| Title | A Top Down Approach for Eliciting Systems Security Requirements for a Notional Autonomous Space System |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Mailloux, L. O., Span, M., Mills, R. F., Young, W. |
| Conference Name | 2019 IEEE International Systems Conference (SysCon) |
| Keywords | aerospace computing, architectural-level security specifications, Cyber-physical systems, cybersecurity, formal specification, functional-level security requirements, IEC standards, IEEE standards, ISO standards, ISO/IEC/IEEE 152SS, NIST SP SOO-160, notional autonomous space system, notional space system, pubcrawl, requirements analysis, resilience, Resiliency, resiliency requirements, Resilient Security Architectures, Safety, secure cyber-physical systems, security, security of data, software architecture, software engineering processes, space missions, Space vehicles, Stakeholders, STPA-Sec, system architecture, system life cycle, system operation, system-theoretic process analysis approach for security, systems security analysis, systems security engineering, systems security requirements, top down approach, top down systems security requirements analysis approach, traceable security |
| Abstract | Today's highly interconnected and technology reliant environment places great emphasis on the need for secure cyber-physical systems. This work addresses this need by detailing a top down systems security requirements analysis approach for understanding and eliciting security requirements for a notional space system. More specifically, the System-Theoretic Process Analysis approach for Security (STPA-Sec) is used to understand and elicit systems security requirements during the conceptual stage of development. This work employs STPA-Sec in a notional space system to detail the development of functional-level security requirements, design-level engineering considerations, and architectural-level security specifications early in the system life cycle when the solution trade-space is largest rather than merely examining components and adding protections during system operation, maintenance, or sustainment. Lastly, this approach employs a holistic viewpoint which aligns with the systems and software engineering processes as detailed in ISO/IEC/IEEE 152SS and NIST SP SOO-160 Volume 1. This work seeks to advance the science of systems security by providing insight into a viable systems security requirements analysis approach which results in traceable security, safety, and resiliency requirements that can be designed-for, built-to, and verified with confidence. |
| DOI | 10.1109/SYSCON.2019.8836929 |
| Citation Key | mailloux_top_2019 |
A Top Down Approach for Eliciting Systems Security Requirements for a Notional Autonomous Space System