Abstract
The rising significance and widening of embedded systems stipulate the importance of the security means against a great deal of computer security threats. Such systems involving a diversity of an-hoc embedded and mobile electronic devices functioning with the use of a broadband Internet access and even cloud technologies, are referenced conventionally as Internet of Things systems (IoT). Due to specificity of IoT systems the application of the combined security mechanisms requires their efficient energy and computing resource consumption, identification of potential conflicts and incompatibilities, control of information flows, monitoring anomalies of data in the system and other issues. At that an increased design complexity of IoT systems is determined by a low structuring and formalization of security knowledge in the field. We proposed an approach to identification of embedded security expert knowledge for its subsequent use in automated design, verification and testing tools for secure IoT systems. The paper encompasses the core elements of the proposed technique, namely security component configuring, revelation of implicit conflicts, verification of network information flows and abnormal data from sensors. The domain specific analysis of the field of embedded security is described. We also present the revealed expert knowledge used for configuration, verification and testing of embedded devices. Issues of software implementation and discussion are covered.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Abraham DG, Dolan GM, Double GP, Stevens JV (1991) Transaction security system. IBM Syst J 30(2):206–228
Agaskar A, He T, Tong L (2010) Distributed detection of multi-hop information flows with fusion capacity constraints. Signal Process IEEE Trans 58(6):3373–3383
Arbaugh WA, van Doorn L (2001) Embedded security: challenges and concerns. Comput J 34(10):40–41
Braghin C, Sharygina N, Barone-Adesi K (2011) A model checking-based approach for security policy verification of mobile systems. Form Asp Comput 23(5):627–648
Burleson W, Clark SS, Ransford B, Fu K (2012) Design challenges for secure implantable medical devices. In: Design Automation Conference (DAC), 49th ACM/EDAC/IEEE, pp 12–17
Chechulin A, Kotenko I, Desnitsky V (2012) An approach for network information flow analysis for systems of embedded components. LNCS 7531:146–155
Desnitsky V, Kotenko I (2014) Expert knowledge based design and verification of secure systems with embedded devices. Lecture notes in computer science (LNCS), vol 8708. Springer, Cham, pp 194–210
Desnitsky V, Kotenko I, Chechulin A (2012) Configuration-based approach to embedded device security. LNCS 7531:270–285
Desnitsky V, Kotenko I, Nogin S (2015) Detection of anomalies in data for monitoring of security components in the internet of things. In: XVIII international conference on soft computing and measurements (SCM’2015). IEEE Xplore
Dick N, McCallum N (2004) High-speed security embedded security. Commun Eng J 2(2):37–39
Henzinger TA, Sifakis J (2006) The embedded systems design challenge. LNCS, vol 4085. Springer, Berlin Heidelberg, pp 1–15
Hwang DD, Schaumont P, Tiri K, Verbauwhede I (2006) Securing embedded systems. IEEE Educ Act Dep IEEE Secur Priv 4(2):40–49
http://www.isasecure.org. Accessed 4 April 2016
Juengst WE, Heinrich M (1998) Using resource balancing to configure modular systems. Intell Syst Appl IEEE Comput Soc 13(4):50–58
Knezevic M, Rozic V, Verbauwhede I (2009) Design methods for embedded security. Telfor J 1(2):69–72
Kocher P, Lee R, Mcgraw G, Ravi S (2004) Security as a new dimension in embedded system design. In: Proceedings of the 41st design automation conference (DAC’04), pp 753–760
Kommerling O, Kuhn MG (1999) Design principles for tamper-resistant smartcard processors. In: Proceedings of the USENIX workshop on smartcard technology, pp 9–20
Koopman P (2004) Embedded system security. IEEE Comput 37(7):95-97
Kotenko I, Polubelova O (2011) Verification of security policy filtering rules by model checking. In: Proceedings of IEEE fourth international workshop on “intelligent data acquisition and advanced computing systems: technology and applications” (IDAACS’2011), pp 706–710
http://www.nomagic.com. Accessed 4 April 2016
McComb T, Wildman L (2006) User guide for SIFA v.1.0. Technical report
http://www.modelio.org. Accessed 4 April 2016
Moyers BR, Dunning JP, Marchany RC, Tron JG (2010) Effects of wi-fi and bluetooth battery exhaustion attacks on mobile devices. In: Proceedings of the 43rd Hawaii international conference on system sciences (HICSS’10), IEEE Computer Society, pp 1–9
MARTE. Object Management Group (2011) The UML profile for MARTE: modeling and analysis of real-time and embedded systems, Version 1.1
Pistoia M, Chandra S, Fink S, Yahav E (2007) A survey of static analysis methods for identifying security vulnerabilities in software systems. IBM Syst J 46:265–288
Potlapally N (2011) Topics in secure embedded system design. A Dissertation presented to the Faculty of Princeton University in Candidacy for the Degree of Doctor of Philosophy by the Department of Electrical Engineering, Published 2011.10.19 by ProQuest, UMI Dissertation Publishing, ISBN:1244946192, Paperback 86 pages
Rae A, Fidge C (2005) Identifying critical components during information security evaluations. J Res Pract Inf Technol 37:391–402
Rae AJ, Wildman LP (2003) A taxonomy of attacks on secure devices. In: Australian information warfare and IT security, 20–21 November 2003, Australia, pp 251–264
Ravi S, Raghunathan A, Kocher P, Hattangady S (2004) Security in embedded systems: design challenges. ACM Trans Embed Comput Syst 3(3):461–491
Ruiz JF, Harjani R, Maña A, Desnitsky V, Kotenko I, Chechulin A (2012) A methodology for the analysis and modeling of security threats and attacks for systems of embedded components. In: Proceedings of the 20th Euromicro international conference on parallel, distributed and network-based computing (PDP2012). Munich, Germany, February 15–17
Ruiz JF, Rein A, Arjona M, Mana A, Monsifrot A, Morvan M (2012) Security engineering and modelling of set-top boxes. In: Proceedings of biomedical computing (BioMedCom), 2012 ASE/IEEE international conference, pp 113–122
Sabin D, Weigel R (1998) Product configuration frameworks-a survey. Intell Syst Appl IEEE Comput Soc 13(4):42–49
SecFutur. Design of Secure and energy-efficient embedded systems for Future internet applications, FP7 Project Web site, http://www.secfutur.eu. Accessed 4 April 2016
Schumacher M, Fernandez-Buglioni E, Hybertson D, Buschmann F, Sommerlad P (2006) Security patterns: integrating security and systems engineering. Wiley, Hoboken
Sprintson A, El Rouayheb S, Georghiades C (2009) A new construction method for networks from matroids. In: Proceedings of the 2009 symposium on information theory (ISIT’09)
Trusted Platform Module. http://www.trustedcomputinggroup.org/resources/tpm_main_specification. Accessed 4 April 2016
http://www.altova.com/umodel.html. Accessed 4 April 2016
Wang Z, Johnson R, Murmuria R, Stavrou A (2012) Exposing security risks for commercial mobile devices. Comput Netw Secur LNCS 7531:3–21
Wei G, Qin Y (2009) An approach of product configuration based on decision tree and minimum conflicts repair algorithm. In: Proceedings of the International Conference on Information Management, Innovation Management and Industrial Engineering (ICII ‘09), vol 1, pp 126–129
Yu B, Skovgaard HJ (1998) A configuration tool to increase product competitiveness. IEEE Intell Syst 4:34–41
Acknowledgments
This research is being supported by the Grants of The Ministry of Education and Science of The Russian Federation (contract # 14.604.21.0147, unique contract identifier RFMEFI60414X0147).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Desnitsky, V., Kotenko, I. Automated design, verification and testing of secure systems with embedded devices based on elicitation of expert knowledge. J Ambient Intell Human Comput 7, 705–719 (2016). https://doi.org/10.1007/s12652-016-0371-6
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-016-0371-6