Integrating Security Requirements Engineering into MBSE: Profile and Guidelines

Abstract

Model-Based System Engineering (MBSE) provides a number of ways on how to create, validate, and verify the complex system design; unfortunately, the inherent security aspects are addressed neither by the SysML language that is the main MBSE enabler nor by popular MBSE methods. Although there are many common points between MBSE and security requirements engineering, the key advantages of MBSE (such as managed complexity, reduced risk and cost, and improved communication across a multidisciplinary team) have not been exploited enough. This paper reviews security requirements engineering processes and modeling methods and standards and provides the MBSE security profile as well, which is formalized with the UML 2.5 profiling capability. The new UML-based security profile conforms to the ISO/IEC 27001 information security standard. In addition to the MBSE security profile, this paper also presents the security profile application use case and the feasibility study of current status for security and systems engineering processes.