Addressing cybersecurity aspects while designing systems is challenging. As our systems increasingly rely on digital technology to perform, security and resilience aspects need to be considered during the system design process. However, the integration of pertinent information into the systems engineering lifecycle is not trivial, as it is characterized by following verbose guidelines and documentation, and has no practical, model-based methodology to support threat-aware design of systems. In this article, we address this gap by presenting an integrative, model-based methodology to support the design and assessment of systems' security aspects. We discuss the methodology's design, specifically with respect to system development scenarios, and detail industrial case studies demonstrating the applicability of the methodology.
- Model-based design
- Modeling methodology
- Systems security engineering
- Systems specification methodology
- Threat and risk assessment