Modeling Requirements for Security-enhanced Design of Embedded Systems

Alberto Ferrante, Igor Kaitovic, Jelena Milosevic

2014

Abstract

Designing an embedded system is a complex process that involves working on both hardware and software. The first step in the design process is defining functional and non-functional requirements; among them, it is fundamental to also consider security. We propose an effective way for designers to specify security requirements starting from User Security Requirements. User Security Requirements are high-level requirements related to security attacks that the system should be able to withstand. We also provide a mechanism to automatically translate these User Requirements into System Security Requirements, that include a detailed description of security solutions. For expressing requirements we use Unified Modeling Language (UML); specifically, we create a UML profile to describe user requirements and we use model-to-model transformation to automatically generate system requirements. We show the effectiveness of the modeling scheme and of the translation mechanism by applying our methodology to a case study based on wearable devices for e-health monitoring.

References

1. Ameen, M., Liu, J., and Kwak, K. (2012). Security and privacy issues in wireless sensor networks for healthcare applications. J. Med. Syst., 36(1):93-101.
2. Bouaziz, R. and Coulette, B. (2012). Applying security patterns for component based applications using uml profile. In Computational Science and Engineering (CSE), 2012 IEEE 15th International Conference on, pages 186-193.
3. Di Pietro, R. and Mancini, L. V. (2003). Security and privacy issues of handheld and wearable wireless devices. Commun. ACM, 46(9):74-79.
4. Ferrante, A., Milosevic, J., and Janjusevic, M. (2013). A security-enhanced design methodology for embedded systems. In ICETE SECRYPT 2013, Reykjavik, Iceland. ICETE.
5. ISO/IEC (2009). ISO/IEC 15408-3 - Evaluation criteria for IT security - Part 3: Security assurance components.
6. Jürjens, J. (2003). Secure Systems Development with UML. Springer Verlag.
7. Kargl, F., Lawrence, E., Fischer, M., and Lim, Y. Y. (2008). Security, privacy and legal issues in pervasive ehealth monitoring systems. In Mobile Business, 2008. ICMB 7808. 7th International Conference on, pages 296-304.
8. Kocher, P., Lee, R., McGraw, G., and Raghunathan, A. (2004). Security as a new dimension in embedded system design. In Proceedings of the 41st annual Design Automation Conference, DAC 7804, pages 753- 760, New York, NY, USA. ACM. Moderator-Ravi, Srivaths.
9. Köster, F., Nguyen, H., Obermeier, S., Brändle, M., Klaas, M., Naedele, M., and Brenner, W. (2009). Information security assessments for embedded systems development: An evaluation of methods. In 8th Annual Security Conference, Las Vegas, USA.
10. Markose, S., Liu, X., and McMillin, B. (2008). A systematic framework for structured object-oriented security requirements analysis in embedded systems. In Embedded and Ubiquitous Computing, 2008. EUC 7808. IEEE/IFIP International Conference on, volume 1, pages 75-81.
11. Massacci, F., Mylopoulos, J., and Zannone, N. (2010). Security requirements engineering: The si* modeling language and the secure tropos methodology. In Ras, Z. and Tsay, L.-S., editors, Advances in Intelligent Information Systems, volume 265 of Studies in Computational Intelligence, pages 147-174. Springer Berlin Heidelberg.
12. Object Management Group (2011). eling Language Infrastructure, http://www.omg.org/spec/UML/2.4.1.
13. Unified 2.4.1
14. Poon, C. C. Y., Zhang, Y.-T., and Bao, S.-D. (2006). A novel biometrics method to secure wireless body area sensor networks for telemedicine and m-health. Communications Magazine, IEEE, 44(4):73-81.
15. Rodriguez, A., Fernandez-Medina, E., and Piattini, M. (2006). Security requirement with a uml 2.0 profile. In Availability, Reliability and Security, 2006. ARES 2006. The First International Conference on.
16. Roudier, Y., Idrees, M. S., and Apvrille, L. (2013). Towards the model-driven engineering of security requirements for embedded systems. In MODRE 2013, International Workshop on Model-Driven Requirements Engineering, 15 July 2013, Rio de Janeiro, Brazil, Rio de Janeiro, BRAZIL.
17. The Eclipse Foundation (2013a). Eclipse development environment. http://www.eclipse.org.
18. The Eclipse Foundation (2013b). Papyrus UML modeling tool. http://www.eclipse.org/modeling/mdt/papyrus.
19. The Eclipse Foundation (2013c). VIATRA2, VIsual Automated model TRAnsformations. http://www.eclipse.org/gmt/VIATRA2/.
20. Viega, J. and Thompson, H. (2012). The state of embeddeddevice security (spoiler alert: It's bad). Security Privacy, IEEE, 10(5):68 -70.
21. Yu, E. (1997). Towards modelling and reasoning support for early-phase requirements engineering. In Requirements Engineering, 1997., Proceedings of the Third IEEE International Symposium on, pages 226-235.

Paper Citation

in Harvard Style

Ferrante A., Kaitovic I. and Milosevic J. (2014). Modeling Requirements for Security-enhanced Design of Embedded Systems . In Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014) ISBN 978-989-758-045-1, pages 315-320. DOI: 10.5220/0005050003150320

in Bibtex Style

@conference{secrypt14,
author={Alberto Ferrante and Igor Kaitovic and Jelena Milosevic},
title={Modeling Requirements for Security-enhanced Design of Embedded Systems},
booktitle={Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)},
year={2014},
pages={315-320},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005050003150320},
isbn={978-989-758-045-1},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)
TI - Modeling Requirements for Security-enhanced Design of Embedded Systems
SN - 978-989-758-045-1
AU - Ferrante A.
AU - Kaitovic I.
AU - Milosevic J.
PY - 2014
SP - 315
EP - 320
DO - 10.5220/0005050003150320