TY - GEN
T1 - The need for a secure Modular Open Systems Approach (MOSA)
T2 - 2020 Systems Security Symposium, SSS 2020
AU - Bonilla-Ortiz, Giselle
AU - Verma, Dinesh
N1 - Publisher Copyright:
© 2020 IEEE.
PY - 2020/7
Y1 - 2020/7
N2 - A broad survey of available publications indicates that security is still regarded as an unknown in Modular Open Systems Approach (MOSA) architectures. Additionally, open security approaches for modular systems can be seen as a barrier to successful MOSA implementations, given that vulnerability discovery by attackers may be aided by open security architectures and standards. Modular Open architecture security requirements such as those for Anti-Tamper and Cybersecurity need to be an integral part of the MOSA lifecycle. Also, a primary concern of businesses is to maintain competitive advantage by means of protecting their proprietary data. In essence, MOSA systems are characterized by defining common interfaces and not the functionality within the system itself, maintaining proprietary data protected within the boundaries of each module. Is this sufficient to provide horizontal protection across plug-and-play MOSA systems? To begin studying questions such as this, this paper utilizes Systems Thinking methodologies to explore the US Department of Defense (DoD) method to MOSA and Systems Security Engineering (SSE). The authors introduce several systems thinking methodologies to scope the problem and identify the benefits of incorporating SSE into the MOSA lifecycle. Using systemic tools, the authors identify the stakeholders that influence and are affected by both MOSA and SSE, determine the system boundary, describe the relationships between all components within the system, explore several shaping forces that have brought MOSA to its present state and determine the proposed value added by designing a trusted and secure MOSA.
AB - A broad survey of available publications indicates that security is still regarded as an unknown in Modular Open Systems Approach (MOSA) architectures. Additionally, open security approaches for modular systems can be seen as a barrier to successful MOSA implementations, given that vulnerability discovery by attackers may be aided by open security architectures and standards. Modular Open architecture security requirements such as those for Anti-Tamper and Cybersecurity need to be an integral part of the MOSA lifecycle. Also, a primary concern of businesses is to maintain competitive advantage by means of protecting their proprietary data. In essence, MOSA systems are characterized by defining common interfaces and not the functionality within the system itself, maintaining proprietary data protected within the boundaries of each module. Is this sufficient to provide horizontal protection across plug-and-play MOSA systems? To begin studying questions such as this, this paper utilizes Systems Thinking methodologies to explore the US Department of Defense (DoD) method to MOSA and Systems Security Engineering (SSE). The authors introduce several systems thinking methodologies to scope the problem and identify the benefits of incorporating SSE into the MOSA lifecycle. Using systemic tools, the authors identify the stakeholders that influence and are affected by both MOSA and SSE, determine the system boundary, describe the relationships between all components within the system, explore several shaping forces that have brought MOSA to its present state and determine the proposed value added by designing a trusted and secure MOSA.
KW - MOSA
KW - Modular Open Systems Approach
KW - Program Protection
KW - Systemigram
KW - Systems Security Engineering
KW - Systems Thinking
UR - http://www.scopus.com/inward/record.url?scp=85105271319&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85105271319&partnerID=8YFLogxK
U2 - 10.1109/SSS47320.2020.9197726
DO - 10.1109/SSS47320.2020.9197726
M3 - Conference contribution
AN - SCOPUS:85105271319
T3 - Systems Security Symposium, SSS 2020 - Conference Proceedings
BT - Systems Security Symposium, SSS 2020 - Conference Proceedings
Y2 - 1 July 2020 through 1 August 2020
ER -