The application of model-based systems engineering to understand security of systems using SAE J1939
Date
2024
Journal Title
Journal ISSN
Volume Title
Abstract
The Engineering community is adopting a Digital Engineering approach enabled by Model-Based Systems Engineering (MBSE) as an effective tool for designing complex systems. As technology continues to rapidly advance, security risk mitigation and requirements engineering is becoming a prominent and important factor in the cybersecurity domain. As a result, engineering methods and frameworks must constantly be improved and updated to implement the successful realization of cyber-physical systems (CPS). With the inherent connectivity, accessibility, and lack of security making CPSs attractive targets for cyber attacks, integrating security considerations into system development is crucial. With 'security by design' being a fundamental pillar of system development, MBSE plays a pivotal role in shaping secure system architectures. In this thesis, I explore the application of MBSE to the system security domain, focusing on secure system development and the incorporation of security by design throughout the system development phase. This is accomplished by investigating the utility of MBSE in understanding the vulnerabilities of a Medium to Heavy Duty (MHD) vehicle, improving its security posture, and providing recommendations on how to improve the process. This is achieved by first exploring the utility of simulation using model-based tools to better understand complex systems, and bridge the gap between bottom-up and top-down approaches. Next, an established method, MBSEsec, is applied to the system of interest (SOI) to develop security controls for the vehicle's transport protocol. Additionally, recommendations are provided for improving the method's effectiveness in documenting vulnerabilities, and risk. MBSEsec is a security-focused MBSE method using SysML to develop a system architecture that highlights security design considerations. The method's structured workflow facilitates the elicitation of security requirements and controls using specific systems modeling activities. The primary focus is on the heavy vehicle network transport protocol, J1939, serving as the SOI. The discovery and validation of new exploits that take advantage of vulnerabilities in the data-link layer of the protocol highlights the need to elicit better security requirements for cyber-physical systems (CPS). Using the J1939 network as the SOI for this work allows the models to be supported by and validated with on-vehicle testing. This work contributes a survey of modeling approaches for secure system design. Lastly, this thesis details the development of a novel approach for system-level mission-focused security goal elicitation. EGRESS: Eliciting Goals for Requirement Engineering of Secure Systems, incorporates best practices from security requirement engineering works, and utilizes Model-Based Systems Engineering to formulate security goals for cyber-physical systems, aiming to create more comprehensive security requirements.
Description
Rights Access
Subject
J1939
secure architecture
SysML
model based systems engineering
cybersecurity
security requirements