A security engineering process for systems of systems using security patterns

Jose Fran. Ruiz, Carsten Rudolph, Antonio Mana, Marcos Arjona

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearch

3 Citations (Scopus)

Abstract

The creation of secure systems of systems is a complex process. A large variety of security expertise and knowledge specific for application domains is required. This is even more important if systems of systems span different application domains. Then, security threats specific to different application-domains need to be considered. One example is integrated systems for industrial production processes that interface office domains with supply chain management systems as well as a production environment. Such integrated systems of systems can perform very efficient and economic processes. However, due to the many and different domain-specific security requirements and threats security engineering needs to support requirements specification and architecture design very early in the development process in order to ensure resilience and safety of the complete system. Working with different domains implies that properties and its functionalities are specific and the engineering process used for modeling and designing the complete system has to be able to work in this context, covering all the possibilities and allowing the use of trusted solutions that are compatible with the ones of different domains. We present in this paper a security engineering process for creating secure systems of systems that cover the necessities presented above by using a series of security artifacts that contain the domain-specific security information (in terms of security properties) and provide security solutions in the form of security patterns. These patterns contain the definition of the software/hardware elements used for providing the required solution and the information of related patterns for different domains, which provides a very helpful functionality for creating a system of systems.
Original languageEnglish
Title of host publicationProceedings - 8th Annual IEEE International Systems Conference, SysCon 2014
Subtitle of host publicationMarch 31 - April 3, 2014 Ottawa, ON, Canada
EditorsSidney Givigi, Alain Beaulieu
Place of PublicationPiscataway NJ USA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages8-11
Number of pages4
ISBN (Print)9781479920877
DOIs
Publication statusPublished - 2014
Externally publishedYes
EventIEEE Systems Conference - Ottawa, Canada
Duration: 1 Jan 2014 → …

Conference

ConferenceIEEE Systems Conference
CountryCanada
CityOttawa
Period1/01/14 → …

Cite this

Ruiz, J. F., Rudolph, C., Mana, A., & Arjona, M. (2014). A security engineering process for systems of systems using security patterns. In S. Givigi, & A. Beaulieu (Eds.), Proceedings - 8th Annual IEEE International Systems Conference, SysCon 2014: March 31 - April 3, 2014 Ottawa, ON, Canada (pp. 8-11). [6819228] Piscataway NJ USA: IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/SysCon.2014.6819228
Ruiz, Jose Fran. ; Rudolph, Carsten ; Mana, Antonio ; Arjona, Marcos . / A security engineering process for systems of systems using security patterns. Proceedings - 8th Annual IEEE International Systems Conference, SysCon 2014: March 31 - April 3, 2014 Ottawa, ON, Canada. editor / Sidney Givigi ; Alain Beaulieu. Piscataway NJ USA : IEEE, Institute of Electrical and Electronics Engineers, 2014. pp. 8-11
@inproceedings{417e3b0909a043c885e105e949e25066,
title = "A security engineering process for systems of systems using security patterns",
abstract = "The creation of secure systems of systems is a complex process. A large variety of security expertise and knowledge specific for application domains is required. This is even more important if systems of systems span different application domains. Then, security threats specific to different application-domains need to be considered. One example is integrated systems for industrial production processes that interface office domains with supply chain management systems as well as a production environment. Such integrated systems of systems can perform very efficient and economic processes. However, due to the many and different domain-specific security requirements and threats security engineering needs to support requirements specification and architecture design very early in the development process in order to ensure resilience and safety of the complete system. Working with different domains implies that properties and its functionalities are specific and the engineering process used for modeling and designing the complete system has to be able to work in this context, covering all the possibilities and allowing the use of trusted solutions that are compatible with the ones of different domains. We present in this paper a security engineering process for creating secure systems of systems that cover the necessities presented above by using a series of security artifacts that contain the domain-specific security information (in terms of security properties) and provide security solutions in the form of security patterns. These patterns contain the definition of the software/hardware elements used for providing the required solution and the information of related patterns for different domains, which provides a very helpful functionality for creating a system of systems.",
author = "Ruiz, {Jose Fran.} and Carsten Rudolph and Antonio Mana and Marcos Arjona",
year = "2014",
doi = "10.1109/SysCon.2014.6819228",
language = "English",
isbn = "9781479920877",
pages = "8--11",
editor = "Sidney Givigi and Alain Beaulieu",
booktitle = "Proceedings - 8th Annual IEEE International Systems Conference, SysCon 2014",
publisher = "IEEE, Institute of Electrical and Electronics Engineers",
address = "United States of America",

}

Ruiz, JF, Rudolph, C, Mana, A & Arjona, M 2014, A security engineering process for systems of systems using security patterns. in S Givigi & A Beaulieu (eds), Proceedings - 8th Annual IEEE International Systems Conference, SysCon 2014: March 31 - April 3, 2014 Ottawa, ON, Canada., 6819228, IEEE, Institute of Electrical and Electronics Engineers, Piscataway NJ USA, pp. 8-11, IEEE Systems Conference, Ottawa, Canada, 1/01/14. https://doi.org/10.1109/SysCon.2014.6819228

A security engineering process for systems of systems using security patterns. / Ruiz, Jose Fran.; Rudolph, Carsten; Mana, Antonio; Arjona, Marcos .

Proceedings - 8th Annual IEEE International Systems Conference, SysCon 2014: March 31 - April 3, 2014 Ottawa, ON, Canada. ed. / Sidney Givigi; Alain Beaulieu. Piscataway NJ USA : IEEE, Institute of Electrical and Electronics Engineers, 2014. p. 8-11 6819228.

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearch

TY - GEN

T1 - A security engineering process for systems of systems using security patterns

AU - Ruiz, Jose Fran.

AU - Rudolph, Carsten

AU - Mana, Antonio

AU - Arjona, Marcos

PY - 2014

Y1 - 2014

N2 - The creation of secure systems of systems is a complex process. A large variety of security expertise and knowledge specific for application domains is required. This is even more important if systems of systems span different application domains. Then, security threats specific to different application-domains need to be considered. One example is integrated systems for industrial production processes that interface office domains with supply chain management systems as well as a production environment. Such integrated systems of systems can perform very efficient and economic processes. However, due to the many and different domain-specific security requirements and threats security engineering needs to support requirements specification and architecture design very early in the development process in order to ensure resilience and safety of the complete system. Working with different domains implies that properties and its functionalities are specific and the engineering process used for modeling and designing the complete system has to be able to work in this context, covering all the possibilities and allowing the use of trusted solutions that are compatible with the ones of different domains. We present in this paper a security engineering process for creating secure systems of systems that cover the necessities presented above by using a series of security artifacts that contain the domain-specific security information (in terms of security properties) and provide security solutions in the form of security patterns. These patterns contain the definition of the software/hardware elements used for providing the required solution and the information of related patterns for different domains, which provides a very helpful functionality for creating a system of systems.

AB - The creation of secure systems of systems is a complex process. A large variety of security expertise and knowledge specific for application domains is required. This is even more important if systems of systems span different application domains. Then, security threats specific to different application-domains need to be considered. One example is integrated systems for industrial production processes that interface office domains with supply chain management systems as well as a production environment. Such integrated systems of systems can perform very efficient and economic processes. However, due to the many and different domain-specific security requirements and threats security engineering needs to support requirements specification and architecture design very early in the development process in order to ensure resilience and safety of the complete system. Working with different domains implies that properties and its functionalities are specific and the engineering process used for modeling and designing the complete system has to be able to work in this context, covering all the possibilities and allowing the use of trusted solutions that are compatible with the ones of different domains. We present in this paper a security engineering process for creating secure systems of systems that cover the necessities presented above by using a series of security artifacts that contain the domain-specific security information (in terms of security properties) and provide security solutions in the form of security patterns. These patterns contain the definition of the software/hardware elements used for providing the required solution and the information of related patterns for different domains, which provides a very helpful functionality for creating a system of systems.

U2 - 10.1109/SysCon.2014.6819228

DO - 10.1109/SysCon.2014.6819228

M3 - Conference Paper

SN - 9781479920877

SP - 8

EP - 11

BT - Proceedings - 8th Annual IEEE International Systems Conference, SysCon 2014

A2 - Givigi, Sidney

A2 - Beaulieu, Alain

PB - IEEE, Institute of Electrical and Electronics Engineers

CY - Piscataway NJ USA

ER -

Ruiz JF, Rudolph C, Mana A, Arjona M. A security engineering process for systems of systems using security patterns. In Givigi S, Beaulieu A, editors, Proceedings - 8th Annual IEEE International Systems Conference, SysCon 2014: March 31 - April 3, 2014 Ottawa, ON, Canada. Piscataway NJ USA: IEEE, Institute of Electrical and Electronics Engineers. 2014. p. 8-11. 6819228 https://doi.org/10.1109/SysCon.2014.6819228