System evolution through semi-automatic elicitation of security requirements: A Position Paper

Due to the security threats faced in the connected world, the consideration of security requirements during system design and modeling has become a necessity. Unfortunately, the identification of new requirements that may arise throughout additional phases of a system's life-cycle (e.g. during operation) must also be considered due to the ever-changing threat landscape. These new requirements may derive system adaptations or modifications that ensure continuous security of the system. The identification of these new requirements and the implementation of their derived changes must be performed in a timely manner in order to avoid time windows where the system is vulnerable to security threats. Unfortunately, the timely implementation of security-related changes is a challenge when dealing with automation systems as it may affect their availability and functionality. This position paper presents an approach that allows semi-automatic identification of new security requirements through the use of automated tools in order to detect security vulnerability and other changes in security assumptions.     «

Due to the security threats faced in the connected world, the consideration of security requirements during system design and modeling has become a necessity. Unfortunately, the identification of new requirements that may arise throughout additional phases of a system's life-cycle (e.g. during operation) must also be considered due to the ever-changing threat landscape. These new requirements may derive system adaptations or modifications that ensure continuous security of the system. The identi...     »