DigitalSE Logo

Implementation Example: Silverfish

Abstract

Digital engineering is seeing increased applications in the conception, design, integration, verification and validation (V&V) of mission critical systems. As a greater number of safety and security considerations are included in the design process, mission systems, network architecture design, and verification have become increasingly complex. The Department of Defense (DoD) Cyber Resilient Weapon Systems (CRWS) initiative encourages a mission-level analysis of system vulnerabilities and potential adversary actions to evaluate mission resilience to cybersecurity effects. The research, and resulting use case, is focused on transition of an end-to-end systems engineering methodology intended to close the loop between mission-level resilience analysis and system development activities using digital engineering processes. In particular, the research offers an approach to model safety and security decisions, which are negotiations, into the system design model.

This use case presents both a novel and practical application of model-based system assurance methodologies. The methods, practices, and tools assess the quality of different requirements and design solutions based on safety and security risks in the presence of a determined cyberattack. The methods trade requirements and design decisions based on evaluation of hazard/risk, cost, and threat adversary properties. These methods also consider the dependencies between cybersecurity and system safety. In the cybersecurity domain, traditional assurance processes are inadequate, and further development is needed on new metrics, methods, and tools for hazard mitigation. In the context of digital engineering, finding the right approach to computationally support systems engineering and engineering activities of requirements, architecture, design, verification and validation for end-to-end solutions in the context of the mission is essential.

The full link from mission engineering to system requirements to design using formal modeling and dynamic simulations of the system is currently not well integrated. Transition to common standards, methods and processes, and tools and techniques are needed. This use case, based off Chapters 22–27, presents an opportunity to unify and standardize approaches to model-based systems assurance and mission engineering through formal modeling and dynamic simulations.

As a mechanism to guide understanding of the research (Mission Aware components [STPA-Sec, CSRM, Meta-Model and MBSE] and FOREST), a case study is presented. The case study clarifies how programs can design in cyber resilience to create more resilient system solutions through holistic consideration of associated requirements, engineering trade-offs, and quality attributes. The use case is organized by the CSRM steps and FOREST.

Leads

Tim Sherburne

Stevens Institute of Technology

Megan M. Clifford

Stevens Institute of Technology

Peter A. Beling

Virginia Polytechnic Institute and State University

Publications

  1. Adams , S. , Carter , B. , Fleming , C. , and Beling , P.A. ( 2018 ). Selecting system specific cybersecurity attack patterns using topic modeling . In: 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE) , New York, NY, USA (1–3 August 2018), 490 – 497 . IEEE .

  2. Beling , P. , Horowitz , B. , Fleming , C. , et al. ( 2019 ). Model-Based Engineering for Functional Risk Assessment and Design of Cyber Resilient Systems . University of Virginia, Charlottesville, United States, Technical Report .

  3. Berman , M. , Adams , S. , Sherburne , T. et al. ( 2019 ). Active learning to improve static analysis . In: 2019 18th IEEE International Conference on Machine Learning and Applications (ICMLA) , Boca Raton, FL, USA (16–19 December 2019), 1322 – 1327 . IEEE .

  4. Bodeau , D. , Graubart , R. , and Laderman , E. ( 2019 ). Relationships Between Cyber Resiliency Constructs and Cyber Survivability Attributes . MITRE. Technical Report .

  5. Carter , B. , Adams , S. , Bakirtzis , G. et al. ( 2019 ). A preliminary design-phase security methodology for cyber-physical systems . Systems 7 ( 2 ): 21 .

  6. Department of Defense ( 2014 ). Cyber security .

  7. Department of Defense ( 2018 ). Manual for the operation of the joint capabilities integration and development system (JCIDS) .

  8. Fleming , C.H. , Elks , C. , Bakirtzis , G. et al. ( 2021 ). Cyber-physical security through resiliency: a systems-centric approach . Computer 54 ( 6 ): 36 – 45 .

  9. Horowitz , B. , Beling , P. , Skadron , K. , et al. ( 2014 ). Security Engineering Project-System Aware Cyber Security for an Autonomous Surveillance System on Board an Unmanned Aerial Vehicle . Systems Engineering Research Center Hoboken NJ , Technical Report .

  10. Horowitz , B. , Beling , P. , Humphrey , M. , and Gay , C. ( 2015a ). System Aware Cybersecurity: A Multi-Sentinel Scheme to Protect a Weapons Research Lab . Stevens Institute of Technology, Hoboken, NJ , Technical Report .

  11. Horowitz , B. , Beling , P. , Skadron , K. , et al. ( 2015b ). Security Engineering Project . Systems Engineering Research Center Hoboken NJ, Technical Report .

  12. Horowitz , B. , Beling , P. , Fleming , C. , et al. ( 2017 ). Security Engineering FY17 Systems Aware Cybersecurity . Stevens Institute of Technology, Hoboken, United States, Technical Report .

  13. Horowitz , B. , Beling , P. , Fleming , C. , et al. ( 2018a ). Cyber Security Requirements Methodology . Stevens Institute of Technology, Hoboken, United States, Technical Report .

  14. Horowitz , B. , Beling , P. , Fleming , C. , et al. ( 2018b ). Cyber-Security Requirements Methodology . Systems Engineering Research Center, Technical Report .

  15. Horowitz , B. , Beling , P. , Clifford , M. , and Sherburne , T. ( 2021 ). Developmental Test and Evaluation (DTE&A) and Cyberattack Resilient Systems - Measures and Metrics Source Tables . Systems Engineering Research Center, Technical Report .

  16. Leveson , N. G. and Thomas , J. P. ( 2018 ). STPA handbook .

  17. Pitcher , S . ( 2018 ). New DOD approaches on the cyber survivability of weapon systems .

  18. Scott , Z. and Long , D. ( 2018 ). One Model, Many Interests, Many Views . Vitech Corporation. Technical Report .

  19. The MITRE Corporation . ( 2007 ). Common attack pattern enumeration and classification (CAPEC) .

  20. Young , W. and Leveson , N.G. ( 2013 ). Systems thinking for safety and security . In: Proceedings of the Annual Computer Security Applications Conference (ACSAC 2013) , New York, NY (1 December 2013), 357 – 366 . ACM .

  21. Young , W. and Leveson , N.G. ( 2014 ). An integrated approach to safety and security based on systems theory . Communications of the ACM 57 ( 2 ): 68 – 75 .

  22. Young , W. and Porada , R. ( 2017 ). System-theoretic process analysis for security (STPA-Sec): Cyber security and STPA . In 2017 STAMP Conference , Cambridge, MA (27–30 March).

SERC Logo

The Systems Engineering Research Center (SERC) was established in the Fall of 2008 as a government-designated University Affiliated Research Center (UARC). The SERC has produced 15 years of research, focused on an updated systems engineering toolkit (methods, tools, and practices) for the complex cyber-physical systems of today and tomorrow.


Follow us on

LinkedIn