Abstract
Context and motivation: Cyber-Physical Systems (CPSs) are gaining priority over other systems. The heterogeneity of these systems increases the importance of security. Both the developer and the requirement analyst must consider details of not only the software, but also the hardware perspective, including sensor and network security. Several models for secure software engineering processes have been proposed, but they are limited to software; therefore, to support the processes of security requirements, we need a security requirements framework for CPSs. Question/Problem: Do existing security requirements frameworks fulfil the needs of CPS security requirements? The answer is no; existing security requirements frameworks fail to accommodate security concerns outside of software boundaries. Little or even no attention has been given to sensor, hardware, network, and third party elements during security requirements engineering in different existing frameworks. Principal Ideas/results: We have proposed, applied, and assessed an incremental security requirements evolution approach, which configures the heterogeneous nature of components and their threats in order to generate a secure system. Contribution: The most significant contribution of this paper is to propose a security requirements engineering framework for CPSs that overcomes the issue of security requirements elicitation for heterogeneous CPS components. The proposed framework supports the elicitation of security requirements while considering sensor, receiver protocol, network channel issues, along with software aspects. Furthermore, the proposed CPS framework has been evaluated through a case study, and the results are shown in this paper. The results would provide great support in this research direction.
Highlights
We are living in the era of digitization where software, system hardware, and sensors are working together over networks
Security requirements are a significant part of cyber-physical systems, but there are a lack of processes to develop secure systems
Our main contribution is to provide a comprehensive security requirements engineering framework for cyber-physical systems that can offer complete guidelines for practitioners and researchers to determine security requirements. The novelty of such an implementation at this scale has not been significantly reported in the literature
Summary
We are living in the era of digitization where software, system hardware, and sensors are working together over networks This combination describes the concept of Cyber-Physical Systems (CPS) [1]. We are providing details of the implementation of our proposed security requirements engineering framework for CPSs, its activity, and supporting techniques. The proposed framework aims to serve as a complete guide for a number of activities to analyze and identify threats and to determine security requirements of CPSs by taking different aspects of CPS into account. The novelty of such implementation at this scale has not been significantly reported in literature. Organizations that apply the proposed framework derived from the research results can train their requirement analysts and software developers, and this research will help them to explore security requirements in the early phases of software development
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
