Security Engineering Framework for Cyber-Physical System Product-Line
摘要
Quality and system assurance foundations are achieved in System and Software Engineering Product-line systems when security is an integral part of these systems and is systematically built into the engineering development processes and product instances. With the absence of adequate security requirements coverage, these same product-line systems suffer from essential trustworthiness security concerns. This paper presents a security engineering process framework and approach that systematically orchestrates security goals and customer needs to efficiently elaborate, verify, and validate security requirements in the development of software-intensive product line systems. This security engineering process segments the product-line process into multiple stages. Each stage employs a quality-gate where security assessment of work products is performed. These gates ensure compliance with applicable security criteria as products progress through the product-line engineering pipeline to produce a secure product-line and deliverable systems. A case study example is provided applying this approach.