Martin Haug Larsen, Satyanarayana Kokkula, Gerrit Muller
{"title":"基于模型的系统工程方法提案,用于创建安全的网络物理系统","authors":"Martin Haug Larsen, Satyanarayana Kokkula, Gerrit Muller","doi":"10.1002/iis2.13131","DOIUrl":null,"url":null,"abstract":"<p>Rising levels of risk as cyber-attackers look to exploit system vulnerabilities threatens the Air Traffic Control industry. Attacks on Air Navigation Service Providers' communications systems may lead to airspace closure and even cause safety issues. This paper presents a novel Model-Based Systems Engineering method that enables systems engineers, in collaboration with system security and software engineers, to perform threat-modeling analysis of cyber-physical systems early in the system development process and incorporate mitigation strategies into the system design. The proposed model-based method covers few security concepts, including misuse cases, system assets, threats, risks, vulnerabilities, and security control identification. The study found that the proposed method is suitable for conducting security analysis for complex cyber-physical systems early in the system development process.</p>","PeriodicalId":100663,"journal":{"name":"INCOSE International Symposium","volume":"34 1","pages":"37-52"},"PeriodicalIF":0.0000,"publicationDate":"2024-09-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Proposal for Model-Based Systems Engineering Method for Creating Secure Cyber-Physical Systems\",\"authors\":\"Martin Haug Larsen, Satyanarayana Kokkula, Gerrit Muller\",\"doi\":\"10.1002/iis2.13131\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>Rising levels of risk as cyber-attackers look to exploit system vulnerabilities threatens the Air Traffic Control industry. Attacks on Air Navigation Service Providers' communications systems may lead to airspace closure and even cause safety issues. This paper presents a novel Model-Based Systems Engineering method that enables systems engineers, in collaboration with system security and software engineers, to perform threat-modeling analysis of cyber-physical systems early in the system development process and incorporate mitigation strategies into the system design. The proposed model-based method covers few security concepts, including misuse cases, system assets, threats, risks, vulnerabilities, and security control identification. The study found that the proposed method is suitable for conducting security analysis for complex cyber-physical systems early in the system development process.</p>\",\"PeriodicalId\":100663,\"journal\":{\"name\":\"INCOSE International Symposium\",\"volume\":\"34 1\",\"pages\":\"37-52\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-09-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"INCOSE International Symposium\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://onlinelibrary.wiley.com/doi/10.1002/iis2.13131\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"INCOSE International Symposium","FirstCategoryId":"1085","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/iis2.13131","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Proposal for Model-Based Systems Engineering Method for Creating Secure Cyber-Physical Systems
Rising levels of risk as cyber-attackers look to exploit system vulnerabilities threatens the Air Traffic Control industry. Attacks on Air Navigation Service Providers' communications systems may lead to airspace closure and even cause safety issues. This paper presents a novel Model-Based Systems Engineering method that enables systems engineers, in collaboration with system security and software engineers, to perform threat-modeling analysis of cyber-physical systems early in the system development process and incorporate mitigation strategies into the system design. The proposed model-based method covers few security concepts, including misuse cases, system assets, threats, risks, vulnerabilities, and security control identification. The study found that the proposed method is suitable for conducting security analysis for complex cyber-physical systems early in the system development process.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
