SysML Model Transformation for Safety and Security Analysis

While the awareness toward the security and safety of embedded systems has recently improved due to various significant attacks, the issue of building a practical but accurate methodology for designing such safe and secure systems still remains unsolved. Where test coverage is dissatisfying, formal analysis grants much higher potential to discover security vulnerabilities during the design phase of a system. Yet, formal verification methods often require a strong technical background that limits their usage. In this paper, we formally describe a verification process that enables us to prove security-oriented properties such as confidentiality on block and state machine diagrams of SysML. The mathematical description of the translation of these formally defined diagrams into a ProVerif specification enables us to prove the correctness of the verification method.

[1]  Karsten Sohr,et al.  A first step towards formal verification of security policy properties for RBAC , 2004, Fourth International Conference onQuality Software, 2004. QSIC 2004. Proceedings..

[2]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[3]  Ben Smyth,et al.  ProVerif 1.85: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial , 2011 .

[4]  Roberto M. Amadio,et al.  On the symbolic reduction of processes with cryptographic functions , 2001, LACPV@CAV.

[5]  John C. Mitchell,et al.  Undecidability of bounded security protocols , 1999 .

[6]  Florian Lugou Approaches for analyzing security properties of smart objects. (Environnement pour l'analyse de sécurité d'objets communicants) , 2018 .

[7]  Rabéa Ameur-Boulifa,et al.  SysML models and model transformation for security , 2016, 2016 4th International Conference on Model-Driven Engineering and Software Development (MODELSWARD).

[8]  Denis Trcek,et al.  Formal language for security services base modelling and analysis , 1995, Comput. Commun..

[9]  Marie-Jeanne Toussaint,et al.  A New Method for Analyzing the Security of Cryptographic Protocols , 1993, IEEE J. Sel. Areas Commun..

[10]  Denis Trek,et al.  Research: Formal language for security services base modelling and analysis , 1995 .

[11]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[12]  Jan Jürjens Developing Secure Embedded Systems: Pitfalls and How to Avoid Them , 2007, 29th International Conference on Software Engineering (ICSE'07 Companion).

[13]  Jing Hu,et al.  An Extended UML Method for the Verification of Security Protocols , 2014, 2014 19th International Conference on Engineering of Complex Computer Systems.

[14]  Gabriel Pedroza,et al.  AVATAR: A SysML Environment for the Formal Verification of Safety and Security Properties , 2011, 2011 11th Annual International Conference on New Technologies of Distributed Systems.

[15]  Bruno Blanchet,et al.  Reconstruction of attacks against cryptographic protocols , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[16]  Jonathan D. Moffett,et al.  The Integration of Safety and Security Requirements , 1999, SAFECOMP.

[17]  Ludovic Apvrille,et al.  Designing Safe and Secure Embedded and Cyber-Physical Systems with SysML-Sec , 2015, MODELSWARD.

[18]  Antonio Maña,et al.  Towards Formal Specification of Abstract Security Properties , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[19]  Barbara Kordy,et al.  Foundations of Attack-Defense Trees , 2010, Formal Aspects in Security and Trust.

[20]  Mohy Mahmoud,et al.  A Rigorous Methodology for Security Architecture Modeling and Verification , 2009 .