Translating the STPA-SEC security method into a model-based engineering approach

Ehab Silawi (Tel Aviv University)
Avi Shaked (University of Oxford)
Yoram Reich (Tel Aviv University)

Keywords
STPA-Sec;Systems engineering;Cybersecurity;Metamodel;Model-driven engineering
Abstract
STPA-Sec is a systematic method that allows to analyze system designs and identify vulnerabilities in those designs from the onset and throughout the system lifecycle. We describe a carefully designed metamodel that accommodates the concepts and steps of the method. We translate key concepts from STPA-Sec into a metamodel, with the intention of facilitating a more structured and disciplined application of STPA-Sec. We demonstrate the advantage of using the metamodel in two case studies.