Abstract
Functional and technical cyber-resilience gain increasing relevance for the health and integrity of connected and interoperating systems. In this chapter we demonstrate the power and flexibility of extreme model-driven design to provide holistic security to security-agnostic applications. Using C-IME, our integrated modelling environment for C/C++, we show how easily a modelled application can be enhanced with hardware security features fully automatically during code generation. We illustrate how to use this approach and design environment to make any modelled application ready to securely store its data in potentially insecure environments. The same approach can be used to secure communication over potentially insecure channels. In fact, our approach does not require any changes of the application model. Rather, our integrated modelling environment provides a dedicated modelling language for code generators which resorts to a Domain Specific Language for security. It is realized as a palette of security primitives whose implementation is based on underlying hardware security technology. The code generator injects security appropriately into the models of the applications under development. We illustrate the use of this security-injecting code generator on the case study of a to-do list management application. The code generator is generic and can be used to secure the file handling of any application modelled in the C-IME.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
We call IMEs the integrated development environments for (graphical) modelling languages, in analogy to the IDEs (integrated development environments) for classical code-level programming like Eclipse or IntelliJ.
References
Ancona D, Lagorio G, Zucca E (2002) A formal framework for java separate compilation. In: ECOOP Proceedings, ECOOP’02. Springer, London, pp 609–636
Björck F, Henkel M, Stirna J, Zdravkovic J (2015) Cyber resilience – Fundamentals for a definition. Springer, Cham, pp 311–316
Boßelmann S, Frohme M, Kopetzki D, Lybecait M, Naujokat S, Neubauer J, Wirkner D, Zweihoff P, Steffen B (2016) Dime: a programming-less modeling environment for web applications. In: Proceedings of the ISoLA’16 Proceedings. LNCS, vol 9953. Springer, Cham, pp 809–832
Boßelmann S, Kühn D, Margaria T (2017) A fully model-based approach to the design of the secube™ community web app. In: Proceedings of the 2017 12th International Conference on Design Technology of Integrated Systems In Nanoscale Era (DTIS). IEEE, Piscataway, pp 1–7
Boßelmann S, Neubauer J, Naujokat S, Steffen B (2016) Model-driven design of secure high assurance systems: an introduction to the open platform from the user perspective. In: Margaria T, Solo MGA (eds) SAM’16. Special track “End-to-end Security and Cybersecurity: from the Hardware to Application”. CSREA Press, USA, pp 145–151
Devanbu PT, Stubblebine S (2000) Software engineering for security: a roadmap. In: FOSE Proceedings, ICSE’00. ACM, New York, pp 227–239
Dropbox. https://www.dropbox.com. Accessed 18 Nov 2017
Dropbox hack leads to leaking of 68m user passwords on the internet. https://www.theguardian.com/technology/2016/aug/31/dropbox-hack-passwords-68m-data-breach. Accessed 18 Nov 2017
Elahi G, Yu E, Li T, Liu L (2011) Security requirements engineering in the wild: a survey of common practices. In: Proceedings of the 2011 IEEE 35th COMPSAC. IEEE, Piscataway, pp 314–319
Engeler E (1971) Structure and meaning of elementary programs. In: Proceedings of the Symposium on Semantics of Algorithmic Languages. Springer, Berlin, pp 89–101
Farulla GA, Indaco M, Legay A, Margaria T (2016) Model driven design of secure properties for vision-based applications: a case study. In: Proceedings of the International Conference on Security and Management (SAM). World Congress in Computer Science Computer Engineering and Applied Computing (WorldComp). CSREA Press, USA, pp 1–6
Farulla GA, Lamprecht AL (2017) Model checking of security properties: a case study on human-robot interaction processes. In: Proceedings of the 2017 12th International Conference on Design Technology of Integrated Systems in Nanoscale Era (DTIS). IEEE, Piscataway, pp 1–6
Farulla GA, Prinetto P, Varriale A (2017) Holistic security via complex HW/SW platforms. In: Proceedings of the 2017 12th International Conference on Design Technology of Integrated Systems in Nanoscale Era (DTIS). IEEE, Piscataway, pp 1–6
Google Drive. https://www.google.com/drive. Accessed 18 Nov 2017
Gossen F, Neubauer J, Steffen B (2017) Securing C/C++ applications with a secube™-based model-driven approach. In: Proceedings of the 2017 12th International Conference on Design Technology of Integrated Systems in Nanoscale Era (DTIS). IEEE, Piscataway, pp 1–7
Gossen F, Tiziana M, Göke T (2016) Modelling the people recognition pipeline in access control systems. Proc Inst Syst Program RAS 28:205–220
Jonsson B, Margaria T, Naeser G, Nyström J, Steffen B (2001) Incremental requirement specification for evolving systems. Nordic J Comput, 8(1):65–87
Jorges S, Kubczak C, Pageau F, Margaria T (2007) Model driven design of reliable robot control programs using the jABC. In: Fourth IEEE International Workshop on Engineering of Autonomic and Autonomous Systems, EASe’07. IEEE, Piscataway, pp 137–148
Jörges S, Lamprecht AL, Margaria T, Schaefer I, Steffen B (2012) A constraint-based variability modeling framework. Int J Softw Tools Technol Transfer, Springer, Berlin, Heidelberg, 14(5):511–530
Jörges S, Margaria T, Steffen B (2008) Genesys: service-oriented construction of property conform code generators. Innov Syst Softw Eng 4(4):361–384
Kiczales G, Lamping J, Mendhekar A, Maeda C, Lopes C, Loingtier JM, Irwin J (1997) Aspect-oriented programming. In: Akşit M, Matsuoka S (eds) ECOOP’97. LNCS, vol 1241. Springer, Berlin, pp 220–242
Lamprecht AL, Naujokat S, Margaria T, Steffen B (2010) Synthesis-based loose programming. In: Proceedings of the 2010 Seventh International Conference on the Quality of Information and Communications Technology. IEEE, Piscataway, pp 262–267
Lamprecht A, Steffen B, Margaria T (2016) Scientific workflows with the jABC framework – a review after a decade in the field. STTT 18(6):629–651
Margaria T, Steffen B (2007) LTL guided planning: revisiting automatic tool composition in ETI. In: Proceedings of the 31st IEEE Software Engineering Workshop (SEW 2007). IEEE, Piscataway, pp 214–226
Margaria T, Steffen B (2010) Simplicity as a driver for agile innovation. Computer 43(6):90–92
Margaria T, Floyd BD, Steffen B (2011) IT simply works: simplicity and embedded systems design. In: Proceedings of the IEEE 35th COMPSACW. IEEE, Piscataway, pp 194–199
Margaria T, Steffen B (2004) Lightweight coarse-grained coordination: a scalable system-level approach. STTT 5(2–3):107–123
Margaria T, Steffen B (2008) Agile IT: thinking in user-centric models. In: Margaria T, Steffen B (eds) ISoLA’08 Proceedings. Springer, Berlin/Heidelberg, pp 490–502
Margaria T, Steffen B (2009) Business process modelling in the jABC: the one-thing-approach. In: Cardoso J, van der Aalst W (eds) Handbook of research on business process modeling. IGI Global, Hershey
Margaria T, Steffen B (2012) Service-orientation: conquering complexity with XMDD. In: Hinchey M, Coyle L (eds) Conquering complexity. Springer, London, pp 217–236
Naujokat S, Lybecait M, Kopetzki D, Steffen B (2018) Cinco: a simplicity-driven approach to full generation of domain-specific graphical modeling tools. Int J Softw Tools Technol Transfer 20:327. https://doi.org/10.1007/s10009-017-0453-6
Neubauer J, Steffen B (2013) Plug-and-play higher-order process integration. Computer 46(11):56–62
Neubauer J, Steffen B (2013) Second-order servification. In: Herzwurm G, Margaria T (eds) Software business. From physical products to software services and solutions. LNBIP, vol 150. Springer, Heidelberg, pp 13–25
Onedrive. https://onedrive.live.com. Accessed 18 Nov 2017
Sklavos N, Touliou K, Efstathiou C (2006) Exploiting cryptographic architectures over hardware vs. software implementations: advantages and trade-offs. In: Biolek D (ed) AEE’06 Proceedings, WSEAS. Stevens Point, Wisconsin, pp 147–151
Steffen B, Margaria T, Freitag B (1993) Module configuration by minimal model construction. Technical report, Technical Report MIP Technical Report MIP 9313, Fakultät für Mathematik und Informatik, Universität Passau
Steffen B, Naujokat S (2016) Archimedean points: the essence for mastering change. Trans Found Mastering Change 1:22–46
Varriale A, Vatajelu EI, Natale GD, Prinetto P, Trotta P, Margaria T (2016) Secube™: an open-source security platform in a single SOC. In: DTIS Proceedings. IEEE, Piscataway, pp 1–6
Acknowledgements
This work was supported, in part, by Science Foundation Ireland grant 13/RC/2094 and co-funded under the European Regional Development Fund through the Southern & Eastern Regional Operational Programme to Lero - the Irish Software Research Centre (www.lero.ie).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Gossen, F., Margaria, T., Neubauer, J., Steffen, B. (2019). A Model-Driven and Generative Approach to Holistic Security. In: Flammini, F. (eds) Resilience of Cyber-Physical Systems. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-319-95597-1_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-95597-1_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-95596-4
Online ISBN: 978-3-319-95597-1
eBook Packages: Computer ScienceComputer Science (R0)