A STPA-Sec Case Study: Eliciting Early Security Requirements for a Small Unmanned Aerial System
| Title | A STPA-Sec Case Study: Eliciting Early Security Requirements for a Small Unmanned Aerial System |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Sayers, J. M., Feighery, B. E., Span, M. T. |
| Conference Name | 2020 IEEE Systems Security Symposium (SSS) |
| Date Published | Aug. 2020 |
| Publisher | IEEE |
| ISBN Number | 978-1-7281-4316-3 |
| Keywords | architectural-level security specification criteria, autonomous aerial vehicles, computer security, control engineering computing, control theory, cybersecurity, design-level engineering considerations, early security requirements, expert systems, functional-level security requirements, Hazards, Human Behavior, notional SUAS system case study, pubcrawl, requirements analysis, resilience, Resiliency, resiliency requirements, safety requirements, safety-critical software, Scalability, security, security of data, small unmanned aerial system, Stakeholders, STPA-Sec, STPA-Sec case study, subject matter experts, system architecture, system life cycle, system-theoretic process analysis approach, Systems Engineering, Systems engineering and theory, systems security analysis, systems security engineering, top down system security requirements analysis approach, UAS operators, United States Air Force Academy Systems Engineering cadets |
| Abstract | This work describes a top down systems security requirements analysis approach for understanding and eliciting security requirements for a notional small unmanned aerial system (SUAS). More specifically, the System-Theoretic Process Analysis approach for Security (STPA-Sec) is used to understand and elicit systems security requirements. The effort employs STPA-Sec on a notional SUAS system case study to detail the development of functional-level security requirements, design-level engineering considerations, and architectural-level security specification criteria early in the system life cycle when the solution trade-space is largest rather than merely examining components and adding protections during system operation or sustainment. These details were elaborated during a semester independent study research effort by two United States Air Force Academy Systems Engineering cadets, guided by their instructor and a series of working group sessions with UAS operators and subject matter experts. This work provides insight into a viable systems security requirements analysis approach which results in traceable security, safety, and resiliency requirements that can be designed-for, built-to, and verified with confidence. |
| URL | https://ieeexplore.ieee.org/document/9197728 |
| DOI | 10.1109/SSS47320.2020.9197728 |
| Citation Key | sayers_stpa-sec_2020 |
- system life cycle
- Scalability
- security
- security of data
- small unmanned aerial system
- Stakeholders
- STPA-Sec
- STPA-Sec case study
- subject matter experts
- system architecture
- safety-critical software
- system-theoretic process analysis approach
- systems engineering
- Systems engineering and theory
- systems security analysis
- systems security engineering
- top down system security requirements analysis approach
- UAS operators
- United States Air Force Academy Systems Engineering cadets
- functional-level security requirements
- resilience
- architectural-level security specification criteria
- autonomous aerial vehicles
- computer security
- control engineering computing
- Cybersecurity
- design-level engineering considerations
- early security requirements
- expert systems
- Control Theory
- Hazards
- Human behavior
- notional SUAS system case study
- pubcrawl
- requirements analysis
- Resiliency
- resiliency requirements
- safety requirements