Model-Based Security Analysis of Interconnected Subsystems: A Methodology for Security Compatibility Evaluation

Integrating subsystems developed by different manufacturers is a challenging task. Nevertheless, in fields like Intelligent Transport Systems (ITS), it is imperative for vehicles and infrastructure to constantly communicate. The proposed method models elements from a Threat Analysis and Risk Assessment (TARA) of each subsystem using SysML. Then it applies compatibility conditions to the exported model to generate an output compatibility statement. This statement indicates whether the subsystems are compatible from a security perspective or not. The method enables subsystems to assess their potential for secure integration allowing for independent development by manufacturers. We implement the method and evaluate it on an industrial use case to showcase the method's ability to determine the security compatibility of two subsystems.