrated Model for Safety and Security Requirements of Cyber-Physical Systems , 2017, 2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C).

[15]  Paul Wach,et al.  Constructing True Model-Based Requirements in SysML , 2019, Syst..

[16]  O. Thomas Holland,et al.  Model-Based Systems Engineering , 2015 .

[17]  Roshanak Nilchiani,et al.  A Categorization Model of Requirements Based on Max‐Neef's Model of Human Needs , 2013, Syst. Eng..

[18]  Edward A. Lee,et al.  Addressing Modeling Challenges in Cyber-Physical Systems , 2011 .

[19]  A. Terry Bahill,et al.  Requirements development, verification, and validation exhibited in famous failures , 2005, Syst. Eng..

[20]  Sanford Friedenthal,et al.  A Practical Guide to SysML: The Systems Modeling Language , 2008 .

[21]  Ivy Hooks Why Johnny Still Cannot Write Requirements , 2010 .

[22]  Nasreddine Hallam,et al.  Improving the Quality of Natural Language Requirements Specifications through Natural Language Requirements Patterns , 2006, The Sixth IEEE International Conference on Computer and Information Technology (CIT'06).

[23]  Kymie Tan,et al.  Mission-Centric Cyber Security Assessment of Critical Systems , 2016 .