Automatic Generation of Security Requirements for Cyber-Physical Systems

Jinghua Yu, Stefan Wagner, Feng Luo

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Security is one of the essential properties in Cyber-Physical Systems (CPS). Attacking systems like autonomous vehicles and health-care systems may lead to financial or privacy losses of stakeholders or even life threats. Security analysis, as an early activity in the system design, addresses security issues and identifies system vulnerabilities in advance to guide further security design. However, the security analysis is mostly performed manually requiring a high workload with human oversight. Besides, the manual analysis is not flexible for modification in later design stages and largely depends on expert knowledge and experience. Therefore, a new security analysis approach has been proposed in this paper to generate security requirements automatically, which is based on the System-Theoretic Process Analysis (STPA) framework and is applicable for data-flow-based CPSs. We have also developed a software prototype to support the implementation of this automatic approach and used it to obtain the security requirements of two CPSs in the automotive domain. Finally, we compared the automatically generated outcomes with the manually obtained ones and evaluated the proposed approach. Based on the experiment results, we found that the automatic way is efficient, effective and flexible. Furthermore, the proposed approach is also extensible. Analysts in a team can establish their own empirical repository to achieve accurate security requirements for their specific systems.

Original languageEnglish
Title of host publicationScience and Technologies for Smart Cities - 6th EAI International Conference, SmartCity360°, Proceedings
EditorsSara Paiva, Sérgio Ivan Lopes, Rafik Zitouni, Nishu Gupta, Sérgio F. Lopes, Takuro Yonezawa
PublisherSpringer Science and Business Media Deutschland GmbH
Pages372-385
Number of pages14
ISBN (Print)9783030760625
DOIs
StatePublished - 2021
Externally publishedYes
Event6th EAI International Conference on Science and Technologies for Smart Cities, SmartCity 2020 - Virtual, Online
Duration: 2 Dec 20204 Dec 2020

Publication series

NameLecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume372
ISSN (Print)1867-8211
ISSN (Electronic)1867-822X

Conference

Conference6th EAI International Conference on Science and Technologies for Smart Cities, SmartCity 2020
CityVirtual, Online
Period2/12/204/12/20

Keywords

  • Empirical repository
  • Pattern matching
  • Security analysis
  • STPA framework

Fingerprint

Dive into the research topics of 'Automatic Generation of Security Requirements for Cyber-Physical Systems'. Together they form a unique fingerprint.

Cite this