Write a Blog >>
Mon 20 - Fri 24 September 2021
Fri 24 Sep 2021 08:00 - 08:30 at Golden Dome - Risk and Security Chair(s): Maya Daneva

Engineering projects requires to consider the increasingly significant needs and constraints regarding expected behaviors, services, quality and security. These user requirements are mainly formulated as textual requirements, then analyzed and translated into system requirements by engineering teams. They are subsequently introduced into system and software engineering projects as functional and non-functional properties that must be satisfied by the designed system. Ensuring these requirements satisfaction implies rigorous processes that steer the project, from the requirements identification and definition to the system deployment and maintenance. Model-Based System Engineering (MBSE) formalizes the system development modeling process in terms of requirements, design, analysis, verification, and validation activities through the use of models. Moreover, MBSE is an effective approach to address security requirements and risk assessment at the requirement and modeling phases of the development life cycle. Assessing security risks in early system designs enables cost-efficient fixes. In this article, we introduce the main concepts of risk assessment, and we investigate how these concepts could be integrated into a general-purpose architecture modeling language for system engineering applications. To achieve this objective, we propose a Model-Based approach for cybersecurity Risk Assessment (MBRASec) method that comprises: A semantic alignment between risk assessment concepts and system modeling concepts; A modeling language extension to represent security concepts and metrics throughout the system modeling life cycle. We implemented our MBRASec as an extension of an industrial modeling language and workbench. To illustrate our approach, validate its applicability and evaluate its expressiveness, we applied it to our industrial partner’s example: an in-flight entertainment system.

Fri 24 Sep

Displayed time zone: Eastern Time (US & Canada) change

08:00 - 09:20
Towards the Integration of Cybersecurity Risk Assessment into Model-based Requirements EngineeringIndustrial Innovation Paper
Industrial Innovation Papers
Douraïd Naouar Chaire de Cyberdéfense des Systèmes Navals, Lab-STICC, Jamal EL HACHEM IRISA – UMR 6074, Univ. Bretagne-Sud, Yvon Kermarrec UMR CNRS - 6285, Lab-STICC, Jean-Luc Voirin Thales Airborne Systems, Jacques Foisil Thales Airborne Systems
Understanding and recommending security requirements from problem domain ontology: A cognitive three-layered approachJ1
Bong-Jae Kim , Seok-Won Lee Ajou University
Link to publication DOI
Combining risk and variability modelling for requirements analysis in SAS engineeringRE@Next
RE@Next! Papers
Denisse Muñante SAMOVAR, Télécom SudParis, Institut Polytechnique de Paris, Anna Perini Fondazione Bruno Kessler, Fitsum Kifetew Fondazione Bruno Kessler, Angelo Susi Fondazione Bruno Kessler