Identification of Security Requirements in Systems of Systems by Functional Security Analysis

  • Andreas Fuchs
  • Roland Rieke
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6420)


Cooperating systems typically base decisions on information from their own components as well as on input from other systems. Safety critical decisions based on cooperative reasoning however raise severe concerns to security issues. Here, we address the security requirements elicitation step in the security engineering process for such systems of systems. The method comprises the tracing down of functional dependencies over system component boundaries right onto the origin of information as a functional flow graph. Based on this graph, we systematically deduce comprehensive sets of formally defined authenticity requirements for the given security and dependability objectives. The proposed method thereby avoids premature assumptions on the security architecture’s structure as well as the means by which it is realised. Furthermore, a tool-assisted approach that follows the presented methodology is described.


security requirements elicitation systems of systems security engineering security analysis for vehicular communication systems 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Avizienis, A., Laprie, J.C., Randell, B., Landwehr, C.E.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Sec. Comput. 1(1), 11–33 (2004)CrossRefGoogle Scholar
  2. 2.
    Bodeau, D.J.: System-of-Systems Security Engineering. In: Proc. of the 10th Annual Computer Security Applications Conference, Orlando, Florida, pp. 228–235. IEEE Computer Society, Los Alamitos (1994)Google Scholar
  3. 3.
    Eilenberg, S.: Automata, Languages and Machines, vol. A. Academic Press, New York (1974)zbMATHGoogle Scholar
  4. 4.
    Firesmith, D.: Engineering security requirements. Journal of Object Technology 2(1), 53–68 (2003)CrossRefGoogle Scholar
  5. 5.
    Fuchs, A., Rieke, R.: Identification of authenticity requirements in systems of systems by functional security analysis. In: Proceedings of the 2009 IEEE/IFIP Conference on Dependable Systems and Networks Workshop on Architecting Dependable Systems (WADS 2009), Supplementary Volume (2009),
  6. 6.
    Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Requirements engineering meets trust management: Model, methodology, and reasoning. In: Jensen, C., Poslad, S., Dimitrakos, T. (eds.) iTrust 2004. LNCS, vol. 2995, pp. 176–190. Springer, Heidelberg (2004)Google Scholar
  7. 7.
    Group, T.C.: TCG TPM Specification 1.2 revision 103 (2006),
  8. 8.
    Gürgens, S., Ochsenschläger, P., Rudolph, C.: Authenticity and provability - a formal framework. In: Davida, G.I., Frankel, Y., Rees, O. (eds.) InfraSec 2002. LNCS, vol. 2437, pp. 227–245. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. 9.
    Haley, C.B., Laney, R.C., Moffett, J.D., Nuseibeh, B.: Security requirements engineering: A framework for representation and analysis. IEEE Trans. Software Eng. 34(1), 133–153 (2008)CrossRefGoogle Scholar
  10. 10.
    Hatebur, D., Heisel, M., Schmidt, H.: A security engineering process based on patterns. In: Proceedings of the International Workshop on Secure Systems Methodologies using Patterns (SPatterns), DEXA 2007, pp. 734–738. IEEE Computer Society, Los Alamitos (2007),
  11. 11.
    Hatebur, D., Heisel, M., Schmidt, H.: A pattern system for security requirements engineering. In: Proceedings of the International Conference on Availability, Reliability and Security (AReS), pp. 356–365. IEEE, Los Alamitos (2007), CrossRefGoogle Scholar
  12. 12.
    Hatebur, D., Heisel, M., Schmidt, H.: Analysis and component-based realization of security requirements. In: Proceedings of the International Conference on Availability, Reliability and Security (AReS), pp. 195–203. IEEE Computer Society Press, Los Alamitos (2008), CrossRefGoogle Scholar
  13. 13.
    van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proceedings of the 26th International Conference on Software Engineering, ICSE 2004, pp. 148–157. IEEE Computer Society, Los Alamitos (2004)CrossRefGoogle Scholar
  14. 14.
    Liu, L., Yu, E., Mylopoulos, J.: Analyzing security requirements as relationships among strategic actors. In: 2nd Symposium on Requirements Engineering for Information Security, SREIS 2002 (2002)Google Scholar
  15. 15.
    Mead, N.R.: How To Compare the Security Quality Requirements Engineering (SQUARE) Method with Other Methods. Tech. Rep. CMU/SEI-2007-TN-021, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA (2007)Google Scholar
  16. 16.
    Mead, N.R., Hough, E.D.: Security requirements engineering for software systems: Case studies in support of software engineering education. In: Proceedings of the 19th Conference on Software Engineering Education & Training, CSEET 2006, pp. 149–158. IEEE Computer Society, Washington (2006)CrossRefGoogle Scholar
  17. 17.
    Mellado, D., Fernández-Medina, E., Piattini, M.: A common criteria based security requirements engineering process for the development of secure information systems. Comput. Stand. Interfaces 29(2), 244–253 (2007)CrossRefGoogle Scholar
  18. 18.
    Ochsenschläger, P., Repp, J., Rieke, R.: Abstraction and composition – a verification method for co-operating systems. Journal of Experimental and Theoretical Artificial Intelligence 12, 447–459 (2000),; copyright: ©2000, American Association for Artificial Intelligence, All rights reserved, Google Scholar
  19. 19.
    Ochsenschläger, P., Rieke, R.: Abstraction based verification of a parameterised policy controlled system. In: International Conference “Mathematical Methods, Models and Architectures for Computer Networks Security” (MMM-ACNS-7). CCIS, vol. 1, Springer, Heidelberg (2007), Google Scholar
  20. 20.
    Ochsenschläger, P., Repp, J., Rieke, R., Nitsche, U.: The SH-Verification Tool Abstraction-Based Verification of Co-operating Systems. Formal Aspects of Computing, The International Journal of Formal Method 11, 1–24 (1999)Google Scholar
  21. 21.
    Ochsenschläger, P., Rieke, R.: Uniform parameterisation of phase based cooperations. Tech. Rep. SIT-TR-2010/1, Fraunhofer SIT (2010),
  22. 22.
    Papadimitratos, P., Buttyan, L., Hubaux, J.P., Kargl, F., Kung, A., Raya, M.: Architecture for Secure and Private Vehicular Communications. In: IEEE International Conference on ITS Telecommunications (ITST), pp. 1–6. Sophia Antipolis, France (June 2007)Google Scholar
  23. 23.
    Ruddle, A., Ward, D., Weyl, B., Idrees, S., Roudier, Y., Friedewald, M., Leimbach, T., Fuchs, A., Grgens, S., Henniger, O., Rieke, R., Ritscher, M., Broberg, H., Apvrille, L., Pacalet, R., Pedroza, G.: Security requirements for automotive on-board networks based on dark-side scenarios. EVITA Deliverable D2.3, EVITA project (2009),
  24. 24.
    Sadeghi, A.R., Stüble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: Proceedings of the 2004 Workshop on New Security Paradigms, NSPW 2004, pp. 67–77. ACM, New York (2004)Google Scholar
  25. 25.
    Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a TCG-based integrity measurement architecture. In: Proceedings of the 13th USENIX Security Symposium. USENIX Association (2004)Google Scholar
  26. 26.
    Schaub, F., Ma, Z., Kargl, F.: Privacy requirements in vehicular communication systems. In: IEEE International Conference on Privacy, Security, Risk, and Trust (PASSAT 2009), Symposium on Secure Computing (SecureCom 2009), Vancouver, Canada (August 2009),
  27. 27.
    Shirey, R.: Internet Security Glossary, Version 2. RFC 4949 (Informational) (August 2007),

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Andreas Fuchs
    • 1
  • Roland Rieke
    • 1
  1. 1.Fraunhofer Institute for Secure Information Technology (SIT)DarmstadtGermany

Personalised recommendations