System evolution through semi-automatic elicitation of security requirements: A Position Paper ⁎ ⁎Research supported by the DFG (German Research Foundation) in Priority Programme SPP1593: Design for Future - Managed Software Evolution (VO 937/20-2 and JU 2734/2-2).

Research output: Contribution to conferencePaperResearchpeer review

Authors

  • Cyntia Vargas
  • Jens Bürger
  • Fabien Patrick Viertel
  • Birgit Vogel-Häuser
  • Jan Jürjens

Research Organisations

External Research Organisations

  • Robert Bosch GmbH
  • University of Koblenz-Landau
  • Technical University of Munich (TUM)
  • Fraunhofer Institute for Software and Systems Engineering (ISST)
View graph of relations

Details

Original languageEnglish
Pages64-69
Number of pages6
Publication statusPublished - 2018
EventIFAC PapersOnLine -
Duration: 8 Jun 2018 → …

Conference

ConferenceIFAC PapersOnLine
Abbreviated titleIFAC
Period8 Jun 2018 → …

Abstract

Due to the security threats faced in the connected world, the consideration of security requirements during system design and modeling has become a necessity. Unfortunately, the identification of new requirements that may arise throughout additional phases of a system's life-cycle (e.g. operation) must also be considered due to the ever-changing threat landscape. These new requirements may derive in system adaptations or modifications that ensure continuous system security. The identification of these new requirements and the implementation of their derived changes must be performed in a timely manner in order to avoid time windows where the system is vulnerable to security attacks. Unfortunately, the timely implementation of security-related changes is a challenge when dealing with automation systems as it may affect their availability and functionality. This position paper presents an approach that allows semiautomatic identification of system vulnerabilities in order to facilitate the derivation of new requirements that allow to ensure the security of a system. This identification is carried out throughout multiple phases of a system's life-cycle.

Keywords

    Industrial Security, Industry Automation, Model-driven Engineering, Requirements Analysis, Security Engineering, System Models

ASJC Scopus subject areas

Cite this

System evolution through semi-automatic elicitation of security requirements: A Position Paper ⁎ ⁎Research supported by the DFG (German Research Foundation) in Priority Programme SPP1593: Design for Future - Managed Software Evolution (VO 937/20-2 and JU 2734/2-2). / Vargas, Cyntia; Bürger, Jens; Viertel, Fabien Patrick et al.
2018. 64-69 Paper presented at IFAC PapersOnLine .

Research output: Contribution to conferencePaperResearchpeer review

Download
@conference{a98827bc2dc2458cb435040b3ccab015,
title = "System evolution through semi-automatic elicitation of security requirements: A Position Paper ⁎ ⁎Research supported by the DFG (German Research Foundation) in Priority Programme SPP1593: Design for Future - Managed Software Evolution (VO 937/20-2 and JU 2734/2-2).",
abstract = "Due to the security threats faced in the connected world, the consideration of security requirements during system design and modeling has become a necessity. Unfortunately, the identification of new requirements that may arise throughout additional phases of a system's life-cycle (e.g. operation) must also be considered due to the ever-changing threat landscape. These new requirements may derive in system adaptations or modifications that ensure continuous system security. The identification of these new requirements and the implementation of their derived changes must be performed in a timely manner in order to avoid time windows where the system is vulnerable to security attacks. Unfortunately, the timely implementation of security-related changes is a challenge when dealing with automation systems as it may affect their availability and functionality. This position paper presents an approach that allows semiautomatic identification of system vulnerabilities in order to facilitate the derivation of new requirements that allow to ensure the security of a system. This identification is carried out throughout multiple phases of a system's life-cycle.",
keywords = "Industrial Security, Industry Automation, Model-driven Engineering, Requirements Analysis, Security Engineering, System Models",
author = "Cyntia Vargas and Jens B{\"u}rger and Viertel, {Fabien Patrick} and Birgit Vogel-H{\"a}user and Jan J{\"u}rjens",
note = "Publisher Copyright: {\textcopyright} 2016 Copyright: Copyright 2018 Elsevier B.V., All rights reserved.; IFAC PapersOnLine ; Conference date: 08-06-2018",
year = "2018",
doi = "10.1016/j.ifacol.2018.06.238",
language = "English",
pages = "64--69",

}

Download

TY - CONF

T1 - System evolution through semi-automatic elicitation of security requirements: A Position Paper ⁎ ⁎Research supported by the DFG (German Research Foundation) in Priority Programme SPP1593: Design for Future - Managed Software Evolution (VO 937/20-2 and JU 2734/2-2).

AU - Vargas, Cyntia

AU - Bürger, Jens

AU - Viertel, Fabien Patrick

AU - Vogel-Häuser, Birgit

AU - Jürjens, Jan

N1 - Publisher Copyright: © 2016 Copyright: Copyright 2018 Elsevier B.V., All rights reserved.

PY - 2018

Y1 - 2018

N2 - Due to the security threats faced in the connected world, the consideration of security requirements during system design and modeling has become a necessity. Unfortunately, the identification of new requirements that may arise throughout additional phases of a system's life-cycle (e.g. operation) must also be considered due to the ever-changing threat landscape. These new requirements may derive in system adaptations or modifications that ensure continuous system security. The identification of these new requirements and the implementation of their derived changes must be performed in a timely manner in order to avoid time windows where the system is vulnerable to security attacks. Unfortunately, the timely implementation of security-related changes is a challenge when dealing with automation systems as it may affect their availability and functionality. This position paper presents an approach that allows semiautomatic identification of system vulnerabilities in order to facilitate the derivation of new requirements that allow to ensure the security of a system. This identification is carried out throughout multiple phases of a system's life-cycle.

AB - Due to the security threats faced in the connected world, the consideration of security requirements during system design and modeling has become a necessity. Unfortunately, the identification of new requirements that may arise throughout additional phases of a system's life-cycle (e.g. operation) must also be considered due to the ever-changing threat landscape. These new requirements may derive in system adaptations or modifications that ensure continuous system security. The identification of these new requirements and the implementation of their derived changes must be performed in a timely manner in order to avoid time windows where the system is vulnerable to security attacks. Unfortunately, the timely implementation of security-related changes is a challenge when dealing with automation systems as it may affect their availability and functionality. This position paper presents an approach that allows semiautomatic identification of system vulnerabilities in order to facilitate the derivation of new requirements that allow to ensure the security of a system. This identification is carried out throughout multiple phases of a system's life-cycle.

KW - Industrial Security

KW - Industry Automation

KW - Model-driven Engineering

KW - Requirements Analysis

KW - Security Engineering

KW - System Models

UR - http://www.scopus.com/inward/record.url?scp=85050972159&partnerID=8YFLogxK

U2 - 10.1016/j.ifacol.2018.06.238

DO - 10.1016/j.ifacol.2018.06.238

M3 - Paper

SP - 64

EP - 69

T2 - IFAC PapersOnLine

Y2 - 8 June 2018

ER -