Securing C/C++ applications with a SEcube™-based model-driven approach

In this paper we demonstrate the power and flexibility of extreme model-driven design using C-IME, our integrated modelling environment for C/C++ by showing how easily an application modelled in C-IME can be enhanced with hardware security features. In fact, our approach does not require any changes of the application model. Rather, C-IME provides a dedicated modelling language for code generators which embodies a palette of security primitives that are implemented based on the SEcube™ API. We will illustrate how the required code generator can be modelled for a to-do list management application in our case study. It should be noted that this code generator is not limited to the considered application but it can be used to secure the file handling of any application modelled in C-IME.

[1]  Tiziana Margaria,et al.  Agile IT: Thinking in User-Centric Models , 2008, ISoLA.

[2]  Bernhard Steffen,et al.  Plug-and-Play Higher-Order Process Integration , 2013, Computer.

[3]  Antonio Varriale,et al.  Holistic security via complex HW/SW platforms , 2017, 2017 12th International Conference on Design & Technology of Integrated Systems In Nanoscale Era (DTIS).

[4]  T. Margaria,et al.  Modelling the people recognition pipeline in access control systems , 2016 .

[5]  Premkumar T. Devanbu,et al.  Software engineering for security: a roadmap , 2000, ICSE '00.

[6]  Tiziana Margaria,et al.  Incremental Requirement Specification for Evolving Systems , 2001, Nord. J. Comput..

[7]  Erwin Engeler,et al.  Structure and meaning of elementary programs , 1971, Symposium on Semantics of Algorithmic Languages.

[8]  Lin Liu,et al.  Security Requirements Engineering in the Wild: A Survey of Common Practices , 2011, 2011 IEEE 35th Annual Computer Software and Applications Conference.

[9]  Tiziana Margaria,et al.  IT Simply Works: Simplicity and Embedded Systems Design , 2011, 2011 IEEE 35th Annual Computer Software and Applications Conference Workshops.

[10]  Davide Ancona,et al.  A Formal Framework for Java Separate Compilation , 2002, ECOOP.

[11]  Bernhard Steffen,et al.  CINCO: a simplicity-driven approach to full generation of domain-specific graphical modeling tools , 2018, International Journal on Software Tools for Technology Transfer.

[12]  Costas Efstathiou,et al.  Exploiting cryptographic architectures over hardware vs. software implementations: advantages and trade-offs , 2006 .

[13]  Tiziana Margaria,et al.  Business Process Modeling in the jABC , 2009, Handbook of Research on Business Process Modeling.

[14]  Johannes Neubauer,et al.  MODEL DRIVEN DESIGN OF SECURE HIGH ASSURANCE SYSTEMS : AN INTRODUCTION TO THE OPEN PLATFORM FROM THE USER PERSPECTIVE , 2016 .

[15]  Bernhard Steffen,et al.  DIME: A Programming-Less Modeling Environment for Web Applications , 2016, ISoLA.

[16]  Cristina V. Lopes,et al.  Aspect-oriented programming , 1999, ECOOP Workshops.

[17]  Bernhard Steffen,et al.  Second-Order Servification , 2013, ICSOB.

[18]  Tiziana Margaria,et al.  A fully model-based approach to the design of the SEcube™ community web app , 2017, 2017 12th International Conference on Design & Technology of Integrated Systems In Nanoscale Era (DTIS).

[19]  Tiziana Margaria,et al.  Service-Orientation: Conquering Complexity with XMDD , 2012, Conquering Complexity.

[20]  Antonio Varriale,et al.  SEcube™: An open-source security platform in a single SoC , 2016, 2016 International Conference on Design and Technology of Integrated Systems in Nanoscale Era (DTIS).

[21]  Tiziana Margaria,et al.  Simplicity as a Driver for Agile Innovation , 2010, Computer.