Abstract
Securing critical systems such as cyber physical systems (CPS) is an important feature especially when it comes to critical transmitted data. At the same time, the implementation of security counter-measures in such systems may impact other functional or non-functional concerns. In this context, we propose a model-based approach for securing critical systems at early design stage. This approach combines security analysis and mitigation solution proposals with multi-concern architectural evaluation. It exploits two views of security counter-measures patterns: abstract and concrete. The abstract view is used to select relevant solutions to security requirements on a logical point of view. Then, the concrete view helps the architect evaluating different possible implementation alternatives against other design constraints. The modeling is based on accepted OMG standards such as UML and MARTE. In this paper, the approach is illustrated on a SCADA (Supervisory Control and Data Acquisition) system case study and a tool chain based on Papyrus UML supports the approach.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
EBIOS: Expression of Needs and Identification of Security Objectives from ANSSI, the french agency for security of information systems (Agence nationale de la sécurité des systèmes d'information).
- 2.
Optimum methodology is developed at LIST CEATech and is integrated within Papyrus opensource modeling tool.
- 3.
MARTE profile is a standard from the OMG (UML Profile for MARTE™: Modeling and Analysis of Real-time Embedded Systems™). http://www.omgmarte.org/.
References
ISO/IEC 27005: Information Technology — Security Techniques — Information Security Risk Management (2011)
Fernandez, E.B.: Security Patterns in Practice: Designing Secure Architectures Using Software Patterns. Wiley, New York (2013)
Bernardi, S., Merseguer, J., Petriu, D.C.: Dependability modeling and analysis of software systems specified with UML. ACM Comput. Surv. 45, 2 (2012)
Bernardi, S., Merseguer, J., Petriu, D.C.: A dependability profile within MARTE. Softw. Syst. Model. 10, 313–336 (2011)
Mehiaoui, A., Wozniak, E., Piergiovanni, S.T., Mraidha, C., Natale, M.D., Zeng, H., Babau, J.-P., Lemarchand, L., Gérard, S.: A two-step optimization technique for functions placement, partitioning, and priority assignment in distributed systems. In: SIGPLAN/SIGBED Conference on Languages, Compilers and Tools for Embedded Systems 2013, LCTES 2013, Seattle, WA, USA, June 20–21, 2013, pp. 121–132 (2013)
Walker, M., Reiser, M.-O., Tucci-Piergiovanni, S., Papadopoulos, Y., Lönn, H., Mraidha, C., Parker, D., Chen, D., Servat, D.: Automatic optimisation of system architectures using EAST-ADL. J. Syst. Softw. 86, 2467–2487 (2013)
Petriu, D.C., Woodside, C.M., Petriu, D.B., Xu, J., Israr, T., Georg, G., France, R., Bieman, J.M., Houmb, S.H., Jürjens, J.: Performance analysis of security aspects in UML models. In: Proceedings of the 6th International Workshop Software Performance, pp. 91–102 (2007)
Motii, A., Hamid, B., Lanusse, A., Bruel, J.-M.: Guiding the selection of security patterns based on security requirements and pattern classification. In: Proceedings of the 20th European Conference on Pattern Languages of Programs, pp. 10:1–10:17. ACM, New York (2015)
Hamid, B.: Interplay of security and dependability and resource using model-driven and pattern-based development. In: 2015 IEEE Trustcom/BigDataSE/ISPA, pp. 254–262 (2015)
Technical Information Bulletin 04-1: Supervisory Control and Data Acquisition (SCADA) System (2004)
Abdallah, R., Motii, A., Yakymets, N., Lanusse, A.: Using model driven engineering to support multi-paradigms security analysis. In: Desfray, P., et al. (eds.) MODELSWARD 2015. CCIS, vol. 580, pp. 278–292. Springer, Heidelberg (2015). doi:10.1007/978-3-319-27869-8_16
Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley Longman Publishing Co., Inc., Boston (1995)
Fernandez, E.B.: Using security patterns to develop secure systems. In: Software Engineering for Secure Systems: Industrial and Research Perspectives, pp. 16–31 (2011)
Bunke, M., Koschke, R., Sohr, K.: Organizing security patterns related to security and pattern recognition requirements. Int. J. Adv. Secur. 5, 46–67 (2012)
Hamid, B., Percebois, C.: A modeling and formal approach for the precise specification of security patterns. In: Jürjens, J., Piessens, F., Bielova, N. (eds.) ESSoS. LNCS, vol. 8364, pp. 95–112. Springer, Heidelberg (2014)
Dai, L.: Security variability design and analysis in an aspect oriented software architecture. In: Third IEEE International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2009, pp. 275–280 (2009)
Alam, O., Kienzle, J., Mussbacher, G.: Concern-oriented software design. In: Moreira, A., Schätz, B., Gray, J., Vallecillo, A., Clarke, P. (eds.) MODELS 2013. LNCS, vol. 8107, pp. 604–621. Springer, Heidelberg (2013)
Nguyen, P.H., Yskout, K., Heyman, T., Klein, J., Scandariato, R., Le Traon, Y.: Model-driven security based on a unified system of security design patterns (2015)
Hamid, B., Percebois, C., Gouteux, D.: A methodology for integration of patterns with validation purpose. In: Proceedings of the 17th European Conference on Pattern Languages of Programs, pp. 8:1–8:14. ACM, New York (2012)
Mraidha, C., Tucci-Piergiovanni, S., Gerard, S.: Optimum: a MARTE-based methodology for schedulability analysis at early design stages. SIGSOFT Softw. Eng. Notes 36, 1–8 (2011)
Harbour, M.G., Gutiérrez, J.J., Drake, J.M., Martínez, P.L., Palencia, J.C.: Modeling distributed real-time systems with MAST 2. J. Syst. Archit. 59, 331–340 (2013)
Tindell, K., Clark, J.: Holistic schedulability analysis for distributed hard real-time systems. Microprocess. Microprogram. 40, 117–134 (1994)
Alshamsi, A., Saito, T.: A technical comparison of IPSec and SSL. In: 19th International Conference on Advanced Information Networking and Applications (AINA 2005), Volume 1 (AINA papers), vol. 2, pp. 395–398 (2005)
Design and Performance of the OpenBSD Stateful Packet Filter (pf). http://www.benzedrine.ch/pf-paper.html
Acknowledgements
This work is conducted in the context of a Ph.D. thesis funded by CEA LIST and co-leaded by CEA (LISE) and IRIT (MACAO).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Motii, A., Lanusse, A., Hamid, B., Bruel, JM. (2016). Model-Based Real-Time Evaluation of Security Patterns: A SCADA System Case Study. In: Skavhaug, A., Guiochet, J., Schoitsch, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2016. Lecture Notes in Computer Science(), vol 9923. Springer, Cham. https://doi.org/10.1007/978-3-319-45480-1_30
Download citation
DOI: https://doi.org/10.1007/978-3-319-45480-1_30
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-45479-5
Online ISBN: 978-3-319-45480-1
eBook Packages: Computer ScienceComputer Science (R0)