System evolution through semi-automatic elicitation of security requirements: A Position Paper ⁎ ⁎Research supported by the DFG (German Research Foundation) in Priority Programme SPP1593: Design for Future - Managed Software Evolution (VO 937/20-2 and JU 2734/2-2).

Publikation: KonferenzbeitragPaperForschungPeer-Review

Autoren

  • Cyntia Vargas
  • Jens Bürger
  • Fabien Patrick Viertel
  • Birgit Vogel-Häuser
  • Jan Jürjens

Organisationseinheiten

Externe Organisationen

  • Robert Bosch GmbH
  • Universität Koblenz-Landau
  • Technische Universität München (TUM)
  • Fraunhofer-Institut für Software- und Systemtechnik (ISST), Institutsteil Dortmund
Forschungs-netzwerk anzeigen

Details

OriginalspracheEnglisch
Seiten64-69
Seitenumfang6
PublikationsstatusVeröffentlicht - 2018
VeranstaltungIFAC PapersOnLine -
Dauer: 8 Juni 2018 → …

Konferenz

KonferenzIFAC PapersOnLine
KurztitelIFAC
Zeitraum8 Juni 2018 → …

Abstract

Due to the security threats faced in the connected world, the consideration of security requirements during system design and modeling has become a necessity. Unfortunately, the identification of new requirements that may arise throughout additional phases of a system's life-cycle (e.g. operation) must also be considered due to the ever-changing threat landscape. These new requirements may derive in system adaptations or modifications that ensure continuous system security. The identification of these new requirements and the implementation of their derived changes must be performed in a timely manner in order to avoid time windows where the system is vulnerable to security attacks. Unfortunately, the timely implementation of security-related changes is a challenge when dealing with automation systems as it may affect their availability and functionality. This position paper presents an approach that allows semiautomatic identification of system vulnerabilities in order to facilitate the derivation of new requirements that allow to ensure the security of a system. This identification is carried out throughout multiple phases of a system's life-cycle.

ASJC Scopus Sachgebiete

Zitieren

Download
@conference{a98827bc2dc2458cb435040b3ccab015,
title = "System evolution through semi-automatic elicitation of security requirements: A Position Paper ⁎ ⁎Research supported by the DFG (German Research Foundation) in Priority Programme SPP1593: Design for Future - Managed Software Evolution (VO 937/20-2 and JU 2734/2-2).",
abstract = "Due to the security threats faced in the connected world, the consideration of security requirements during system design and modeling has become a necessity. Unfortunately, the identification of new requirements that may arise throughout additional phases of a system's life-cycle (e.g. operation) must also be considered due to the ever-changing threat landscape. These new requirements may derive in system adaptations or modifications that ensure continuous system security. The identification of these new requirements and the implementation of their derived changes must be performed in a timely manner in order to avoid time windows where the system is vulnerable to security attacks. Unfortunately, the timely implementation of security-related changes is a challenge when dealing with automation systems as it may affect their availability and functionality. This position paper presents an approach that allows semiautomatic identification of system vulnerabilities in order to facilitate the derivation of new requirements that allow to ensure the security of a system. This identification is carried out throughout multiple phases of a system's life-cycle.",
keywords = "Industrial Security, Industry Automation, Model-driven Engineering, Requirements Analysis, Security Engineering, System Models",
author = "Cyntia Vargas and Jens B{\"u}rger and Viertel, {Fabien Patrick} and Birgit Vogel-H{\"a}user and Jan J{\"u}rjens",
note = "Publisher Copyright: {\textcopyright} 2016 Copyright: Copyright 2018 Elsevier B.V., All rights reserved.; IFAC PapersOnLine ; Conference date: 08-06-2018",
year = "2018",
doi = "10.1016/j.ifacol.2018.06.238",
language = "English",
pages = "64--69",

}

Download

TY - CONF

T1 - System evolution through semi-automatic elicitation of security requirements: A Position Paper ⁎ ⁎Research supported by the DFG (German Research Foundation) in Priority Programme SPP1593: Design for Future - Managed Software Evolution (VO 937/20-2 and JU 2734/2-2).

AU - Vargas, Cyntia

AU - Bürger, Jens

AU - Viertel, Fabien Patrick

AU - Vogel-Häuser, Birgit

AU - Jürjens, Jan

N1 - Publisher Copyright: © 2016 Copyright: Copyright 2018 Elsevier B.V., All rights reserved.

PY - 2018

Y1 - 2018

N2 - Due to the security threats faced in the connected world, the consideration of security requirements during system design and modeling has become a necessity. Unfortunately, the identification of new requirements that may arise throughout additional phases of a system's life-cycle (e.g. operation) must also be considered due to the ever-changing threat landscape. These new requirements may derive in system adaptations or modifications that ensure continuous system security. The identification of these new requirements and the implementation of their derived changes must be performed in a timely manner in order to avoid time windows where the system is vulnerable to security attacks. Unfortunately, the timely implementation of security-related changes is a challenge when dealing with automation systems as it may affect their availability and functionality. This position paper presents an approach that allows semiautomatic identification of system vulnerabilities in order to facilitate the derivation of new requirements that allow to ensure the security of a system. This identification is carried out throughout multiple phases of a system's life-cycle.

AB - Due to the security threats faced in the connected world, the consideration of security requirements during system design and modeling has become a necessity. Unfortunately, the identification of new requirements that may arise throughout additional phases of a system's life-cycle (e.g. operation) must also be considered due to the ever-changing threat landscape. These new requirements may derive in system adaptations or modifications that ensure continuous system security. The identification of these new requirements and the implementation of their derived changes must be performed in a timely manner in order to avoid time windows where the system is vulnerable to security attacks. Unfortunately, the timely implementation of security-related changes is a challenge when dealing with automation systems as it may affect their availability and functionality. This position paper presents an approach that allows semiautomatic identification of system vulnerabilities in order to facilitate the derivation of new requirements that allow to ensure the security of a system. This identification is carried out throughout multiple phases of a system's life-cycle.

KW - Industrial Security

KW - Industry Automation

KW - Model-driven Engineering

KW - Requirements Analysis

KW - Security Engineering

KW - System Models

UR - http://www.scopus.com/inward/record.url?scp=85050972159&partnerID=8YFLogxK

U2 - 10.1016/j.ifacol.2018.06.238

DO - 10.1016/j.ifacol.2018.06.238

M3 - Paper

SP - 64

EP - 69

T2 - IFAC PapersOnLine

Y2 - 8 June 2018

ER -