Security Modeling for Embedded System Design

Among the many recent cyber attacks, the Mirai botnet DDOS attacks were carried out using infected IoTs. To prevent our connected devices from being thus compromised, their security vulnerabilities should be detected and mitigated early. This paper presents how the SysML-Sec Methodology has been enhanced for the evolving graphical modeling of security through the three stages of our embedded system design methodology: Analysis, HW/SW Partitioning, and Software Analysis. The security requirements and attack graphs generated during the Analysis phase determine the sensitive data and attacker model during the HW/SW Partitioning phase. We then accordingly generate a secured model with communication protection modeled using abstract security representations, which can then be translated into a Software/System Design Model. The Software Model is intended as the final detailed model of the system. Throughout the design process, formal verification and simulation evaluate safety, security, and performance of the system.

[1]  Muhammad Sabir Idrees,et al.  Towards the model-driven engineering of security requirements for embedded systems , 2013, 2013 3rd International Workshop on Model-Driven Requirements Engineering (MoDRE).

[2]  Alberto L. Sangiovanni-Vincentelli,et al.  Security-Aware Design Methodology and Optimization for Automotive Systems , 2015, ACM Trans. Design Autom. Electr. Syst..

[3]  Mohy Mahmoud,et al.  A Rigorous Methodology for Security Architecture Modeling and Verification , 2009 .

[4]  Florian Lugou,et al.  Security-aware Modeling and Analysis for HW/SW Partitioning , 2017, MODELSWARD.

[5]  Jan Jürjens,et al.  UMLsec: Extending UML for Secure Systems Development , 2002, UML.

[6]  Jörgen Hansson,et al.  Architectural Modeling to Verify Security and Nonfunctional Behavior , 2010, IEEE Security & Privacy.

[7]  Rabéa Ameur-Boulifa,et al.  SysML models and model transformation for security , 2016, 2016 4th International Conference on Model-Driven Engineering and Software Development (MODELSWARD).

[8]  Ludovic Apvrille,et al.  SysML-Sec: A model driven approach for designing safe and secure systems , 2015, 2015 3rd International Conference on Model-Driven Engineering and Software Development (MODELSWARD).

[9]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[10]  Barbara Kordy,et al.  ADTool: Security Analysis with Attack-Defense Trees , 2013, QEST.

[11]  Simin Nadjm-Tehrani,et al.  Quantifying Risks to Data Assets Using Formal Metrics in Embedded System Design , 2015, SAFECOMP.

[12]  Axel van Lamsweerde,et al.  Elaborating security requirements by construction of intentional anti-models , 2004, Proceedings. 26th International Conference on Software Engineering.

[13]  Tullio Joseph Tanzi,et al.  Designing Autonomous Crawling Equipment to Detect Personal Connected Devices and Support Rescue Operations: Technical and Societal Concerns , 2015 .