Conceptual Systems Security Requirements Analysis: Aerial Refueling Case Study

Document Type

Article

Publication Date

8-16-2018

Abstract

In today's highly interconnected and technology-reliant environment, cybersecurity is no longer limited to traditional computer systems and IT networks, as a number of highly publicized attacks have occurred against complex cyber-physical systems such as automobiles and airplanes. While numerous vulnerability analysis and architecture analysis approaches are in use, these approaches are often focused on realized systems with limited solution space. A more effective approach for understanding security and resiliency requirements early in the system development is needed. One such approach, systemtheoretic process analysis for security (STPA-Sec), addresses the cyber-physical security problem from a systems viewpoint at the conceptual stage when the solution trade-space is largest rather than merely examining components and adding protections during production, operation, or sustainment. This paper uniquely provides a detailed and independent evaluation of STPA-Sec's utility for eliciting, defining, and understanding security and resiliency requirements for a notional next generation aerial refueling platform.

Comments

© IEEE.

The "Link to Full Text" button on this page loads the open access article version of record, hosted at IEEE. The publisher retains permissions to re-use and distribute this article.

DOI

10.1109/ACCESS.2018.2865736

Source Publication

IEEE Access

Share

COinS