A model-based methodology to support systems security design and assessment

Addressing cybersecurity aspects while designing systems is challenging. As our systems increasingly rely on digital technology to perform, security and resilience aspects need to be considered during the system design process. However, the integration of pertinent information into the systems engineering lifecycle is not trivial, as it is characterized by following verbose guidelines and documentation, and has no practical, model-based methodology to support threat-aware design of systems. In this article, we address this gap by presenting an integrative, model-based methodology to support the design and assessment of systems' security aspects. We discuss the methodology's design, specifically with respect to system development scenarios, and detail industrial case studies demonstrating the applicability of the methodology.

Automated summary

Addressing cybersecurity aspects is challenging in system design, as security and resilience need to be considered. However, integrating pertinent information and following guidelines is not easy, and there is a lack of model-based methodology for threat-aware design. This article presents an integrative, model-based methodology for designing and assessing systems' security, with industrial case studies demonstrating its applicability.