A Security Engineering Process for Systems of Systems using Security Patterns

The creation of secure systems of systems is a complex process. A large variety of security expertise and knowledge specific for application domains is required. This is even more important if systems of systems span different application domains. Then, security threats specific to different application-domains need to be considered. One example is integrated systems for industrial production processes that interface office domains with supply chain management systems as well as a production environment. Such integrated systems of systems can perform very efficient and economic processes. However, due to the many and different domain-specific security requirements and threats security engineering needs to support requirements specification and architecture design very early in the development process in order to ensure resilience and safety of the complete system. Working with different domains implies that properties and its functionalities are specific and the engineering process used for modeling and designing the complete system has to be able to work in this context, covering all the possibilities and allowing the use of trusted solutions that are compatible with the ones of different domains. We present in this paper a security engineering process for creating secure systems of systems that cover the necessities presented above by using a series of security artifacts that contain the domain-specific security information (in terms of security properties) and provide security solutions in the form of security patterns. These patterns contain the definition of the software/hardware elements used for providing the required solution and the information of related patterns for different domains, which provides a very helpful functionality for creating a system of systems.