A formal model and risk assessment method for security-critical real-time embedded systems

Risk assessment at the early stage of software development can effectively reduce potential security flaws in the software, thus reduce the cost of testing and maintenance. However, there are very few standardized risk assessment methods toward the design models of security-critical RTESs (real-time embedded systems). This paper defines a formal model called OMR (Object-Message-Role) using Z notation for the security-critical RTESs. Comparing with the existing models for RTESs, OMR is able to specify both the functional and security aspects of the system as an integrated model, which directly provides the input for risk assessment. A risk assessment method RAMES (risk assessment method for embedded systems) based on OMR is then proposed. RAMES is complianced with the risk management process standardized by ISO 31000. To perform the risk analysis in RAMES, an algorithm RAOMR is designed based on the analysis of the message flows and security constraints in OMR. The illustration of a case study shows that RAMES is able to evaluate the risk level of the system model, and locate the high-risky objects and messages.

[1]  David A. Carrington,et al.  An MDA Approach Towards Integrating Formal and Informal Modeling Languages , 2005, FM.

[2]  Mark Saaltink,et al.  The Z/EVES Reference Manual (for Version 1.5) , 1997 .

[3]  日本規格協会 情報技術-セキュリティ技術-情報セキュリティ管理策の実践のための規範 : ISO/IEC 27002 = Information technology-Security techniques-Code of practice for information security controls : ISO/IEC 27002 , 2013 .

[4]  Simona Bernardi,et al.  A dependability profile within MARTE , 2011, Software & Systems Modeling.

[5]  Kai Petersen,et al.  Countermeasure graphs for software security risk assessment: An action research , 2013, J. Syst. Softw..

[6]  Yashwant K. Malaiya,et al.  Defining and Assessing Quantitative Security Risk Measures Using Vulnerability Lifecycle and CVSS Metrics , 2011 .

[7]  Christopher J. Alberts,et al.  OCTAVEsm Criteria, Version 2.0 , 2001 .

[8]  Jin-Young Choi,et al.  Security Policy Modeling using Z notation for Common Criteria version 3.1 , 2009, 2009 11th International Conference on Advanced Communication Technology.

[9]  Nazir Ahmad Zafar Formal specification and validation of railway network components using Z notation , 2009, IET Softw..

[10]  Graeme Smith,et al.  An Introduction to Real-Time Object-Z , 2002, Formal Aspects of Computing.

[11]  Klaus Fischer,et al.  The Formal Semantics of the Domain Specific Modeling Language for Multiagent Systems , 2009, AOSE.

[12]  Louis Anthony Cox,et al.  What's Wrong with Risk Matrices? , 2008, Risk analysis : an official publication of the Society for Risk Analysis.

[13]  Simona Bernardi,et al.  Computation of Performance Bounds for Real-Time Systems Using Time Petri Nets , 2009, IEEE Transactions on Industrial Informatics.

[14]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[15]  I. Hogganvik,et al.  Model-based security analysis in seven steps — a guided tour to the CORAS method , 2007 .

[16]  Shyi-Ming Chen,et al.  Fuzzy risk analysis based on similarity measures of generalized fuzzy numbers , 2003, IEEE Trans. Fuzzy Syst..

[17]  James B. D. Joshi,et al.  An adaptive risk management and access control framework to mitigate insider threats , 2013, Comput. Secur..

[18]  Piotr Szwed,et al.  A new lightweight method for security risk assessment based on fuzzy cognitive maps , 2014, Int. J. Appl. Math. Comput. Sci..

[19]  Hany H. Ammar,et al.  Architectural-Level Risk Analysis Using UML , 2003, IEEE Trans. Software Eng..

[20]  Georg Sigl,et al.  Risk management in embedded devices using metering applications as example , 2014, WESS '14.

[21]  Nafees Qamar,et al.  Validation of Security-Design Models Using Z , 2011, ICFEM.

[22]  Shih-Tong Lu,et al.  Using the Fuzzy Linguistic Preference Relation Approach for Assessing the Importance of Risk Factors in a Software Development Project , 2013 .

[23]  Sonia Chiasson,et al.  Security in the Software Development Lifecycle , 2018, SOUPS @ USENIX Security Symposium.

[24]  Kurt Jensen Coloured Petri Nets , 1992, EATCS Monographs in Theoretical Computer Science.

[25]  Marcin Szpyrka,et al.  Telecommunications Networks Risk Assessment with Bayesian Networks , 2013, CISIM.

[26]  Kurt Jensen Coloured Petri nets , 1986 .

[27]  Fergal McCaffery,et al.  Risk management capability model for the development of medical device software , 2010, Software Quality Journal.

[28]  Indrajit Ray,et al.  Dynamic Security Risk Management Using Bayesian Attack Graphs , 2012, IEEE Transactions on Dependable and Secure Computing.

[29]  Simona Bernardi,et al.  Timing-Failure Risk Assessment of UML Design Using Time Petri Net Bound Techniques , 2011, IEEE Transactions on Industrial Informatics.

[30]  Peter H. Feiler,et al.  The Architecture Analysis & Design Language (AADL): An Introduction , 2006 .

[31]  John A. Clark,et al.  Risk profiles and distributed risk assessment , 2009, Comput. Secur..

[32]  Hany H. Ammar,et al.  Model-based performance risk analysis , 2005, IEEE Transactions on Software Engineering.

[33]  Pieter H. Hartel,et al.  Model-based qualitative risk assessment for availability of IT infrastructures , 2010, Software & Systems Modeling.

[34]  David Basin,et al.  Model driven security: From UML models to access control infrastructures , 2006, TSEM.

[35]  P. Merlin,et al.  Recoverability of Communication Protocols - Implications of a Theoretical Study , 1976, IEEE Transactions on Communications.

[36]  Christophe Moy,et al.  A co-design methodology based on model driven architecture for real time embedded systems , 2011, Math. Comput. Model..

[37]  Kai Petersen,et al.  Prioritizing Countermeasures through the Countermeasure Method for Software Security (CM-Sec) , 2010, PROFES.

[38]  John Grundy,et al.  Automated software architecture security risk analysis using formalized signatures , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[39]  Jin Song Dong,et al.  Timed Communicating Object Z , 2000, IEEE Trans. Software Eng..

[40]  Yi Zhuang,et al.  Modeling Dependability Features for Real-Time Embedded Systems , 2015, IEEE Transactions on Dependable and Secure Computing.

[41]  Stephen N. Luko,et al.  Risk Management Principles and Guidelines , 2013 .

[42]  Feixian Sun Artificial Immune Danger Theory Based Model for Network Security Evaluation , 2011, J. Networks.

[43]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[44]  P. Bon,et al.  Safety requirements and p-time Petri nets: A Level Crossing case study , 2006, The Proceedings of the Multiconference on "Computational Engineering in Systems Applications".