Modeling security risk assessments
- Security Risk Assessment is an important task in systems engineering and used to derive security requirements for a secure system design and the evaluation of design alternatives as well as vulnerabilities. Security Risk Assessment is a complex and interdisciplinary task, where experts from the application and the security domain have to collaborate and understand each other. Automated and tool-supported approaches are desired to help manage the complexity. However, the models used for system engineering usually focus on functional behavior and lack security-related aspects. For example, the consequences of security incidents, such as loss of intellectual property, are typically not modeled by system engineers. Therefore, we present our modeling approach that alleviates communication between the involved experts and features steps of computer aided modeling to achieve consistency and to avoid errors of omission. We demonstrate our approach with an example and discuss the resulting advantages.
| Author: | Daniel AngermeierORCiDGND, Kristian BeilkeORCiDGND, Gerhard HanschORCiDGND, Jörn EichlerGND |
|---|---|
| URN: | urn:nbn:de:hbz:294-66702 |
| DOI: | https://doi.org/10.13154/294-6670 |
| Parent Title (English): | 17\(^{th}\) escar Europe : embedded security in cars (Konferenzveröffentlichung) |
| Document Type: | Part of a Book |
| Language: | English |
| Date of Publication (online): | 2019/10/31 |
| Date of first Publication: | 2019/10/31 |
| Publishing Institution: | Ruhr-Universität Bochum, Universitätsbibliothek |
| Tag: | Model-based; Risk Analysis; Security Engineering; Security Risk Assessment |
| First Page: | 133 |
| Last Page: | 146 |
| Dewey Decimal Classification: | Allgemeines, Informatik, Informationswissenschaft / Informatik |
| open_access (DINI-Set): | open_access |
| Konferenz-/Sammelbände: | 17th escar Europe : embedded security in cars |
| Licence (German): |  Keine Creative Commons Lizenz - es gelten die Rechteeinräumung und das deutsche Urheberrecht |
