Emergency Systems Modelling using a Security Engineering Process

The engineering and development of complex security-sensitive systems is becoming increasingly difficult due to the need to address aspects like heterogeneity (of application domains, requirements, regulations, solutions, etc.), dynamism and runtime adaptation necessities, and the high demands for security and privacy of the users and agencies involved in scenarios where these systems work (natural disasters, accidents, terrorism, etc.). Moreover, security knowledge is highly domain-dependent and dynamic. These characteristics make the development of those systems hard because the amount of security knowledge required to dealing with such a huge variety of situations, which becomes way too large for a human. We propose in this paper a securityoriented engineering process that is especially useful for these systems. It makes security fit naturally in the systems by interleaving security into the initial architecture and system description. In particular, the proposed process provides means to identify and manage security properties in a consistent and intuitive manner. To illustrate our experience we use a real-world emergency response scenario. More concretely, we focus on the establishment of a secure ad-hoc wireless mesh communication, which is a key component in the domain of spontaneous broadband communication among crisis management vehicles.