Integrating Security Modeling in Embedded System Design
Jan Werner, Matt Eby, Janos Mathe, Gabor Karsai, Yuan Xue, Janos Sztipanovits
Institute for Software Integrated Systems
Vanderbilt University
Goals
• Extend model-based design flows with security modeling aspects
• Develop analysis methods for security properties
• Perform architectural trade-offs using system/security metrics
• Autogenerate implementation from models
Integrated Co-design Environment
Functional Models
ComponentModels
Componentized Model Access Control
Secure Component Structure ModelPartitioning
Model Platform
Model
Deployment Model
Generators
Composition Platform
OS Security Services
HW/SW Arch
• Domain-specific Modeling Languages (AADL, Simulink/StateFlow, …)• Security modeling for different platforms• Model Analysis tools• Code Generators
Testbed Configuration
Controller Controller Controller
Wireless Link
PlantSimulator
DAQ
Different SW platforms:• Linux + GRSecurity• Others (LynxOS, VxWorks,..)xPC
PCI-DDA08/12 Data acquisition board
Single board computer SBC4495 from Micro/Sys
Experiment
Co
de G
ene
ration
And
De
plo
yme
nt
Ref
eren
ceTank 1 Tank 2 Tank 3
F2F1
H1 H2 H3
X1 X2
On/OffHi/Low
``
`
Protect against external intruders
Protect against insiders
No protection here!
Data flowSensor
Component
Data Gateway
Component
Embedded system operating system
I/O
Partition 1 Partition 2
Successful attack on component
1. Three tank control system model 2. Code generation
3. Deployment environment 4. Network attack on controller
Future work
• Modeling different security aspects: access control, security measures, confidentiality, data leakage, privacy, attack trees
• Integrating security aspects in different Domain specific modeling languages
• Creating toolchains for complex security analysis and system deployment