Specification of Information Flow Security Policies in Model-Based Systems Engineering

  • Christopher Gerking
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11176)


Model-based systems engineering provides a multi-disciplinary approach to developing cyber-physical systems. Due to their high degree of interconnection, security is a key factor for cyber-physical systems and needs to be front-loaded to the beginning of the development. However, there is a lack of model-based systems engineering approaches that enable the early specification of security policies. As a consequence, security requirements frequently remain unspecified and therefore are hard to satisfy in the downstream development phases. In this paper, we propose to integrate model-based systems engineering with the theory of information flow security. We extend systems engineering models to information flow policies, enabling systems engineers to specify the information flow security requirements of a system under development. On refinement of the resulting models, our approach allows to derive security requirements for individual software components. We illustrate our approach using a model-based design of an autonomous car.


Information flow Security policies Systems engineering 


  1. 1.
    Alghathbar, K., Farkas, C., Wijesekera, D.: Securing UML information flow using FlowUML. J. Res. Pract. Inf. Technol. 38(1), 111 (2006)Google Scholar
  2. 2.
    Alur, R., Dill, D.L.: A theory of timed automata. Theor. Comput. Sci. 126(2), 183–235 (1994)MathSciNetCrossRefGoogle Scholar
  3. 3.
    Apvrille, L., Roudier, Y.: Designing safe and secure embedded and cyber-physical systems with SysML-Sec. In: Desfray, P., Filipe, J., Hammoudi, S., Pires, L.F. (eds.) MODELSWARD 2015. CCIS, vol. 580, pp. 293–308. Springer, Cham (2015). Scholar
  4. 4.
    Bauereiß, et al.: RIFL 1.1: a common specification language for information-flow requirements. Technical report TUD-CS-2017-0225, TU Darmstadt (2017)Google Scholar
  5. 5.
    Belloir, N., Chiprianov, V., Ahmad, M., Munier, M., Gallon, L., Bruel, J.: Using relax operators into an MDE security requirement elicitation process for systems of systems. In: ECSA Workshops, pp. 32:1–32:4. ACM (2014)Google Scholar
  6. 6.
    Chattopadhyay, A., Prakash, A., Shafique, M.: Secure cyber-physical systems: Current trends, tools and open research problems. In: DATE 2017. pp. 1104–1109. IEEE (2017)Google Scholar
  7. 7.
    Dorociak, R., Dumitrescu, R., Gausemeier, J., Iwanek, P.: Specification technique consens for the description of self-optimizing systems. In: Gausemeier, J., Rammig, F., Schäfer, W. (eds.) Design Methodology for Intelligent Technical Systems, chap. 4.1, pp. 119–127. LNME. Springer, Heidelberg (2014). Scholar
  8. 8.
    Fabian, B., Gürses, S.F., Heisel, M., Santen, T., Schmidt, H.: A comparison of security requirements engineering methods. Requir. Eng. 15(1), 7–40 (2010)CrossRefGoogle Scholar
  9. 9.
    Gausemeier, J., Schäfer, W., Greenyer, J., Kahl, S., Pook, S., Rieke, J.: Management of cross-domain model consistency during the development of advanced mechatronic systems. In: ICED 2009, pp. 6:1–6:12. Design Society (2009)Google Scholar
  10. 10.
    Geismann, J., Gerking, C., Bodden, E.: Towards ensuring security by design in cyber-physical systems engineering processes. In: ICSSP 2018 (2018)Google Scholar
  11. 11.
    Gerking, C.: Traceability of information flow requirements in cyber-physical systems engineering. In: DS@MoDELS. CEUR Workshop Proceedings, vol. 1735 (2016)Google Scholar
  12. 12.
    Gerking, C., Schubert, D.: Towards preserving information flow security on architectural composition of cyber-physical systems. In: Cuesta, C.E., Garlan, D., Pérez, J. (eds.) ECSA 2018. LNCS, vol. 11048, pp. 147–155. Springer, Cham (2018). Scholar
  13. 13.
    Gerking, C., Schubert, D., Bodden, E.: Model checking the information flow security of real-time systems. In: Payer, M., Rashid, A., Such, J.M. (eds.) ESSoS 2018. LNCS, vol. 10953, pp. 27–43. Springer, Cham (2018). Scholar
  14. 14.
    Giraldo, J., Sarkar, E., Cárdenas, A., Maniatakos, M., Kantarcioglu, M.: Security and privacy in cyber-physical systems: a survey of surveys. IEEE Des. Test 34(4), 7–17 (2017)CrossRefGoogle Scholar
  15. 15.
    Grunske, L., Joyce, D.: Quantitative risk-based security prediction for component-based systems with explicitly modeled attack profiles. J. Syst. Softw. 81(8), 1327–1345 (2008)CrossRefGoogle Scholar
  16. 16.
    Hachem, J.E., Khalil, T.A., Chiprianov, V., Babar, A., Aniorté, P.: A model driven method to design and analyze secure architectures of systems-of-systems. In: ICECCS 2017, pp. 166–169. IEEE Computer Society (2017)Google Scholar
  17. 17.
    Hatebur, D., Heisel, M., Jürjens, J., Schmidt, H.: Systematic development of UMLsec design models based on security requirements. In: Giannakopoulou, D., Orejas, F. (eds.) FASE 2011. LNCS, vol. 6603, pp. 232–246. Springer, Heidelberg (2011). Scholar
  18. 18.
    Hoisl, B., Sobernig, S., Strembeck, M.: Modeling and enforcing secure object flows in process-driven SOAs: an integrated model-driven approach. Softw. Syst. Model. 13(2), 513–548 (2014)CrossRefGoogle Scholar
  19. 19.
    Houmb, S.H., Islam, S., Knauss, E., Jürjens, J., Schneider, K.: Eliciting security requirements and tracing them to design: an integration of common criteria, heuristics, and UMLsec. Requir. Eng. 15(1), 63–93 (2010)CrossRefGoogle Scholar
  20. 20.
    Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2005). Scholar
  21. 21.
    Katkalov, K., Stenzel, K., Borek, M., Reif, W.: Modeling information flow properties with UML. In: NTMS 2015. IEEE (2015)Google Scholar
  22. 22.
    Lemaire, L., Vossaert, J., De Decker, B., Naessens, V.: Extending FAST-CPS for the analysis of data flows in cyber-physical systems. In: Rak, J., Bay, J., Kotenko, I., Popyack, L., Skormin, V., Szczypiorski, K. (eds.) MMM-ACNS 2017. LNCS, vol. 10446, pp. 37–49. Springer, Cham (2017). Scholar
  23. 23.
    Mantel, H.: Information flow control and applications — bridging a gap. In: Oliveira, J.N., Zave, P. (eds.) FME 2001. LNCS, vol. 2021, pp. 153–172. Springer, Heidelberg (2001). Scholar
  24. 24.
    Mantel, H.: On the composition of secure systems. In: S&P 2002, pp. 88–101. IEEE (2002)Google Scholar
  25. 25.
    Mantel, H.: Information flow and noninterference. In: van Tilborg, H.C.A., Jajodia, S. (eds.) Encyclopedia of Cryptography and Security, pp. 605–607. Springer, Heidelberg (2011)Google Scholar
  26. 26.
    Mellado, D., Blanco, C., Sanchez, L.E., Fernández-Medina, E.: A systematic review of security requirements engineering. Comput. Stand. Interfaces 32(4), 153–165 (2010)CrossRefGoogle Scholar
  27. 27.
    Mohammed, N.M., Niazi, M., Alshayeb, M., Mahmood, S.: Exploring software security approaches in software development lifecycle: a systematic mapping study. Comput. Stand. Interfaces 50, 107–115 (2017)CrossRefGoogle Scholar
  28. 28.
    Mouratidis, H., Giorgini, P., Manson, G.: Integrating security and systems engineering: towards the modelling of secure information systems. In: Eder, J., Missikoff, M. (eds.) CAiSE 2003. LNCS, vol. 2681, pp. 63–78. Springer, Heidelberg (2003). Scholar
  29. 29.
    Nguyen, P.H., Kramer, M.E., Klein, J., Traon, Y.L.: An extensive systematic review on the model-driven development of secure systems. Inf. Softw. Technol. 68, 62–81 (2015)CrossRefGoogle Scholar
  30. 30.
    Object Management Group: OMG System Modeling Language, May 2017.
  31. 31.
    Ouchani, S., Debbabi, M.: Specification, verification, and quantification of security in model-based systems. Computing 97(7), 691–711 (2015)MathSciNetCrossRefGoogle Scholar
  32. 32.
    Ramos, A.L., Ferreira, J.V., Barceló, J.: Model-based systems engineering: an emerging approach for modern systems. IEEE Trans. Syst. Man Cybern. 42(1), 101–111 (2012)CrossRefGoogle Scholar
  33. 33.
    Ruiz, J.F., Maña, A., Rudolph, C.: An integrated security and systems engineering process and modelling framework. Comput. J. 58(10), 2328–2350 (2015)CrossRefGoogle Scholar
  34. 34.
    Salini, P., Kanmani, S.: Survey and analysis on security requirements engineering. Comput. Electr. Eng. 38(6), 1785–1797 (2012)CrossRefGoogle Scholar
  35. 35.
    Seehusen, F., Solhaug, B., Stølen, K.: Adherence preserving refinement of trace-set properties in STAIRS: exemplified for information flow properties and policies. Softw. Syst. Model. 8(1), 45–65 (2009)CrossRefGoogle Scholar
  36. 36.
    Steward, C., et al.: Software security: The dangerous afterthought. In: ITNG 2012, pp. 815–818. IEEE Computer Society (2012)Google Scholar
  37. 37.
    Tøndel, I.A., Jaatun, M.G., Meland, P.H.: Security requirements for the rest of us: a survey. IEEE Softw. 25(1), 20–27 (2008)CrossRefGoogle Scholar
  38. 38.
    Tuma, K., Calikli, G., Scandariato, R.: Threat analysis of software systems: a systematic literature review. J. Syst. Softw. 144, 275–294 (2018)CrossRefGoogle Scholar
  39. 39.
    Türpe, S.: The trouble with security requirements. In: RE 2017, pp. 122–133. IEEE Computer Society (2017)Google Scholar
  40. 40.
    Uzunov, A.V., Fernández, E.B., Falkner, K.: Engineering security into distributed systems: a survey of methodologies. J. Univers. Comput. Sci. 18(20), 2920–3006 (2012)Google Scholar
  41. 41.
    Vasilevskaya, M., Nadjm-Tehrani, S.: Quantifying risks to data assets using formal metrics in embedded system design. In: Koornneef, F., van Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9337, pp. 347–361. Springer, Cham (2015). Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Paderborn University, Heinz Nixdorf InstitutePaderbornGermany

Personalised recommendations