Towards the Model-Driven Engineering of Security Requirements for Embedded Systems

This paper discusses why and how security requirements engineering must be adapted to the model-driven approach usually adopted to design and develop embedded systems. In particular, we discuss to what extent the elicitation of security requirements and the Y-chart partitioning approach, a central design methodology in embedded systems, can mutually enrich each other. We also show how SysML, which is already commonly used to engineer requirements in embedded systems, can also represent security requirements, assets, and threats with only a few extensions and thus support a more comprehensive requirements engineering methodology. We illustrate the use of our overall methodology and toolkit with examples from the automotive embedded system field in order to demonstrate the relevance of our approach.