A model-based methodology to support systems security design and assessment

Avi Shaked

doi:10.1016/j.jii.2023.100465

A model-based methodology to support systems security design and assessment

Avi Shaked^*

^*Corresponding author for this work

Research output: Contribution to journal › Article › peer-review

Abstract

Addressing cybersecurity aspects while designing systems is challenging. As our systems increasingly rely on digital technology to perform, security and resilience aspects need to be considered during the system design process. However, the integration of pertinent information into the systems engineering lifecycle is not trivial, as it is characterized by following verbose guidelines and documentation, and has no practical, model-based methodology to support threat-aware design of systems. In this article, we address this gap by presenting an integrative, model-based methodology to support the design and assessment of systems' security aspects. We discuss the methodology's design, specifically with respect to system development scenarios, and detail industrial case studies demonstrating the applicability of the methodology.

Original language	English
Article number	100465
Journal	Journal of Industrial Information Integration
Volume	33
DOIs	https://doi.org/10.1016/j.jii.2023.100465
State	Published - Jun 2023
Externally published	Yes

Keywords

Model-based design
Modeling methodology
Systems security engineering
Systems specification methodology
Threat and risk assessment

Access to Document

10.1016/j.jii.2023.100465

Cite this

@article{2ec09b7916e946ac825a2b410e9e8d27,

title = "A model-based methodology to support systems security design and assessment",

abstract = "Addressing cybersecurity aspects while designing systems is challenging. As our systems increasingly rely on digital technology to perform, security and resilience aspects need to be considered during the system design process. However, the integration of pertinent information into the systems engineering lifecycle is not trivial, as it is characterized by following verbose guidelines and documentation, and has no practical, model-based methodology to support threat-aware design of systems. In this article, we address this gap by presenting an integrative, model-based methodology to support the design and assessment of systems' security aspects. We discuss the methodology's design, specifically with respect to system development scenarios, and detail industrial case studies demonstrating the applicability of the methodology.",

keywords = "Model-based design, Modeling methodology, Systems security engineering, Systems specification methodology, Threat and risk assessment",

author = "Avi Shaked",

note = "Publisher Copyright: {\textcopyright} 2023",

year = "2023",

month = jun,

doi = "10.1016/j.jii.2023.100465",

language = "אנגלית",

volume = "33",

journal = "Journal of Industrial Information Integration",

issn = "2452-414X",

publisher = "Elsevier BV",

}

TY - JOUR

T1 - A model-based methodology to support systems security design and assessment

AU - Shaked, Avi

PY - 2023/6

Y1 - 2023/6

N2 - Addressing cybersecurity aspects while designing systems is challenging. As our systems increasingly rely on digital technology to perform, security and resilience aspects need to be considered during the system design process. However, the integration of pertinent information into the systems engineering lifecycle is not trivial, as it is characterized by following verbose guidelines and documentation, and has no practical, model-based methodology to support threat-aware design of systems. In this article, we address this gap by presenting an integrative, model-based methodology to support the design and assessment of systems' security aspects. We discuss the methodology's design, specifically with respect to system development scenarios, and detail industrial case studies demonstrating the applicability of the methodology.

AB - Addressing cybersecurity aspects while designing systems is challenging. As our systems increasingly rely on digital technology to perform, security and resilience aspects need to be considered during the system design process. However, the integration of pertinent information into the systems engineering lifecycle is not trivial, as it is characterized by following verbose guidelines and documentation, and has no practical, model-based methodology to support threat-aware design of systems. In this article, we address this gap by presenting an integrative, model-based methodology to support the design and assessment of systems' security aspects. We discuss the methodology's design, specifically with respect to system development scenarios, and detail industrial case studies demonstrating the applicability of the methodology.

KW - Model-based design

KW - Modeling methodology

KW - Systems security engineering

KW - Systems specification methodology

KW - Threat and risk assessment

UR - http://www.scopus.com/inward/record.url?scp=85153522653&partnerID=8YFLogxK

U2 - 10.1016/j.jii.2023.100465

DO - 10.1016/j.jii.2023.100465

M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???

AN - SCOPUS:85153522653

SN - 2452-414X

VL - 33

JO - Journal of Industrial Information Integration

JF - Journal of Industrial Information Integration

M1 - 100465

ER -

A model-based methodology to support systems security design and assessment

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this