D-REQs: Determination of security safety requirements in workshops based on the use of model-based systems engineering

Paper in proceeding, 2021

Cyber-physical systems, like autonomous vehicles, are intelligent and networked. The development of such systems requires cooperation between different stakeholders. A lack of system understanding can lead to unidentified (safety relevant) security requirements (SRSR) in early engineering. This can increase product development costs or compromise system safety compliance. Model-based systems engineering (MBSE) improves the system understanding by using models. Conducting workshops in the context of MBSE promotes interaction between stakeholders so that confusion regarding SRSR can be resolved already in the workshop. Using the models created, requirements can be derived in the workshop. However, established security safety approaches are not specifically designed to be used in conjunction with MBSE and requirements engineering. In this paper, we present an extension of our previously developed SAVE approach. This extension supports a team of stakeholders in workshops to derive SRSR using MBSE. We illustrate our approach with an example from the automotive domain and present an initial field study of the application of our approach, based on a 2-month student project.