Abstract | ||
---|---|---|
The introduction of security flaws into a system may result from design or implementation mistakes. It entail far-reaching consequences for connected embedded or cyber-physical systems, including physical harm. Security experts focus either on finding out and deriving security mechanisms from more or less explicitly defined security requirements or on the a posteriori assessment of vulnerabilities, namely pentesting. These approaches however often miss the necessary iterations between security countermeasures and system functionalities in terms of design and deployment. Worse, they generally fail to consider the implications of security issues over the system's safety, like for instance the adverse effect that security countermeasures may produce over expected deadlines due to costly computations and communications latencies. SysML-Sec focuses on these issues throughout design and development thanks to its model-driven approach that promotes exchanges between system architects, safety engineers, and security experts. This paper discusses how SysML-Sec can be used to simultaneously deal with safety and security requirements, and illustrates the methodology with an automotive use case. |
Year | DOI | Venue |
---|---|---|
2015 | 10.1007/978-3-319-27869-8_17 | Communications in Computer and Information Science |
Field | DocType | Volume |
Security testing,Security through obscurity,Computer science,Computer security,Asset (computer security),Security engineering,Security service,Cloud computing security,Security information and event management,Computer security model | Conference | 580 |
ISSN | Citations | PageRank |
1865-0929 | 1 | 0.48 |
References | Authors | |
15 | 2 |
Name | Order | Citations | PageRank |
---|---|---|---|
Ludovic Apvrille | 1 | 136 | 22.23 |
Yves Roudier | 2 | 240 | 32.60 |