SysML4Sec – methodology for security modeling in the context of large‐scale product development with multiple design levels

Journal
INCOSE International Symposium  
Volume
35
Issue
1
Start Page
595
End Page
612
Citation
35th Annual INCOSE International Symposium, INCOSE 2025
Contribution to Conference
35th Annual INCOSE International Symposium, INCOSE 2025  
Publisher DOI
10.1002/iis2.70108
Publisher
Wiley
Increasing functionalities and the rising complexity of aircraft systems used by flight and cabin crews, passengers, maintenance staff, and other stakeholders necessitate a reconsideration of system development methodologies. This paper presents SysML4Sec, a model‐based security engineering method that integrates the systems engineering process (SEP) with the security engineering process (SecEP). Both processes operate concurrently and interactively within the same system model across all development levels. We detail SysML4Sec for model‐based security engineering using a consistent SysML approach and demonstrate SEP‐SecEP interactions in developing a passenger seat connectivity function with the SysML4Sec supporting ‘CATIA Magic Systems of Systems Architect’ tool. The ‘Magic Systems of Systems Architect’ tool provides a single source of truth where a system and security engineers could collaborate to design the system architecture and the associated preliminary security assessments as per the DO 326A aviation standard. It enables to define Assets to be protected, the Threat Conditions (TC), the Threat Scenarios (TS) and Security Measures (SM) which are specified in terms of effectiveness to reduce the risk.
Subjects
Model-based Security Engineering
SysML4Sec
Security Engineering Method
Aircraft System Development
RAAML
DO-326
ED-202 set
DDC Class
629.13: Aviation Engineering