Automatic Generation of Security Requirements for Cyber-Physical Systems

Jinghua Yu, Stefan Wagner, Feng Luo

Publikation: Beitrag in Buch/Bericht/KonferenzbandKonferenzbeitragBegutachtung

Abstract

Security is one of the essential properties in Cyber-Physical Systems (CPS). Attacking systems like autonomous vehicles and health-care systems may lead to financial or privacy losses of stakeholders or even life threats. Security analysis, as an early activity in the system design, addresses security issues and identifies system vulnerabilities in advance to guide further security design. However, the security analysis is mostly performed manually requiring a high workload with human oversight. Besides, the manual analysis is not flexible for modification in later design stages and largely depends on expert knowledge and experience. Therefore, a new security analysis approach has been proposed in this paper to generate security requirements automatically, which is based on the System-Theoretic Process Analysis (STPA) framework and is applicable for data-flow-based CPSs. We have also developed a software prototype to support the implementation of this automatic approach and used it to obtain the security requirements of two CPSs in the automotive domain. Finally, we compared the automatically generated outcomes with the manually obtained ones and evaluated the proposed approach. Based on the experiment results, we found that the automatic way is efficient, effective and flexible. Furthermore, the proposed approach is also extensible. Analysts in a team can establish their own empirical repository to achieve accurate security requirements for their specific systems.

OriginalspracheEnglisch
TitelScience and Technologies for Smart Cities - 6th EAI International Conference, SmartCity360°, Proceedings
Redakteure/-innenSara Paiva, Sérgio Ivan Lopes, Rafik Zitouni, Nishu Gupta, Sérgio F. Lopes, Takuro Yonezawa
Herausgeber (Verlag)Springer Science and Business Media Deutschland GmbH
Seiten372-385
Seitenumfang14
ISBN (Print)9783030760625
DOIs
PublikationsstatusVeröffentlicht - 2021
Extern publiziertJa
Veranstaltung6th EAI International Conference on Science and Technologies for Smart Cities, SmartCity 2020 - Virtual, Online
Dauer: 2 Dez. 20204 Dez. 2020

Publikationsreihe

NameLecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Band372
ISSN (Print)1867-8211
ISSN (elektronisch)1867-822X

Konferenz

Konferenz6th EAI International Conference on Science and Technologies for Smart Cities, SmartCity 2020
OrtVirtual, Online
Zeitraum2/12/204/12/20

Fingerprint

Untersuchen Sie die Forschungsthemen von „Automatic Generation of Security Requirements for Cyber-Physical Systems“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren