Assessing System of Systems Security Risk and Requirements with OASoSIS

When independent systems come together as a System of Systems (SoS) to achieve a new purpose, dealing with requirements conflicts across systems becomes a challenge. Moreover, assessing and modelling security risk for independent systems and the SoS as a whole is challenged by a gap in related research and approaches within the SoSs domain. In this paper, we present an approach for bridging SoS and Requirements Engineering by identifying aligning SoSs concepts to assess and model security risk and requirements. We introduce our OASoSIS approach modifying OCTAVE Allegro for SoSs using CAIRIS (Computer Aided Integration of Requirements and Information Security) with a medical evacuation (MEDEVAC) SoS exemplar for Security Requirements Engineering tool-support. Index Terms—System of Systems, Security, Risk, Human Factors, Requirements Engineering, CAIRIS

Security Assessment of Systems of Systems

Engineering Systems of Systems is one of the new chal-lenges of the last few years. This depends on the increasing number of systems that must interact one with another to achieve a goal. One peculiarity of Systems of Systems is that they are made of systems able to live on their own with well-established functionalities and requirements, and that are not necessarily aware of the joint mission or prepared to collaborate. In this emergent scenario, securi-ty is one crucial aspect that must be considered from the very beginning. In fact, the security of a System of Sys-tems is not automatically granted even if the security of each constituent system is guaranteed. The aim of this paper is to address the problem of assessing security properties in Systems of Systems. We discuss the specific security aspects of such emergent systems, and propose the TeSSoS approach, which includes modelling and testing security properties in Systems of Systems and introduces the Red and Blue Requirements Specification concepts.Ministerio dell'Universitá e della Ricerca (Italia) GAUSS 2015KWREMXMinisterio de Economía y Competitividad TIN2016-76956-C3-2-R (POLOLAS