A Methodology for the Analysis and Modeling of Security Threats and Attacks for Systems of Embedded Components

The development of systems based on embedded components is a challenging task because of their distributed, reactive and real-time nature. From a security point of view, embedded devices are basically systems owned by a certain entity, used frequently as part of systems owned by other entities and operated in a potentially hostile environment. The development of security-enhanced systems of embedded components is a difficult task due to different types of threats that may affect such systems, and because the security in systems of embedded devices is currently added as an additional feature when the development is advanced, or avoided as a superfluous characteristic. We present in this paper a methodology for the analysis and modeling of threats and attacks for systems of embedded components. The Intruder Model allows us to describe possible actions a potential intruder can accomplish, depending on his/her capabilities, resources, etc. Using this information, we can define a Threat Model that will specify the threats and attacks that affect different security properties in specific domains.

[1]  Craig Larman,et al.  Applying UML and patterns , 1997 .

[2]  Antonio Maña,et al.  A Security Modelling Framework for Systems of Embedded Components , 2011, 2011 IEEE 13th International Symposium on High-Assurance Systems Engineering.

[3]  J. K. R. Sastry,et al.  Attacking embedded systems through fault injection , 2011, 2011 2nd National Conference on Emerging Trends and Applications in Computer Science.

[4]  William Yurcik,et al.  Threat Modeling as a Basis for Security Requirements , 2005 .

[5]  M. Kuhn,et al.  The Advanced Computing Systems Association Design Principles for Tamper-resistant Smartcard Processors Design Principles for Tamper-resistant Smartcard Processors , 2022 .

[6]  Dianxiang Xu,et al.  Threat-Driven Architectural Design of Secure Information Systems , 2018, ICEIS.

[7]  Gabor Karsai,et al.  Integrating Security Modeling into Embedded System Design , 2007, 14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems (ECBS'07).

[8]  Dimitrios N. Serpanos,et al.  Security and Privacy in Distributed Smart Cameras , 2008, Proceedings of the IEEE.

[9]  Dennis G. Abraham,et al.  Transaction Security System , 1991, IBM Syst. J..

[10]  Luke Wildman,et al.  A taxonomy of attacks on secure devices , 2003 .