Design Space Exploration for Secure IoT Devices and Cyber-Physical Systems

With the advent of the Internet of Things (IoT) and Cyber-Physical Systems (CPS), embedded devices have been gaining importance in our daily lives, as well as industrial processes. Independent of their usage, be it within an IoT system or a CPS, embedded devices are always an attractive target for security attacks, mainly due to their continuous network availability and the importance of the data they handle. Thus, the design of such systems requires a thorough consideration of the various security constraints they are liable to. Introducing these security constraints, next to other requirements, such as power consumption, and performance increases the number of design choices a system designer must consider. As the various constraints are often conflicting with each other, designers face the complex task of balancing them. System designers facilitate Design Space Exploration (DSE) tools to support a system designer in this job. However, available DSE tools only offer a limited way of considering security constraints during the design process. In this article, we introduce a novel DSE framework, which allows the consideration of security constraints, in the form of attack scenarios, and attack mitigations in the form of security tasks. Based on the descriptions of the system’s functionality and architecture, possible attacks, and known mitigation techniques, the framework finds the optimal design for a secure IoT device or CPS. Our framework’s functionality and its benefits are shown based on the design of a secure sensor system.

[1]  Renfa Li,et al.  Security-aware signal packing algorithm for CAN-based automotive cyber-physical systems , 2015, IEEE/CAA Journal of Automatica Sinica.

[2]  John Yen,et al.  Using Bayesian Networks for Probabilistic Identification of Zero-Day Attack Paths , 2018, IEEE Transactions on Information Forensics and Security.

[3]  David Heckerman,et al.  Causal independence for probability assessment and inference using Bayesian networks , 1996, IEEE Trans. Syst. Man Cybern. Part A.

[4]  Alberto L. Sangiovanni-Vincentelli,et al.  Security-Aware Modeling and Efficient Mapping for CAN-Based Real-Time Distributed Automotive Systems , 2015, IEEE Embedded Systems Letters.

[5]  Indrajit Ray,et al.  Dynamic Security Risk Management Using Bayesian Attack Graphs , 2012, IEEE Transactions on Dependable and Secure Computing.

[6]  Chantal Ykman-Couvreur,et al.  An industrial design space exploration framework for supporting run-time resource management on multi-core systems , 2010, 2010 Design, Automation & Test in Europe Conference & Exhibition (DATE 2010).

[7]  Minqiang Li,et al.  A security risk analysis model for information systems: Causal relationships of risk factors and vulnerability propagation analysis , 2014, Inf. Sci..

[8]  Ulrich Neffe,et al.  Security Driven Design Space Exploration for Embedded Systems , 2019, 2019 Forum for Specification and Design Languages (FDL).

[9]  Michael Glaß,et al.  Multi-variant-based design space exploration for automotive embedded systems , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[10]  George Ungureanu,et al.  Throughput Propagation in Constraint-Based Design Space Exploration for Mixed-Criticality Systems , 2017, RAPIDO.

[11]  Bernhard Schätz,et al.  Automating design-space exploration: Optimal deployment of automotive SW-components in an ISO26262 context , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[12]  Hiroaki Takada,et al.  Security/Timing-Aware Design Space Exploration of CAN FD for Automotive Cyber-Physical Systems , 2019, IEEE Transactions on Industrial Informatics.

[13]  Sajjan G. Shiva,et al.  Use of Attack Graphs in Security Systems , 2014, J. Comput. Networks Commun..

[14]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[15]  Eunsuk Kang,et al.  Design Space Exploration for Security , 2016, 2016 IEEE Cybersecurity Development (SecDev).

[16]  Alberto Sangiovanni-Vincentelli,et al.  Security-Aware Design for Cyber-Physical Systems , 2017 .

[17]  Raffaela Mirandola,et al.  Multi-modeling Approach to Performance Engineering of Cyber-Physical Systems Design , 2017, 2017 22nd International Conference on Engineering of Complex Computer Systems (ICECCS).

[18]  Ingo Sander,et al.  A constraint-based design space exploration framework for real-time applications on MPSoCs , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[19]  Chih-Ta Lin,et al.  Cyber attack and defense on industry control systems , 2017, 2017 IEEE Conference on Dependable and Secure Computing.

[20]  Petru Eles,et al.  Optimization of secure embedded systems with dynamic task sets , 2013, 2013 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[21]  Sebastian Voss,et al.  Design Space Exploration and its Visualization in AUTOFOCUS3 , 2014, Software Engineering.

[22]  Florian Lugou,et al.  Security-aware Modeling and Analysis for HW/SW Partitioning , 2017, MODELSWARD.

[23]  Zaheera Zainal Abidin,et al.  Cyber-Security Incidents: A Review Cases in Cyber-Physical Systems , 2018 .

[24]  Christian Steger,et al.  A Security Aware Design Space Exploration Framework , 2019, ICONS 2019.

[25]  Jan Jürjens Sound methods and effective tools for model-based security engineering with UML , 2005, ICSE '05.

[26]  Lingyu Wang,et al.  Measuring Network Security Using Bayesian Network-Based Attack Graphs , 2008, 2008 32nd Annual IEEE International Computer Software and Applications Conference.

[27]  George Ungureanu,et al.  Exploring Power and Throughput for Dataflow Applications on Predictable NoC Multiprocessors , 2018, 2018 21st Euromicro Conference on Digital System Design (DSD).

[28]  Alberto L. Sangiovanni-Vincentelli,et al.  Security-aware mapping for TDMA-based real-time distributed systems , 2014, 2014 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[29]  Peng Deng,et al.  Cross-Layer Codesign for Secure Cyber-Physical Systems , 2016, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[30]  William H. Hsu,et al.  A Survey of Algorithms for Real-Time Bayesian Network Inference , 2002 .

[31]  Jenq Kuen Lee,et al.  System-level design space exploration for security processor prototyping in analytical approaches , 2005, Proceedings of the ASP-DAC 2005. Asia and South Pacific Design Automation Conference, 2005..

[32]  Martin Lukasiewycz,et al.  Security-Aware Obfuscated Priority Assignment for Automotive CAN Platforms , 2016, TODE.

[33]  Rakesh Bobba,et al.  A design-space exploration for allocating security tasks in multicore real-time systems , 2017, 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[34]  Stefan Henkler,et al.  Integrating the Security Aspect into Design Space Exploration of Embedded Systems , 2014, 2014 IEEE International Symposium on Software Reliability Engineering Workshops.