DigitalSE Logo

The Cyber Security Requirements Methodology and Meta-Model for Design of Cyber-Resilience

Abstract

In this chapter, a methodology called the Cyber Security Requirements Methodology (CSRM) is introduced as a means of identifying resilience requirements during the initial design phase of physical system programs. CSRM is designed to provide a framework for implementing cyber defense and resilience solutions, as well as security-based software engineering solutions. The methodology involves six sequential steps, each executed by one of four distinct teams representing stakeholders in the security engineering process. CSRM is built upon the STPA, Mission Aware, and FOREST methodologies, which are covered in Chapters 23–25, respectively, and is implemented using a model-based engineering framework. To illustrate the methodology, the chapter includes a demonstration using a hypothetical weapons system called Silverfish, which is also the focus of Chapter 27.

Leads

Megan M. Clifford

Stevens Institute of Technology

Tim Sherburne

Stevens Institute of Technology

Barry M. Horowitz

University of Virginia

Peter A. Beling

Virginia Polytechnic Institute and State University

Publications

  1. Bakirtzis , G. , Carter , B.T. , Fleming , C.H. , and Elks , C.R. ( 2017 ). Mission aware: evidence-based, mission-centric cybersecurity analysis . ArXiv-Eprints .

  2. Bakirtzis , G. , Carter , B.T. , Fleming , C.H. and Elks , C.R. ( 2018 ). A model-based approach to security analysis for cyber-physical systems . IEEE International Systems Conference , Vancouver, Canada (23–26 April 2018) IEEE .

  3. Beling , P. , Horowitz , B. , Fleming , C. , et al. ( 2019 ). Model-Based Engineering for Functional Risk Assessment and Design of Cyber Resilient Systems . University of Virginia, Charlottesville, United States, Technical Report .

  4. Carter , B. , Adams , S. , Bakirtzis , G. et al. ( 2019 ). A preliminary design-phase security methodology for cyber-physical systems . Systems 7 ( 2 ): 21 .

  5. Cyber Security Body of Knowledge (CyBOK) . ( 2017 ).

  6. Horowitz , B. , Beling , P. , Skadron , K. , et al. ( 2014 ). Security Engineering Project-System Aware Cyber Security for an Autonomous Surveillance System on Board an Unmanned Aerial Vehicle . Systems Engineering Research Center, Hoboken NJ, Technical Report .

  7. Horowitz , B. , Beling , P. , Fleming , C. , et al. ( 2017a ). Security Engineering FY17 Systems Aware Cybersecurity . Stevens Institute of Technology, Hoboken, United States, Technical Report .

  8. Horowitz , B. , Beling , P. , Fleming , C. , et al. ( 2017b ). Security Engineering – FY17 Systems Aware Cybersecurity . Systems Engineering Research Center, Technical Report SERC-2017-TR-114 .

  9. Horowitz , B. , Beling , P. , Fleming , C. , et al. ( 2018 ). Cyber Security Requirements Methodology . Stevens Institute of Technology, Hoboken, United States, Technical Report .

  10. Leveson , N. ( 2011 ). Engineering a Safer World: Systems Thinking Applied to Safety . MIT Press .

  11. Long , D. , & Scott , Z. ( 2011 ). A Primer for Model-Based Systems Engineering .

SERC Logo

The Systems Engineering Research Center (SERC) was established in the Fall of 2008 as a government-designated University Affiliated Research Center (UARC). The SERC has produced 15 years of research, focused on an updated systems engineering toolkit (methods, tools, and practices) for the complex cyber-physical systems of today and tomorrow.


Follow us on

LinkedIn