A SysML Metamodeling Approach to Embedding STRIDE Threat Analysis for Cyber-Physical Systems
摘要
This paper explores integrating the STRIDE threat modeling framework into the Systems Modeling Language (SysML) to enhance cybersecurity in cyber-physical systems. As the complexity of these systems increases, so does the challenge of ensuring their security. Traditional SysML does not inherently include detailed cybersecurity threat analysis provisions, necessitating an extension to accommodate such needs. We propose a methodology for systematically integrating cybersecurity considerations into SysML by developing a SysML profile that includes the STRIDE framework. This integration is achieved by mapping Data Flow Diagram (DFD) elements to SysML constructs and extending SysML to include a “threatEnumeration” class that facilitates detailed threat analysis. The findings indicate that this approach improves the ability to identify and manage cybersecurity threats and contributes to the broader field of systems engineering by providing a structured framework for security analysis. The paper concludes with recommendations for future research and the continued development of SysML extensions to better support cybersecurity analysis.