TY - JOUR
T1 - System evolution through semi-automatic elicitation of security requirements
T2 - A Position Paper ⁎
AU - Vargas, Cyntia
AU - Bürger, Jens
AU - Viertel, Fabien
AU - Vogel-Heuser, Birgit
AU - Jürjens, Jan
N1 - Publisher Copyright:
© 2016
PY - 2018
Y1 - 2018
N2 - Due to the security threats faced in the connected world, the consideration of security requirements during system design and modeling has become a necessity. Unfortunately, the identification of new requirements that may arise throughout additional phases of a system's life-cycle (e.g. operation) must also be considered due to the ever-changing threat landscape. These new requirements may derive in system adaptations or modifications that ensure continuous system security. The identification of these new requirements and the implementation of their derived changes must be performed in a timely manner in order to avoid time windows where the system is vulnerable to security attacks. Unfortunately, the timely implementation of security-related changes is a challenge when dealing with automation systems as it may affect their availability and functionality. This position paper presents an approach that allows semiautomatic identification of system vulnerabilities in order to facilitate the derivation of new requirements that allow to ensure the security of a system. This identification is carried out throughout multiple phases of a system's life-cycle.
AB - Due to the security threats faced in the connected world, the consideration of security requirements during system design and modeling has become a necessity. Unfortunately, the identification of new requirements that may arise throughout additional phases of a system's life-cycle (e.g. operation) must also be considered due to the ever-changing threat landscape. These new requirements may derive in system adaptations or modifications that ensure continuous system security. The identification of these new requirements and the implementation of their derived changes must be performed in a timely manner in order to avoid time windows where the system is vulnerable to security attacks. Unfortunately, the timely implementation of security-related changes is a challenge when dealing with automation systems as it may affect their availability and functionality. This position paper presents an approach that allows semiautomatic identification of system vulnerabilities in order to facilitate the derivation of new requirements that allow to ensure the security of a system. This identification is carried out throughout multiple phases of a system's life-cycle.
KW - Industrial Security
KW - Industry Automation
KW - Model-driven Engineering
KW - Requirements Analysis
KW - Security Engineering
KW - System Models
UR - http://www.scopus.com/inward/record.url?scp=85050972159&partnerID=8YFLogxK
U2 - 10.1016/j.ifacol.2018.06.238
DO - 10.1016/j.ifacol.2018.06.238
M3 - Article
AN - SCOPUS:85050972159
SN - 2405-8963
VL - 51
SP - 64
EP - 69
JO - 3rd IFAC Conference on Embedded Systems, Computational Intelligence and Telematics in Control CESCIT 2018: Faro, Portugal, 6-8 June 2018
JF - 3rd IFAC Conference on Embedded Systems, Computational Intelligence and Telematics in Control CESCIT 2018: Faro, Portugal, 6-8 June 2018
IS - 10
ER -