Security-aware Modeling and Analysis for HW/SW Partitioning

Letitia W. Li, Florian Lugou, Ludovic Apvrille

Abstract

The rising wave of attacks on communicating embedded systems has exposed their users to risks of information theft, monetary damage, and personal injury. Through improved modeling and analysis of security, we propose that these flaws could be mitigated. Since HW/SW partitioning, one of the first phases, impacts future integration of security into the system, this phase would benefit from supporting modeling security abstractions and security properties, providing designers with useful partitioning feedback obtained from a security formal analyzer. In this paper, we present how our toolkit supports security modeling, automated security integration, and formal analysis during the HW/SW partitioning phase for secure communications in embedded systems. We introduce “Cryptographic Configurations”, an abstract representation of security that allows us to verify security formally. Our toolkit further assists designers by automatically adding these security representations based on a mapping and security requirements.

References

  1. Ali, Y., El-Kassas, S., and Mahmoud, M. (2009). A rigorous methodology for security architecture modeling and verification. In Proceedings of the 42nd Hawaii International Conference on System Sciences, volume 978-0-7695-3450-3/09. IEEE.
  2. Apvrille, A. (2015). Geek usages for your fitbit flex tracker hack.lu, luxemburg, october 2015. Slides at framadrive.org/index.php/s/Wk6nxAKMpVTdQl4.
  3. Apvrille, L. (2003). TTool. ttool.telecom-paristech.fr.
  4. Apvrille, L. and Roudier, Y. (2015). SysML-Sec: A model driven approach for designing safe and secure systems. In 3rd International Conference on ModelDriven Engineering and Software Development, Special session on Security and Privacy in Model Based Engineering, France. SCITEPRESS Digital Library.
  5. Avalle, M., Pironti, A., and Sisto, R. (2014). Formal verification of security protocol implementations: a survey. Formal Aspects of Computing, 26(1):99-123.
  6. Balarin, F., Watanabe, Y., Hsieh, H., Lavagno, L., Passerone, C., and Sangiovanni-Vincentelli, A. (2003). Metropolis: An Integrated Electronic System Design Environment. Computer, 36(4):45-52.
  7. Blanchet, B. (2001). An efficient cryptographic protocol verifier based on prolog rules. In Proceedings of the 14th IEEE Workshop on Computer Security Foundations, CSFW 7801, pages 82-, Washington, DC, USA. IEEE Computer Society.
  8. Constantin, L. (2016). Researchers hack Tesla Model S with remote attack. http://www.pcworld.com/article/ 3121999/security/researchers-demonstrate-remoteattack-against-tesla-model-s.html.
  9. Costin, A. and Francillon, A. (2012). Ghost in the Air(Traffic): On insecurity of ADS-B protocol and practical attacks on ADS-B devices. In BLACKHAT 2012, July 21-26, 2012, Las Vegas, NV, USA, Las Vegas, USA.
  10. Drouineaud, M., Bortin, M., Torrini, P., and Sohr, K. (2004). A first step towards formal verification of security policy properties for rbac. In QSIC'04, pages 60-67, Washington, DC, USA.
  11. Hansson, J., Wrage, L., Feiler, P. H., Morley, J., Lewis, B., and Hugues, J. (2010). Architectural Modeling to Verify Security and Nonfunctional Behavior. IEEE Security Privacy, 8(1):43-49.
  12. Jürjens, J. (2002). Umlsec: Extending uml for secure systems development. In Proceedings of the 5th International Conference on The Unified Modeling Language, UML 7802, pages 412-425, London, UK, UK. Springer-Verlag.
  13. Kangas, T., Kukkala, P., Orsila, H., Salminen, E., Hännikäinen, M., Hämäläinen, T. D., Riihimäki, J., and Kuusilinna, K. (2006). UML-based Multiprocessor SoC Design Framework. ACM Trans. Embed. Comput. Syst., 5(2):281-320.
  14. Kienhuis, B., Deprettere, E. F., Wolf, P. v. d., and Vissers, K. A. (2002). A Methodology to Design Programmable Embedded Systems - The Y-Chart Approach. In Embedded Processor Design Challenges: Systems, Architectures, Modeling, and Simulation - SAMOS, pages 18-37, London, UK, UK. SpringerVerlag.
  15. Lin, C.-W., Zheng, B., Zhu, Q., and SangiovanniVincentelli, A. (2015). Security-Aware Design Methodology and Optimization for Automotive Systems. ACM Transactions on Design Automation of Electronic Systems (TODAES), 21(1):18.
  16. Lodderstedt, T., Basin, D. A., and Doser, J. (2002). SecureUML: A UML-Based Modeling Language for Model-Driven Security. In Proceedings of the 5th International Conference on The Unified Modeling Language, UML'02, pages 426-441, London, UK, UK. Springer-Verlag.
  17. Lugou, F., Li, L. W., Apvrille, L., and Ameur-Boulifa, R. (2016). SysML Models and Model Transformation for Security. In Conferénce on Model-Driven Engineering and Software Development (Modelsward'2016), Rome, Italy.
  18. Maslennikov, D. (2010). Russian cybercriminals on the move: profiting from mobile malware. In The 20th Virus Bulletin Internation Conference, pages 84-89, Vancouver, Canada.
  19. Pedroza, G., Knorreck, D., and Apvrille, L. (2011). AVATAR: A SysML Environment for the Formal Verification of Safety and Security Properties. In The 11th IEEE Conference on Distributed Systems and New Technologies (NOTERE'2011), Paris, France.
  20. Rodday, N. (2016). Hacking a Professional Drone. Slides at www.blackhat.com/docs/asia-16/materials/asia-16- Rodday-Hacking-A-Professional-Drone.pdf.
  21. Rosales, R., Glass, M., Teich, J., Wang, B., Xu, Y., and Hasholzner, R. (2014). MAESTRO- Holistic ActorOriented Modeling of Nonfunctional Properties and Firmware Behavior for MPSoCs. ACM Trans. Des. Autom. Electron. Syst., 19(3):23:1-23:26.
  22. Schweppe, H., Roudier, Y., Weyl, B., Apvrille, L., and Scheuermann, D. (2011). C2X communication: Securing the last meter. In The 4th IEEE International Symposium on Wireless Vehicular Communications: WIVEC2011, San Francisco, USA.
  23. Smyth, B., Ryan, M. D., and Chen, L. (2015). Formal analysis of privacy in Direct Anonymous Attestation schemes. Science of Computer Programming, 111(2).
  24. Tanzi, T. J., Sebastien, O., and Rizza, C. (2015). Designing Autonomous Crawling Equipment to Detect Personal Connected Devices and Support Rescue Operations: Technical and Societal Concerns. The Radio Science Bulletin, 355(355):35-44.
  25. Vasilevskaya, M. and Nadjm-Tehrani, S. (2015). Quantifying Risks to Data Assets Using Formal Metrics in Embedded System Design, pages 347-361. Springer International Publishing, Cham.
Download


Paper Citation


in Harvard Style

Li L., Lugou F. and Apvrille L. (2017). Security-aware Modeling and Analysis for HW/SW Partitioning . In Proceedings of the 5th International Conference on Model-Driven Engineering and Software Development - Volume 1: MODELSWARD, ISBN 978-989-758-210-3, pages 302-311. DOI: 10.5220/0006119603020311


in Bibtex Style

@conference{modelsward17,
author={Letitia W. Li and Florian Lugou and Ludovic Apvrille},
title={Security-aware Modeling and Analysis for HW/SW Partitioning},
booktitle={Proceedings of the 5th International Conference on Model-Driven Engineering and Software Development - Volume 1: MODELSWARD,},
year={2017},
pages={302-311},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006119603020311},
isbn={978-989-758-210-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 5th International Conference on Model-Driven Engineering and Software Development - Volume 1: MODELSWARD,
TI - Security-aware Modeling and Analysis for HW/SW Partitioning
SN - 978-989-758-210-3
AU - Li L.
AU - Lugou F.
AU - Apvrille L.
PY - 2017
SP - 302
EP - 311
DO - 10.5220/0006119603020311