Premium
STPA‐Sec Analysis for DevSecOps Reference Design
Author(s) -
Reule Ryyan T,
Feighery Brynn,
Winstead Mark W.,
Hild Daryl R.,
Barnum Will,
Span Martin
Publication year - 2021
Publication title -
incose international symposium
Language(s) - English
Resource type - Journals
ISSN - 2334-5837
DOI - 10.1002/j.2334-5837.2021.00839.x
Subject(s) - computer science , security engineering , requirements analysis , software security assurance , requirements engineering , computer security model , work (physics) , software engineering , process (computing) , computer security , systems engineering , software , security service , engineering , information security , mechanical engineering , programming language , operating system
This work describes a top down systems security requirements analysis approach for understanding and eliciting general security requirements for securing Software Factories (SF). More specifically, the System‐Theoretic Process Analysis approach for Security (STPA‐Sec) is used to understand and elicit systems security requirements for SFs. The effort employs STPA‐Sec on the DoD Enterprise DevSecOps Reference Design to detail a conceptual approach to analyze SFs. The intent is to develop functional‐level security requirements, design‐level engineering considerations, and architectural‐level security specification criteria early in the system life cycle. The aim is to secure the SFs themselves, enhancing the security of resulting software generated from the SF. These details were elaborated during a summer collaborative research effort by two United States Air Force Academy Systems Engineering cadets, working with a MITRE team of subject matter expertise (SME's), and guided by their instructor. This work provides insight into a viable systems security requirements analysis approach which results in traceable security, safety, and resiliency requirements that can be designed‐for, built‐to, and verified with confidence.