A Systems Approach for Eliciting Mission-Centric Security Requirements

TL;DR

This paper introduces a systems-theoretic approach combining stakeholder insights and STAMP to elicit mission-centric security requirements, enhancing safety and resilience in cyber-physical systems through strategic vulnerability mitigation.

Contribution

It presents a novel methodology integrating stakeholder perspectives with STAMP for mission-specific security requirement elicitation in cyber-physical systems.

Findings

Applied to UAV reconnaissance mission example

Identified critical vulnerabilities affecting mission success

Enhanced system safety and resilience through targeted analysis

Abstract

The security of cyber-physical systems is first and foremost a safety problem, yet it is typically handled as a traditional security problem, which means that solutions are based on defending against threats and are often implemented too late. This approach neglects to take into consideration the context in which the system is intended to operate, thus system safety may be compromised. This paper presents a systems-theoretic analysis approach that combines stakeholder perspectives with a modified version of Systems-Theoretic Accident Model and Process (STAMP) that allows decision-makers to strategically enhance the safety, resilience, and security of a cyber-physical system against potential threats. This methodology allows the capture of vital mission-specific information in a model, which then allows analysts to identify and mitigate vulnerabilities in the locations most critical to mission success. We present an overview of the general approach followed by a real example using an unmanned aerial vehicle conducting a reconnaissance mission.