|
| UAF | CHASSIS | SysML Sec | UML Sec | Definition | Synonyms |
|
Asset | Y | Y | Y | N | Elements that can be considered as a subject for security analysis [25] Something in the system and/or its environment, to be protected from negative consequences [31] | Software asset, system asset, data asset |
Security constraint | Y | Y | Y | Y | A type of rule that captures a formal statement to define security laws, regulations, guidances, and policies [25] | Security requirement, security goal |
Security control | Y | N | Y | N | A safeguard or countermeasure prescribed for an information system or an organization designed to protect the confidentiality, integrity, and availability of the asset’s information and to meet a set of defined security requirements [25] | Security activity, safeguard, countermeasure, security-related function |
Security property | Y | N | Y | Y | Property or constraint on a system asset that characterizes their security needs [25] | Information-assurance property |
Risk | Y | Y | Y | N | A statement of the impact of an event on assets [25] | — |
Risk impact | Y | Y | Y | N | The potential impact on system due to a specific reasons (availability, integrity, and confidentiality) [25] | Harm, consequence, security impact property |
Vulnerability | Y | Y | N | Y | An internal fault that enables an external fault to harm the system [31] | Weakness, security constraint (in UAF) |
Attacker | N | Y | Y | Y | Someone or something carrying out an attack for altering the system’s functionality or performance, or accessing confidential information [31] | Intruder |
Threat | Y | Y | Y | Y | Potential attack that targets system assets and that may lead to harm to assets [21] An action carried out to harm system [31] | Attack, security constraint (in UAF) |
|