Ecole d'ingénieur et centre de recherche en Sciences du numérique

Towards the model-driven engineering of secure yet safe embedded systems

Ludovic, Apvrille; Roudier, Yves

GRAMSEC 2014, 1st International Workshop on Graphical Models for Security, Co-located with ETAPS 2014, April 12, 2014, Grenoble, France

We introduce SysML-Sec, a SysML-based Model-Driven Engineering environment aimed at fostering the collaboration between system designers and security experts at all methodological stages of the development of an embedded system. A central issue in the design of an embedded system is the definition of the hardware/software partitioning of the architecture of the system, which should take place as early as possible. SysML-Sec aims to extend the relevance of this analysis through the integration of security requirements and threats. In particular, we propose an agile methodology whose aim is to assess early on the impact of the security requirements and of the security mechanisms designed to satisfy them over the safety of the system. Security concerns are captured in a component-centric manner through existing SysML diagrams with only minimal extensions. After the requirements captured are derived into security and cryptographic mechanisms, security properties can be formally verified over this design. To perform the latter, model transformation techniques are implemented in the SysML-Sec toolchain in order to derive a ProVerif specification from the SysML models. An automotive firmware flashing procedure serves as a guiding example throughout our presentation.

Document Arxiv Bibtex

Titre:Towards the model-driven engineering of secure yet safe embedded systems
Type:Conférence
Langue:English
Ville:Grenoble
Pays:FRANCE
Date:
Département:Sécurité numérique
Eurecom ref:4260
Copyright: © TELECOM ParisTech. Personal use of this material is permitted. The definitive version of this paper was published in GRAMSEC 2014, 1st International Workshop on Graphical Models for Security, Co-located with ETAPS 2014, April 12, 2014, Grenoble, France and is available at :
Bibtex: @inproceedings{EURECOM+4260, year = {2014}, title = {{T}owards the model-driven engineering of secure yet safe embedded systems}, author = {{L}udovic, {A}pvrille and {R}oudier, {Y}ves}, booktitle = {{GRAMSEC} 2014, 1st {I}nternational {W}orkshop on {G}raphical {M}odels for {S}ecurity, {C}o-located with {ETAPS} 2014, {A}pril 12, 2014, {G}renoble, {F}rance}, address = {{G}renoble, {FRANCE}}, month = {04}, url = {http://www.eurecom.fr/publication/4260} }
Voir aussi: