Abstract

AbstractThis work describes a top down systems security requirements analysis approach for understanding and eliciting general security requirements for securing Software Factories (SF). More specifically, the System‐Theoretic Process Analysis approach for Security (STPA‐Sec) is used to understand and elicit systems security requirements for SFs. The effort employs STPA‐Sec on the DoD Enterprise DevSecOps Reference Design to detail a conceptual approach to analyze SFs. The intent is to develop functional‐level security requirements, design‐level engineering considerations, and architectural‐level security specification criteria early in the system life cycle. The aim is to secure the SFs themselves, enhancing the security of resulting software generated from the SF. These details were elaborated during a summer collaborative research effort by two United States Air Force Academy Systems Engineering cadets, working with a MITRE team of subject matter expertise (SME's), and guided by their instructor. This work provides insight into a viable systems security requirements analysis approach which results in traceable security, safety, and resiliency requirements that can be designed‐for, built‐to, and verified with confidence.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
A STPA-Sec Case Study: Eliciting Early Security Requirements for a Small Unmanned Aerial System
Joshua M Sayers ... Brynn E Feighery
-
Joshua M Sayers, et. al.Joshua M Sayers ... Brynn E Feighery
01 Jul 2020
A Top Down Approach for Eliciting Systems Security Requirements for a Notional Autonomous Space System
Logan O Mailloux ... William Young
-
Logan O Mailloux, et. al.Logan O Mailloux ... William Young
01 Apr 2019
A Systems Security Approach for Requirements Analysis of Complex Cyber-Physical Systems
Martin Trae Span ... William Bill Young
-
Martin Trae Span, et. al.Martin Trae Span ... William Bill Young
01 Jun 2018
Towards an Ontological Approach to Information System Security and Safety Requirement Modeling and Reuse
O T Arogundade ... X G Yang
Information Security Journal: A Global Perspective | VOL. 21
O T Arogundade, et. al.O T Arogundade ... X G Yang
01 Jan 2012
View more papers

More From: INCOSE International Symposium

Paper Title
Journal
Date
Author
LEVERAGING MBSE USAGE THROUGH MODEL CHECKERS
Davy Masson ... Lucas Olejarz
INCOSE International Symposium | VOL. 34
Davy Masson, et. al.Davy Masson ... Lucas Olejarz
01 Jul 2024
Mean dependency length — a new metric for requirements quality
Leonardo De Mello Barbosa ... Antonio Eduardo Carrilho Da Cunha
INCOSE International Symposium | VOL. 34
Leonardo De Mello Barbosa, et. al.Leonardo De Mello Barbosa ... Antonio Eduardo Carrilho Da Cunha
01 Jul 2024
Hyundai's Modular MBSE Approach to ‘Purpose Built Vehicle’ Architecture Development
Ilsoo Jeong ... Tae Kook Kim
INCOSE International Symposium | VOL. 34
Ilsoo Jeong, et. al.Ilsoo Jeong ... Tae Kook Kim
01 Jul 2024
Enterprise: Exploration of Concepts, Perspectives and Implications for Systems Engineering
Charles B Keating ... Richard Hodge
INCOSE International Symposium | VOL. 34
Charles B Keating, et. al.Charles B Keating ... Richard Hodge
01 Jul 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.