SysML-Sec Diagrams
A security extension to SysML. Tasks and hardware nodes are modeled using SysML blocks, allocations are modeled with SysML allocate relationships, and security requirements are modeled in SysML Requirement Diagrams.
Specurity Aspects
Name
Description
A block attribute should never be disclosed to an attacker.
A message has to be send before another message (based on block states).
Specification Elements
Name
Description
A security requirement that the system must satisfy. The Security Requirement stereotype allows you to make a clear distinction between the functional requirements and the security requirements of the system. A security requirement does not target any specific system element.
Attacks are modeled as values embedded into blocks representing the target of the attack.
Describes the security related types of data.
Describes that the attribute of a block shall remain confidential.
Describes required message orders.
Attributes whose values are identical at the beginning of a cryptographic protocol session.
Attributes with identical values at system startup.
Describes whether a link between blocks can be eavesdropped by an attacker or not. (Please note that Link Accessibility has been described, but not explicitly been named in the reviewed paper)
Security Aspects
Confidentiality
A block attribute should never be disclosed to an attacker.- Specification Elements:
- Confidentiality
- DataType
- Link Accessibility (described, but not named in paper)
- Threats:
- Information Disclosure
Authenticity
A message has to be send before another message (based on block states).- Specification Elements:
- Authenticity
- InitialSessionKnowledge
- InitialSystemKnowledge
- DataType
- Threats:
- Tampering with Data
- Spoofing
- Denial of Service
Specification Elements
SecurityRequirement
A security requirement that the system must satisfy. The Security Requirement stereotype allows you to make a clear distinction between the functional requirements and the security requirements of the system. A security requirement does not target any specific system element.- Applies to:
Attack
Attacks are modeled as values embedded into blocks representing the target of the attack.- Applies to:
- Entity
DataType
Describes the security related types of data.- Applies to:
- Data
Confidentiality
Describes that the attribute of a block shall remain confidential.- Applies to:
- Data
Authenticity
Describes required message orders.- Applies to:
- State
- InformationFlow
InitialSessionKnowledge
Attributes whose values are identical at the beginning of a cryptographic protocol session.InitialSystemKnowledge
Attributes with identical values at system startup.- Applies to:
- State
Link Accessibility
Describes whether a link between blocks can be eavesdropped by an attacker or not. (Please note that Link Accessibility has been described, but not explicitly been named in the reviewed paper)- Applies to:
- Connection