IEEE Access (Jan 2018)

Conceptual Systems Security Requirements Analysis: Aerial Refueling Case Study

  • Martin Span,
  • Logan O. Mailloux,
  • Robert F. Mills,
  • William Young

DOI
https://doi.org/10.1109/ACCESS.2018.2865736
Journal volume & issue
Vol. 6
pp. 46668 – 46682

Abstract

Read online

In today's highly interconnected and technology-reliant environment, cybersecurity is no longer limited to traditional computer systems and IT networks, as a number of highly publicized attacks have occurred against complex cyber-physical systems such as automobiles and airplanes. While numerous vulnerability analysis and architecture analysis approaches are in use, these approaches are often focused on realized systems with limited solution space. A more effective approach for understanding security and resiliency requirements early in the system development is needed. One such approach, systemtheoretic process analysis for security (STPA-Sec), addresses the cyber-physical security problem from a systems viewpoint at the conceptual stage when the solution trade-space is largest rather than merely examining components and adding protections during production, operation, or sustainment. This paper uniquely provides a detailed and independent evaluation of STPA-Sec's utility for eliciting, defining, and understanding security and resiliency requirements for a notional next generation aerial refueling platform.

Keywords