Upload
cuthbert-miller
View
216
Download
0
Tags:
Embed Size (px)
Citation preview
Integrating Security Modeling in Embedded System Design
Jan Werner, Matt Eby, Janos Mathe, Gabor Karsai, Yuan Xue, Janos Sztipanovits
Institute for Software Integrated Systems
Vanderbilt University
Goals
• Extend model-based design flows with security modeling aspects
• Develop analysis methods for security properties
• Perform architectural trade-offs using system/security metrics
• Autogenerate implementation from models
Integrated Co-design Environment
Functional Models
ComponentModels
Componentized Model Access Control
Secure Component Structure ModelPartitioning
Model Platform
Model
Deployment Model
Generators
Composition Platform
OS Security Services
HW/SW Arch
• Domain-specific Modeling Languages (AADL, Simulink/StateFlow, …)• Security modeling for different platforms• Model Analysis tools• Code Generators
Testbed Configuration
Controller Controller Controller
Wireless Link
PlantSimulator
DAQ
Different SW platforms:• Linux + GRSecurity• Others (LynxOS, VxWorks,..)xPC
PCI-DDA08/12 Data acquisition board
Single board computer SBC4495 from Micro/Sys
Experiment
Co
de G
ene
ration
And
De
plo
yme
nt
Ref
eren
ceTank 1 Tank 2 Tank 3
F2F1
H1 H2 H3
X1 X2
On/OffHi/Low
``
`
Protect against external intruders
Protect against insiders
No protection here!
Data flowSensor
Component
Data Gateway
Component
Embedded system operating system
I/O
Partition 1 Partition 2
Successful attack on component
1. Three tank control system model 2. Code generation
3. Deployment environment 4. Network attack on controller
Future work
• Modeling different security aspects: access control, security measures, confidentiality, data leakage, privacy, attack trees
• Integrating security aspects in different Domain specific modeling languages
• Creating toolchains for complex security analysis and system deployment