|
| | UAF | CHASSIS | SysML Sec | UML Sec | Definition | Synonyms |
|
| Asset | Y | Y | Y | N | Elements that can be considered as a subject for security analysis [25]
Something in the system and/or its environment, to be protected from negative consequences [31] | Software asset,
system asset,
data asset |
| Security constraint | Y | Y | Y | Y | A type of rule that captures a formal statement to define security laws, regulations, guidances, and policies [25] | Security requirement, security goal |
| Security control | Y | N | Y | N | A safeguard or countermeasure prescribed for an information system or an organization designed to protect the confidentiality, integrity, and availability of the asset’s information and to meet a set of defined security requirements [25] | Security activity,
safeguard,
countermeasure,
security-related function |
| Security property | Y | N | Y | Y | Property or constraint on a system asset that characterizes their security needs [25] | Information-assurance property |
| Risk | Y | Y | Y | N | A statement of the impact of an event on assets [25] | — |
| Risk impact | Y | Y | Y | N | The potential impact on system due to a specific reasons (availability, integrity, and confidentiality) [25] | Harm,
consequence,
security impact property |
| Vulnerability | Y | Y | N | Y | An internal fault that enables an external fault to harm the system [31] | Weakness,
security constraint (in UAF) |
| Attacker | N | Y | Y | Y | Someone or something carrying out an attack for altering the system’s functionality or performance, or accessing confidential information [31] | Intruder |
| Threat | Y | Y | Y | Y | Potential attack that targets system assets and that may lead to harm to assets [21]
An action carried out to harm system [31] | Attack,
security constraint (in UAF) |
|
