Integrating Security Modeling in Embedded System Design Jan Werner, Matt Eby, Janos Mathe, Gabor...
-
Upload
cuthbert-miller -
Category
Documents
-
view
216 -
download
0
Transcript of Integrating Security Modeling in Embedded System Design Jan Werner, Matt Eby, Janos Mathe, Gabor...
![Page 1: Integrating Security Modeling in Embedded System Design Jan Werner, Matt Eby, Janos Mathe, Gabor Karsai, Yuan Xue, Janos Sztipanovits Institute for Software.](https://reader036.fdocuments.us/reader036/viewer/2022062409/5697bfed1a28abf838cb8fea/html5/thumbnails/1.jpg)
Integrating Security Modeling in Embedded System Design
Jan Werner, Matt Eby, Janos Mathe, Gabor Karsai, Yuan Xue, Janos Sztipanovits
Institute for Software Integrated Systems
Vanderbilt University
![Page 2: Integrating Security Modeling in Embedded System Design Jan Werner, Matt Eby, Janos Mathe, Gabor Karsai, Yuan Xue, Janos Sztipanovits Institute for Software.](https://reader036.fdocuments.us/reader036/viewer/2022062409/5697bfed1a28abf838cb8fea/html5/thumbnails/2.jpg)
Goals
• Extend model-based design flows with security modeling aspects
• Develop analysis methods for security properties
• Perform architectural trade-offs using system/security metrics
• Autogenerate implementation from models
![Page 3: Integrating Security Modeling in Embedded System Design Jan Werner, Matt Eby, Janos Mathe, Gabor Karsai, Yuan Xue, Janos Sztipanovits Institute for Software.](https://reader036.fdocuments.us/reader036/viewer/2022062409/5697bfed1a28abf838cb8fea/html5/thumbnails/3.jpg)
Integrated Co-design Environment
Functional Models
ComponentModels
Componentized Model Access Control
Secure Component Structure ModelPartitioning
Model Platform
Model
Deployment Model
Generators
Composition Platform
OS Security Services
HW/SW Arch
• Domain-specific Modeling Languages (AADL, Simulink/StateFlow, …)• Security modeling for different platforms• Model Analysis tools• Code Generators
![Page 4: Integrating Security Modeling in Embedded System Design Jan Werner, Matt Eby, Janos Mathe, Gabor Karsai, Yuan Xue, Janos Sztipanovits Institute for Software.](https://reader036.fdocuments.us/reader036/viewer/2022062409/5697bfed1a28abf838cb8fea/html5/thumbnails/4.jpg)
Testbed Configuration
Controller Controller Controller
Wireless Link
PlantSimulator
DAQ
Different SW platforms:• Linux + GRSecurity• Others (LynxOS, VxWorks,..)xPC
PCI-DDA08/12 Data acquisition board
Single board computer SBC4495 from Micro/Sys
![Page 5: Integrating Security Modeling in Embedded System Design Jan Werner, Matt Eby, Janos Mathe, Gabor Karsai, Yuan Xue, Janos Sztipanovits Institute for Software.](https://reader036.fdocuments.us/reader036/viewer/2022062409/5697bfed1a28abf838cb8fea/html5/thumbnails/5.jpg)
Experiment
Co
de G
ene
ration
And
De
plo
yme
nt
Ref
eren
ceTank 1 Tank 2 Tank 3
F2F1
H1 H2 H3
X1 X2
On/OffHi/Low
``
`
Protect against external intruders
Protect against insiders
No protection here!
Data flowSensor
Component
Data Gateway
Component
Embedded system operating system
I/O
Partition 1 Partition 2
Successful attack on component
1. Three tank control system model 2. Code generation
3. Deployment environment 4. Network attack on controller
![Page 6: Integrating Security Modeling in Embedded System Design Jan Werner, Matt Eby, Janos Mathe, Gabor Karsai, Yuan Xue, Janos Sztipanovits Institute for Software.](https://reader036.fdocuments.us/reader036/viewer/2022062409/5697bfed1a28abf838cb8fea/html5/thumbnails/6.jpg)
Future work
• Modeling different security aspects: access control, security measures, confidentiality, data leakage, privacy, attack trees
• Integrating security aspects in different Domain specific modeling languages
• Creating toolchains for complex security analysis and system deployment