A framework towards the efficient identification and modeling of security requirements

Security concerns in vehicular embedded systems have made requirement engineering one of the most critical phases when designing those systems. This paper introduces a new framework that follows a Model Driven Engineering (MDE) approach and targets the identification and modeling of security requirements at early design stages. In particular, the system specification is provided through use cases. From that description, functional, architectural, and mapping views are constructed, using UML diagrams. Based on both use case specifications and system views, possible attacks and security requirements are identified and modeled using SysML diagrams. These identified security requirements serve as the basis for a trustworthy communication among different entities, and can be further used and refined in next methodological stages. The overall methodology is already implemented in a toolkit - called TTool - and is exemplified in the context of a vehicular-based application studied in the EVITA European project.