Home // VEHICULAR 2015, The Fourth International Conference on Advances in Vehicular Systems, Technologies and Applications // View article

Checking and Verifying Security Requirements With the Security Engineering System Model Core

Authors:
Hendrik Decke
Jean-Pierre Seifert

Keywords: Security engineering; requirements engineering; requirements verification; system model core

Abstract:
As the need for security engineering methodologies for embedded and/or distributed systems rises several different approaches have been proposed. Especially the automotive sector is pursuing the development of new ways to better consider security in the design process. Nevertheless, most of these approaches are custom-tailored for specific use-cases or application domains and are not applicable for other domains. We propose a security requirements engineering process with a generic system model core, which can be customized with application domain specific extensions. This allows the instantiation of application domain adjusted security requirements engineering methodologies without much effort. Additionally, the generalisation of the system model allows the exchange of checking or verification methods with only a small need for adaptation to new application domains. We present our system model core and demonstrate its extensibility on the example of vehicular systems. We then show two methods for formal inspection of the system model. First, we show how the security engineer can be assisted by consistency checking of the system model, then we show how to verify the sum of generated security requirements to ascertain the correctness of the security concept.

Pages: 26 to 35

Copyright: Copyright (c) IARIA, 2015

Publication date: October 11, 2015

Published in: conference

ISSN: 2327-2058

ISBN: 978-1-61208-434-3

Location: St. Julians, Malta

Dates: from October 11, 2015 to October 16, 2015