Towards the Integration of Cybersecurity Risk Assessment into Model-based Requirements Engineering - INRIA - Institut National de Recherche en Informatique et en Automatique Accéder directement au contenu
Communication Dans Un Congrès Année : 2021

Towards the Integration of Cybersecurity Risk Assessment into Model-based Requirements Engineering

Résumé

Engineering projects requires to consider the increasingly significant needs and constraints regarding expected behaviors, services, quality and security. These requirements are introduced into system and software engineering projects as functional and non-functional properties. Satisfying such properties implies rigorous processes that steer the project, from the requirements identification and definition to the system deployment and maintenance. Model-Based System Engineering (MBSE) is an effective approach to address security requirements and risk assessment at the early stages of the development life cycle, which enables cost-efficient fixes. The aim of this work is to investigate how cybersecurity risk assessment could be integrated into model-based requirement engineering. We propose a Modelbased Cyberisk Assessment (MBCA) method, that comprises: (1) A semantic alignment between risk assessment concepts and system modeling concepts and (2) A modeling language extension to represent security concepts and metrics throughout the system modeling life cycle. To illustrate our approach, validate its applicability and evaluate its expressiveness, we applied it to an industrial in-flight entertainment system.

Domaines

Informatique [cs]
Fichier principal
Vignette du fichier
RE21 Towards the Integration of Cybersecurity Risk Assessment into Model-based Requirements Engineering.pdf (723.85 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)

Jamal EL HACHEM  : Connectez-vous pour contacter le contributeur

https://hal.science/hal-04218011

Soumis le : dimanche 5 novembre 2023-10:51:40

Dernière modification le : vendredi 2 février 2024-09:42:30

Télécharger pour visualiser

Dates et versions

hal-04218011 , version 1 (05-11-2023)

Identifiants

Citer

Douraid Naouar, Jamal El Hachem, Jean-Luc Voirin, Jacques Foisil, Yvon Kermarrec. Towards the Integration of Cybersecurity Risk Assessment into Model-based Requirements Engineering. 2021 IEEE 29th International Requirements Engineering Conference (RE), Sep 2021, Notre Dame, United States. pp.334-344, ⟨10.1109/re51729.2021.00037⟩. ⟨hal-04218011⟩

Exporter

BibTeX XML-TEI Dublin Core DC Terms EndNote DataCite

Collections

UNIV-BREST INSTITUT-TELECOM UNIV-RENNES1 CNRS INRIA INSA-RENNES IRISA LAB-STICC_UBO ENIB LAB-STICC CENTRALESUPELEC UR1-MATH-STIC UR1-UFR-ISTIC UNIV-RENNES IMT-ATLANTIQUE INSA-GROUPE I2M-BX INRAE UR1-MATH-NUM LAB-STICC_IRIS LAB-STICC_CYR HESAM IRENAV LAMPA LCPI LABOMAP LISPEN MSMP
17 Consultations
80 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More