Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Graphical Models for Security

GraMSec 2017: Graphical Models for Security pp 99–106Cite as

Security Modeling for Embedded System Design

  • Conference paper
  • First Online:

  • 746 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10744))

Abstract

Among the many recent cyber attacks, the Mirai botnet DDOS attacks were carried out using infected IoTs. To prevent our connected devices from being thus compromised, their security vulnerabilities should be detected and mitigated early. This paper presents how the SysML-Sec Methodology has been enhanced for the evolving graphical modeling of security through the three stages of our embedded system design methodology: Analysis, HW/SW Partitioning, and Software Analysis. The security requirements and attack graphs generated during the Analysis phase determine the sensitive data and attacker model during the HW/SW Partitioning phase. We then accordingly generate a secured model with communication protection modeled using abstract security representations, which can then be translated into a Software/System Design Model. The Software Model is intended as the final detailed model of the system. Throughout the design process, formal verification and simulation evaluate safety, security, and performance of the system.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   44.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   60.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Ali, Y., El-Kassas, S., Mahmoud, M.: A rigorous methodology for security architecture modeling and verification. In: Proceedings of the 42nd Hawaii International Conference on System Sciences. IEEE (2009). 978-0-7695-3450-3/09

    Google Scholar 

  2. Apvrille, L., Roudier, Y.: SysML-Sec: a model driven approach for designing safe and secure systems. In: 3rd International Conference on Model-Driven Engineering and Software Development, Special session on Security and Privacy in Model Based Engineering. SCITEPRESS Digital Library, France, February 2015

    Google Scholar 

  3. Apvrille, L.: TTool, December 2003. ttool.telecom-paristech.fr

  4. Hansson, J., Wrage, L., Feiler, P.H., Morley, J., Lewis, B., Hugues, J.: Architectural modeling to verify security and nonfunctional behavior. IEEE Secur. Priv. 8(1), 43–49 (2010)

    Article  Google Scholar 

  5. Jürjens, J.: UMLsec: extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45800-X_32

    Chapter  Google Scholar 

  6. Kamkar, S.: Skyjack: autonomous drone hacking (2003). http://www.samy.pl/skyjack/

  7. Kordy, B., Kordy, P., Mauw, S., Schweitzer, P.: ADTool: security analysis with attack–defense trees. In: Joshi, K., Siegle, M., Stoelinga, M., D’Argenio, P.R. (eds.) QEST 2013. LNCS, vol. 8054, pp. 173–176. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40196-1_15

    Chapter  Google Scholar 

  8. van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proceedings of the 26th International Conference on Software Engineering, ICSE 2004, pp. 148–157 (2004)

    Google Scholar 

  9. Li, L.W., Lugou, F., Apvrille, L.: Security-aware modeling and analysis for HW/SW partitioning. In: Conferénce on Model-Driven Engineering and Software Development (Modelsward 2017), Porto, Portugal, February 2017

    Google Scholar 

  10. Lin, C.W., Zheng, B., Zhu, Q., Sangiovanni-Vincentelli, A.: Security-aware design methodology and optimization for automotive systems. ACM Trans. Des. Autom. Electroni. Syst. (TODAES) 21(1), 18 (2015)

    Google Scholar 

  11. Lodderstedt, T., Basin, D., Doser, J.: SecureUML: a UML-based modeling language for model-driven security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45800-X_33

    Chapter  Google Scholar 

  12. Lugou, F., Li, L.W., Apvrille, L., Ameur-Boulifa, R.: SysML models and model transformation for security. In: Conferénce on Model-Driven Engineering and Software Development (Modelsward 2016), Rome, Italy, February 2016

    Google Scholar 

  13. Rodday, N.: Hacking a Professional Drone, March 2016. Slides at www.blackhat.com/docs/asia-16/materials/asia-16-Rodday-Hacking-A-Professional-Drone.pdf

  14. Roudier, Y., Idrees, M.S., Apvrille, L.: Towards the model-driven engineering of security requirements for embedded systems. In: Proceedings of MoDRE 2013, Rio de Janeiro, Brazil, July 2013

    Google Scholar 

  15. Tanzi, T.J., Sebastien, O., Rizza, C.: Designing autonomous crawling equipment to detect personal connected devices and support rescue operations: technical and societal concerns. Radio Sci. Bull. 355(355), 35–44 (2015)

    Google Scholar 

  16. Vasilevskaya, M., Nadjm-Tehrani, S.: Quantifying risks to data assets using formal metrics in embedded system design. In: Koornneef, F., van Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9337, pp. 347–361. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24255-2_25

    Chapter  Google Scholar 

Download references

Acknowledgment

This work was partly funded by the French Government (National Research Agency, ANR) through the Investments for the Future Program reference #ANR-11-LABX-0031-01 and Institut VEDECOM.

Author information

Authors and Affiliations

  1. Télécom ParisTech, Université Paris-Saclay, 450 route des Chappes, Sophia Antipolis, France

    Letitia W. Li, Florian Lugou & Ludovic Apvrille

  2. Institut VEDECOM, 77 rue des Chantiers, Versailles, France

    Letitia W. Li

Authors
  1. Letitia W. Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Florian Lugou
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ludovic Apvrille
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Letitia W. Li .

Editor information

Editors and Affiliations

  1. Pennsylvania State University, University Park, Pennsylvania, USA

    Peng Liu

  2. University of Luxembourg, Esch-sur-Alzette, Luxembourg

    Sjouke Mauw

  3. Blindern, SINTEF ICT, Oslo, Norway

    Ketil Stolen

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Li, L.W., Lugou, F., Apvrille, L. (2018). Security Modeling for Embedded System Design. In: Liu, P., Mauw, S., Stolen, K. (eds) Graphical Models for Security. GraMSec 2017. Lecture Notes in Computer Science(), vol 10744. Springer, Cham. https://doi.org/10.1007/978-3-319-74860-3_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-74860-3_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-74859-7

  • Online ISBN: 978-3-319-74860-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation