WRT-1013: Security Engineering - 2019
Report Number: SERC-2020-TR-008
Publication Date: 2020-06-24
Project: Security Engineering – Decision Support Tool
Dr. Cody Fleming
For several years, a principal focus of the Trusted Systems thrust within SERC has been the development of methods and tools that support system design for cyber resilience in cyber-physical systems. This body of work features the development of the Mission Aware (MA) framework for integration and alignment of cyber engineering requirements with the system development lifecycle and systems engineering processes. MA includes techniques for evaluating cyber physical system threats and attacks, a framework for formulating requirements and design concepts for cyber resiliency, and model-based tools for the selection of resilient architectures. The centerpiece of the MA framework is a risk analysis that integrates the perspectives of mission owners, systems engineers, and red teams into a common model-based form. MA was developed through a series of SERC research efforts, including RT-156, RT-172, RT-191, RT-196, and ART-004. Collectively, the prior SERC MA projects provide a foundational methodology and supporting tools for cyber resilient design.
This report describes a 12-month research activity with the overall goal of advancing the development of model-based engineering tools for conducting functional risk assessments, designing cyber-resilient systems, and assessing the vulnerability of system architectures. The project was carried out as part of an ongoing research partnership between the University of Virginia (UVA) and Virginia Commonwealth University (VCU). The UVA team led development of methods and tools to model the consequences of cyber attacks on cyber physical systems, and the VCU team led development of tools that relate consequences to likely attacks.
The principal research objectives were as follows:
- Mission Aware MBSE Metamodel – Develop a metamodel that can be used to derive model-based systems engineering (MBSE) representations of systems. The metamodel should capture the results of the Cyber Security Requirements Methodology (CSRM) and other elements of the MA framework that support design of cyber resilient systems.
- Compliance with Next-Generation MBSE Tools – Develop the MA metamodel in a standards based architecture that would allow systems engineering tool vendors to easily incorporate the model, with a goal of accelerating the transition of research into practice.
- Extension of CYBOK – Extend prior research on the prototype system engineering tool referred to as the Cyber Body of Knowledge (CYBOK). This objective includes development of an integrated an enhanced version of the CYBOK tool that leverages the metamodel’s analysis capabilities.
- Demonstration on Case Study – Demonstrate the use of the MA metamodel and CYBOK tools for operational risk assessment, resilient design, and vulnerability assessment on a case study.
The tools and methods developed in this project have reached a level of maturity that would support transition to broad application in weapons and other systems. Additionally, in future work, these research outcomes could provide the basis for unifying and standardizing approaches to model-based systems assurance and mission engineering through in formal modeling and dynamic simulations.