Integrating Security Modeling in Embedded System Design

Jan Werner, Matt Eby, Janos Mathe, Gabor Karsai, Yuan Xue, Janos Sztipanovits

Institute for Software Integrated Systems

Vanderbilt University

Goals

• Extend model-based design flows with security modeling aspects

• Develop analysis methods for security properties

• Perform architectural trade-offs using system/security metrics

• Autogenerate implementation from models

Integrated Co-design Environment

Functional Models

ComponentModels

Componentized Model Access Control

Secure Component Structure ModelPartitioning

Model Platform

Model

Deployment Model

Generators

Composition Platform

OS Security Services

HW/SW Arch

• Domain-specific Modeling Languages (AADL, Simulink/StateFlow, …)• Security modeling for different platforms• Model Analysis tools• Code Generators

Testbed Configuration

Controller Controller Controller

Wireless Link

PlantSimulator

DAQ

Different SW platforms:• Linux + GRSecurity• Others (LynxOS, VxWorks,..)xPC

PCI-DDA08/12 Data acquisition board

Single board computer SBC4495 from Micro/Sys

Experiment

Co

de G

ene

ration

And

De

plo

yme

nt

Ref

eren

ceTank 1 Tank 2 Tank 3

F2F1

H1 H2 H3

X1 X2

On/OffHi/Low

``

`

Protect against external intruders

Protect against insiders

No protection here!

Data flowSensor

Component

Data Gateway

Component

Embedded system operating system

I/O

Partition 1 Partition 2

Successful attack on component

1. Three tank control system model 2. Code generation

3. Deployment environment 4. Network attack on controller

Future work

• Modeling different security aspects: access control, security measures, confidentiality, data leakage, privacy, attack trees

• Integrating security aspects in different Domain specific modeling languages

• Creating toolchains for complex security analysis and system deployment