Security Assessment of Systems of Systems

Information technology (IT) is a crucial resource and enabler in almost every part of our society. However, there are severe risks associated with IT that may substantially decrease the potential benefits. To handle these risks, it is essential to be able to judge the security posture of systems. This requires the ability to perform security assessments. However, since security is an abstract, subjective, and non-tangible property, proper security assessment of non-trivial systems is hard. Currently, there is a lack of methods for efficient, reliable, and valid security assessments. In this paper, problems relating to the structural assessment of system security are addressed. In structural security assessments, the security of systems is quantified based on the security qualities of and inter- relations between sub-systems.

International Journal of Information Security, 2023

In the late twentieth century, the term "System of Systems" (SoS) became popular to describe a complex system made up of a combination of independent constituent systems. Since then, several studies have been conducted to support and assess SoS management, functionality, and performance. Due to the evolutionary nature of SoS and the non-composability of the security properties of its constituent systems, it is difficult to assess or evaluate SoS security. This paper provides an up-to-date survey on SoS security, aimed at stimulating and guiding further research efforts. This systematic mapping study (SMS) focuses on SoS security, privacy, and trust. Our SMS identified 1828 studies from 6 digital libraries, 87 of which were selected that presented approaches analyzing, evaluating, or improving security. We classified these studies using nine research questions that focused on the nature of the studies, the studied SoS, or the study validation. After examining the selected studies, we identified six gaps and as many future work directions. More precisely, we observed that few studies examine SoS problems and instead propose specific solutions, making it challenging to develop generalizable approaches. Furthermore, the lack of standardization has hindered the reuse of existing approaches, making it difficult for solutions to be generalized to other SoS. In addition, the lack of descriptions of industrial environments in the literature makes it difficult to design realistic validation environments. As a result, the validation of new SoS research remains a challenge in the field.

2010

Actors in our general framework for secure systems can exert four types of control over other actors' systems, depending on the temporality (prospective vs. retrospective) of the control and on the power relationship (hierarchical vs. peering) between the actors. We make clear distinctions between security, functionality, trust, and distrust by identifying two orthogonal properties: feedback and assessment. We distinguish four types of system requirements using two more orthogonal properties: strictness and activity. We use our terminology to describe specialised types of secure systems such as access control systems, Clark-Wilson systems, and the Collaboration Oriented Architecture recently proposed by The Jericho Forum.

2005

A general approach to security architecture is introduced. A survey of existing attempts to develop the security architecture introduces the topic. Security can be highlighted as part of the system development life cycle. The authors assume that security cannot be achieved by concentrating on one system component but can be achieved by identifying the relationship between these components and how information is used among them. An original sphere of use and interaction is presented upon which security measures can be evaluated and the required security controls can be chosen.

2014 IEEE International Systems Conference Proceedings, 2014

This paper describes an actionable engineering framework for security engineering of a system of systems (SoS). The framework is envisioned as a tool for assessing security risks to critical missions based on the contributing systems and SoS supporting them. An SoS security risk framework is needed to manage the problem of identifying the key elements of risk to SoS missions. The issue is the complexity resulting from the large number of potential logical paths through an SoS that could represent a security risk. Managing this problem then enables the application of security specific analyses to the SoS elements that have been identified as critical. The framework draws on the foundational elements of SoS SE, particularly an understanding of the SoS components, interdependencies and dynamics. The results of the analysis support investment decisions about the constituents of a SoS. The framework is a bridge between the operational and acquisition/engineering communities. While the focus of this framework is on acquisition and engineering materiel solutions, it also accommodates the consideration of non-materiel solutions.

ACM Transactions on Cyber-Physical Systems, 2019

Cyber-physical Systems of Systems (SoSs) are large-scale systems made of independent and autonomous cyber-physical Constituent Systems (CSs) which may interoperate to achieve high-level goals also with the intervention of humans. Providing security in such SoSs means, among other features, forecasting and anticipating evolving SoS functionalities, ultimately identifying possible detrimental phenomena that may result from the interactions of CSs and humans. Such phenomena, usually called emergent phenomena , are often complex and difficult to capture: the first appearance of an emergent phenomenon in a cyber-physical SoS is often a surprise to the observers. Adequate support to understand emergent phenomena will assist in reducing both the likelihood of design or operational flaws, and the time needed to analyze the relations amongst the CSs, which always has a key economic significance. This article presents a threat analysis methodology and a supporting tool aimed at (i) identifyin...

Proceedings New Security Paradigms Workshop, 1994

The development of a security system is generally performed through a multiphase methodology, starting from the initial preliminary analisys of the application environment, up to the physical implementation of the security mechanisms. In this framework, we propose a new approach for the development of security systems based on the reuse of existing security specifications. In the paper we illustrate how reusable specifications can be built by analyzing existing security systems, and how they can be used to develop new security systems not from scratch.

INCOSE International Symposium, 2021

The Future of Systems Engineering (FuSE) is an INCOSE‐led multiorganizational collaborative initiative pursuing INCOSE's Vision 2025 and beyond. To accomplish this the FuSE initiative encompasses a number of topic areas with active projects to shape the future of systems engineering. This paper addresses the FuSE Security topic area and provides a roadmap of eleven foundational concepts for building the security vision. The purpose of this paper is to instigate and inspire thinking and involvement in the development and practice of the foundational concepts.

Computing, 2015

Your article is protected by copyright and all rights are held exclusively by Springer-Verlag Wien. This e-offprint is for personal use only and shall not be self-archived in electronic repositories. If you wish to self-archive your article, please use the accepted manuscript version for posting on your own website. You may further deposit the accepted manuscript version in any repository, provided it is only made publicly available 12 months after official publication or later and provided acknowledgement is given to the original source of publication and a link is inserted to the published article on Springer's website. The link must be accompanied by the following text: "The final publication is available at link.springer.com".