Authors:
Avi Shaked
1
;
2
and
Yoram Reich
2
Affiliations:
1
Cyber Division, Israel Aerospace Industries, Ashdod, Israel
;
2
Systems Engineering Research Initiative, Faculty of Engineering, Tel Aviv University, Tel Aviv, Israel
Keyword(s):
Threat and Risk Assessment, Model based Engineering, Cybersecurity, Security by Design, Systems Design.
Abstract:
Integrating cybersecurity considerations in the design of modern systems is a significant challenge. As systems increasingly rely on connectivity and software to perform, cybersecurity issues of confidentiality, integrity and availability emerge. Addressing these issues during the design of a system – a security by-design approach – is desirable, and considered preferable to patching an existing design with extraneous components and mechanisms. In this paper, we present a model-based methodology for cybersecurity related systems design. This field-proven methodology takes into consideration cybersecurity threats alongside the system’s composition and existing mechanisms, in order to communicate, assess and drive the incorporation of security controls into the system design. We discuss aspects of the methodology’s design and how it relates to its real-life applications and usage context.