A Model-Based Approach to System Security Engineering
Today, System Security Engineering (SSE) includes a variety of communities and methods, including attack trees and the Risk Management Framework, which are disjoint from each other as well as from Systems Engineering. As Systems Engineering migrates to Model-Based Systems Engineering (MBSE) this disparity becomes more evident.
Security is an umbrella term which can include Cybersecurity, Information Assurance, Physical Security, Hardware/Software Assurance, Supply Chain Risk Management, and more. Across industries, security can refer to confidentiality, integrity, and/or availability. These objectives will generally have varying priorities relative to each other. Often, these aspects of security must be traded off with each other and also with other system functional requirements. Certain system properties, such as cost, schedule, and performance, can constrain a system’s ability to maintain the intended security posture. Without a way to integrate security properties and system engineering information, it is difficult to objectively compare solutions and highlight trade offs between security objectives and other system requirements.
We propose a method for combining these disciplines in an efficient and model-based way: Model-Based System Security Engineering (MBSSE). MBSSE integrates security and system architecture by focusing on what must be true about a system architecture to protect an asset or information, abstracting the security traits required to maintain that truth, and constraining the system architecture based on threats and vulnerabilities against the security properties.
Through availability of tools, such as NoMagic’s MagicDraw, and initiatives such as the Department of the Navy’s Systems Engineering Transformation, modern Systems Engineering is becoming more heavily model-based. SSE would benefit from integrating with this model-based approach and would enable a more holistic view of the system’s security posture.