Security & Safety by Model-based Requirements Engineering

Cyber-physical systems (CPS), like autonomous vehicles, are intelligent and networked. The development of such systems requires interdisciplinary cooperation between different stakeholders. A lack of system understanding between stakeholders can lead to unidentified security threats & safety hazards in requirements engineering, resulting in high costs in product development. In particular, a lack of an integrative consideration of security threats & safety hazards can compromise safety compliance for CPS. Model-based requirements engineering (MBRE) improves the understanding of systems between stakeholders by additionally creating supporting models to system requirements. However, MBRE approaches only partially address security threats & safety hazards. In particular, their integrative consideration is not taken into account. Established security & safety approaches are either only applicable to specific disciplines or only partially consider security threats & safety hazards. Overall, existing approaches do not fully cover the MBRE process. In the context of this paper, the results of three scientific papers are consolidated with the aim to create a basis for a holistic MBRE approach, which considers security threats & safety hazards integratively. In each of the papers, sub-criteria of the holistic MBRE approach are presented. Furthermore, elaborated and planned tools for the individual process steps are presented.