Systems‐theoretic security requirements modeling for cyber‐physical systems

Cyber‐physical systems (CPS) present a unique modeling challenge due to their numerous heterogeneous components, complex physical interactions, and disjoint communication networks. Modeling CPS to aid security analysis further adds to these challenges, because securing CPS requires not only understanding of the system architecture, but also the system's role within its broader expected service. This is due to the infeasibility of completely securing every single component, network, and part within a CPS. As such it is necessary to be cognizant of the system's expected service, or mission, so that the effects of an exploit can be mitigated and the system can perform its mission at least in a partially degraded manner—in other words, a mission‐aware approach to security. As such, a security analysis methodology based on this philosophy is greatly aided by the creation of a model that combines system architecture information, its admissible behaviors, and its mission context. This paper presents a technique for creating such a model using the Systems Modeling Language.