Presentation Abstract

A Model-Based Approach to System Security Engineering

  • Speaker: Joseph Laub - Draper Laboratory
  • When: Day 2 : Monday May 20th
  • Today, System Security Engineering (SSE) includes a variety of communities and methods, including attack trees and the Risk Management Framework, which are disjoint from each other as well as from Systems Engineering. As Systems Engineering migrates to Model-Based Systems Engineering (MBSE) this disparity becomes more evident.
    Security is an umbrella term which can include Cybersecurity, Information Assurance, Physical Security, Hardware/Software Assurance, Supply Chain Risk Management, and more. Across industries, security can refer to confidentiality, integrity, and/or availability. These objectives will generally have varying priorities relative to each other. Often, these aspects of security must be traded off with each other and also with other system functional requirements. Certain system properties, such as cost, schedule, and performance, can constrain a system’s ability to maintain the intended security posture. Without a way to integrate security properties and system engineering information, it is difficult to objectively compare solutions and highlight trade offs between security objectives and other system requirements. 

    We propose a method for combining these disciplines in an efficient and model-based way: Model-Based System Security Engineering (MBSSE). MBSSE integrates security and system architecture by focusing on what must be true about a system architecture to protect an asset or information, abstracting the security traits required to maintain that truth, and constraining the system architecture based on threats and vulnerabilities against the security properties. 

    Through availability of tools, such as NoMagic’s MagicDraw, and initiatives such as the Department of the Navy’s Systems Engineering Transformation, modern Systems Engineering is becoming more heavily model-based. SSE would benefit from integrating with this model-based approach and would enable a more holistic view of the system’s security posture.

    Hear From Top Industry Leaders

    Network and Interact with MBSE, PLM, PLE, Systems Engineering, and Enterprise Architecture Industry Experts All In One Place

    For questions, problems with registration, changes needed to an exisiting registration, please contact us below:

    No Magic, Inc : 700 Central Expressway South, Suite 110
    Allen, Texas 75013
    Phone: +1-214-291-9100 : Fax: +1-214-291-9099
    www.nomagic.com

    Copyright © No Magic, Inc. All Rights Reserved.