Abstract
The increasing prevalence of cyber-attacks highlights the need for improved systems security analysis and engineering in safety-critical and mission-essential systems. Moreover, the engineering challenge of developing secure and resilient systems that meet specified constraints of cost, schedule, and performance is progressively difficult given the trend toward increasing complexity, interrelated systems-of-systems. This paper analyzes the 18 design principles presented in the National Institute of Standards and Technology Special Publication (NIST SP) 800-160 Volume 1 and considers their applicability for the development of secure and resilient systems of interest. The purpose of this work is to better understand how these design principles can be consistently and effectively employed to meet stakeholder defined security and resiliency needs as part of a comprehensive systems security engineering approach. Specifically, this work uses the Design Structure Matrix (DSM) analysis to study the 18 design principles presented in NIST SP 800-160 Vol. 1, Appendix F, along with their intra- and inter-dependencies to develop complex cyber-physical systems that are secure, trustworthy, and resilient. The DSM analysis results increase understanding of the various relationships between the 18 design principles and identifies two clusters for secure systems design: Architecture and Trust. Lastly, this work provides a notional command and control system case study, along with a detailed listing of engineering considerations, to demonstrate how these principles and their groupings can be systematically applied as part of a comprehensive approach for developing cyber-physical systems which are designed to operate in hostile environments.
Highlights
Modern systems are increasingly complex compositions of system elements, subsystems, supporting & enabling systems, and extensive infrastructures that often result in a myriad of cyber dependencies, complicated interactions, and emergent behaviors
In this work we extend our previous work [10] by performing Design Structure Matrix (DSM) analysis of the security-oriented design principles presented in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-160 Vol 1 and studying their mappings to systems security strategies
This work uniquely provides an analysis of the NIST SP 800-160 Vol 1 security design principles with a detailed mapping and analysis of conceptual security strategies to design principles that can be more effectively designed-for, built-in, and tested to meet security and resiliency objectives
Summary
Modern systems are increasingly complex compositions of system elements, subsystems, supporting & enabling systems, and extensive infrastructures that often result in a myriad of cyber dependencies, complicated interactions, and emergent behaviors. Because of their cyber dependencies (e.g., hardware, software, communications, etc.) these expansive Systems-of-Systems are inherently susceptible to a wide range of malicious and non-malicious events which can result in unexpected disruptions and unpredictable actions.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
