research-article

Enforcing trust in embedded systems using models

Authors:

Christophe Jouvray,

Antonio KungAuthors Info & Claims

S&D4RCES '10: Proceedings of the International Workshop on Security and Dependability for Resource Constrained Embedded Systems

Article No.: 1, Pages 1 - 8

https://doi.org/10.1145/1868433.1868435

Published: 14 September 2010 Publication History

Abstract

Embedded systems are intensely used in many domains such as automotive, aerospace, home control, and telecommunication systems. Generally, embedded systems are viewed as time and resource constrained systems.

Now, trust is becoming an increasingly important issue in the field of embedded systems. Trust is the level of security and dependability (S&D) achieved by an implementation. The consequence is that specifications of embedded systems contain many S&D requirements. The main goal of trust is that an accidental or intentional fault will be confined and will not throw S&D features into question.

To reduce the risk of design fault, it is necessary to maximize the automation of steps in the system development cycle. This need in the development process can be satisfied by model driven engineering. However, it is necessary to adapt current model-based methodologies by enriching them with S&D concepts.

This paper presents a model-driven approach customized by S&D concerns. This approach involves the definition of a trust-aware platform-independent architecture. In order to complete the process, model based solutions dedicated to developers are presented.

References

[1]

}}AUTOSAR Consortium. Specification of operating system v4.0.0. AUTOSAR Specifications, 2009.

[2]

}}A. Avizienis, J.-C. Laprie, B. Randell, and C. Landwehr. Basic Concepts and Taxonomy of Dependable and Secure Computing. IEEE Transactions on Dependable and Secure Computing, pages Vol. 1, pp. 11--33., january-march 2004.

Digital Library

[3]

}}C. Bock. Uml 2 composition model. Journal of Object Technology, Vol. 3, No. 10, pages pp 47--73, November-December 2004.

[4]

}}C. C. Burt, B. R. Bryant, R. R. Raje, A. Olson, and M. Auguston. Model Driven Security: Unification of Authorization Models for Fine-Grain Access Control. Proceedings of the Seventh IEEE International Enterprise Distributed Object Computing Conference (EDOC'03), page pp. 159, 2003.

Digital Library

[5]

}}V. Ciriani, S. De Capitani di Vimercati, S. Foresti, and P. Samarati. Theory of Privacy and Anonymity. Algorithms and Theory of Computation Handbook, second edition, M. Atallah and M. Blanton (eds), CRC Press, 2008.

[6]

}}A. Crespo, I. Ripoll, and M. Mamsmano. Partitioned Embedded Architecture based on Hypervisor: the XtratuM approach. Proceedings of the Eighth European Dependable Computing Conference (EDCC-8), pages pp. 67--72, 2010.

Digital Library

[7]

}}N. Cuppens, F. Cuppens, D. Abi Haidar, and H. Debar. Negotiation of Prohibition: An Approach Based on Policy Rewriting. SEC'08: 23rd International Information Security Conference, september 8--10, Milan, Italie, pages pp. 173--187, 2008.

[8]

}}J. L. Fernadez, R. Alonzo, F. Goméz, C. Jouvray, Y. Rouxel, and A. Pérez. Requirements Engineering of Trusted Embedded Systems. INCOSE, 2010.

[9]

}}R. P. Goldberg. Survey of Virtual Machine Research. IEEE Computer Magazine, pages Vol. 7(6), pp. 34--45, 1974.

Digital Library

[10]

}}W. Hassan and L. Logrippo. Governance Policies for Privacy Access Control and their Interactions. Feature Interactions in Telecommunications and Software Systems VIII. IOS Press., June 2005.

[11]

}}S. H. Houmb, F. den Braber, M. S. Lund, and K. Stolen. Towards a uml profile for model-based risk assessment. Critical systems development with UML. Proceeding of the UML'02 workshop, pages 79--91, 2002.

[12]

}}S. H. Houmb and K. K. Hansen. Towards a UML Profile for Security Assessment. UML 2003, Workshop on Critical Systems Development with UML, pages 815--829.

[13]

}}C. Jouvray, G. Chartier, N. Francois, I. Ripoll, M. Mamsmano, and A. Crespo. Enforcing trust in automotive control platform. 1st workshop on Critical Automotive applications: Robustness & Safety (CARS@EDCC), pages pp. 43--46, 2010.

Digital Library

[14]

}}J. Jürjens. Towards development of secure systems using UMLSec. 4th International Conference on Fundamental Approaches to Software Enineering, pages pp. 32--42, 2001.

Digital Library

[15]

}}J. Kirch. Virtual Machine Security Guidelines. The center for internet security. Version 1.0, 2007.

[16]

}}M. Kunh. Introduction to security. Presentation at Cambridge University, 2008.

[17]

}}T. Lodderstedt, D. Basin, and J. Doser. SecureUML: A UML-Based Modeling Language for Model-Driven Security. "UML" 2002 - The Unified Modeling Language, pages Volume 2460/2002, pp. 426--441, 2002.

Digital Library

[18]

}}J. Muskens. Definitions of trust. ITEA Trust4All, 2005.

[19]

}}Network Working Group. Internet security glossary. RFC 4949, Version 2, 2007.

[20]

}}OASIS Open. eXtensible Access Control Markup Language (XACML) Version 2.0. OASIS Standard, 1 February 2005.

[21]

}}OMG. OMG Unified Modeling Language (OMG UML), Superstructure. formal/2009-02-02, February 2009.

[22]

}}OMG. A UML profile for MARTE: Modeling and analysis of real-time embedded systems. ptc/2008-06-09, June 2008.

[23]

}}OMG. Object Constraint Language. formal/06-05-01, May 2006.

[24]

}}A. Pfitzmann and M. Hansen. A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management. http://dud.inf.tu-dresden.de/literatur/Anon_Terminology_v0.33.pdf, Apr. 2010. v0.33.

[25]

}}D. Powell and R. Stroud. Conceptual model and architecture of maftia. Project IST-1999-11583. Deliverable D 21, january 2003.

[26]

}}J. S. Reuben. A survey on virtual machine security. Seminar on Network Security, 2007.

[27]

}}R. Sandhu, and Q. Munawer. How to do discretionary access control using roles. 3rd ACM Workshop on Role-BasedAccess Control, pages pp. 47--54, 1998.

Digital Library

[28]

}}R. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-Based Access Control Models. IEEE Computer, (2):Vol. 29, No. 2, pp. 38--47, February 1996.

Digital Library

[29]

}}D. Schmidt. Model-Driven Engineering. IEEE Computer, pages Vol. 39(2), pp. 41--47., 2006.

Digital Library

[30]

}}Trusted Computing Group. Trusted computing group. http://www.trustedcomputinggroup.org/trusted_computing, 2009.

[31]

}}P. E. Veríssimo, N. F. Neves, and M. P. Correia. Intrusion-Tolerant Architectures: Concepts and Design. Architecting Dependable Systems, pages vol. 2677. pp 3--36, 2003.

Digital Library

Cited By

Gallege LGamage DHill JRaje R(2016)Understanding the trust of software-intensive distributed systemsConcurrency and Computation: Practice & Experience10.1002/cpe.365628:1(114-143)Online publication date: 1-Jan-2016
https://dl.acm.org/doi/10.1002/cpe.3656
Vishik CRajan ARamming CGrawrock DWalker J(2011)Defining trust evidenceProceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research10.1145/2179298.2179373(1-1)Online publication date: 12-Oct-2011
https://dl.acm.org/doi/10.1145/2179298.2179373

Index Terms

Enforcing trust in embedded systems using models
1. Computing methodologies
  1. Modeling and simulation
    1. Model development and analysis
      1. Modeling methodologies
2. Software and its engineering
  1. Software notations and tools
    1. Context specific languages
      1. Domain specific languages
  2. Software organization and properties
    1. Software system structures
      1. Software architectures

Recommendations

Enforcing S&D pattern design in RCES with modeling and formal approaches
MODELS'11: Proceedings of the 14th international conference on Model driven engineering languages and systems

The requirement for higher security and dependability of systems is continuously increasing even in domains not traditionally deeply involved in such issues. Yet, evolution of embedded systems towards devices connected via Internet, wireless ...
Model-based security and dependability patterns in RCES: the TERESA approach
S&D4RCES '10: Proceedings of the International Workshop on Security and Dependability for Resource Constrained Embedded Systems

The requirement for higher reliability and availability of systems is continuously increasing even in domains not traditionally deeply involved in such issues. In particular Resource Constrained Embedded Systems solutions are expected to be efficient, ...
Towards variability support for security and dependability patterns: a case study
SPLC '11: Proceedings of the 15th International Software Product Line Conference, Volume 2

Security and Dependability (S&D) have become mandatory requirements while engineering embedded systems in some industrial sectors. Typically, S&D requirements are developed ad-hoc for each system, preventing further reuse beyond domain-specific ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

S&D4RCES '10: Proceedings of the International Workshop on Security and Dependability for Resource Constrained Embedded Systems

September 2010

63 pages

ISBN:9781450303682

DOI:10.1145/1868433

Editors:
Brahim Hamid
IRIT, University of Toulouse (France)
,
Carsten Rudolph
SIT (Germany)
,
Christoph Rulan
University of Siegen (Germany)

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 September 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

S&D4RCES '10

S&D4RCES '10: International Workshop on Security and Dependability for Resource Constrained Embedded Systems

September 14, 2010

Vienna, Austria

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
220
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 20 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Gallege LGamage DHill JRaje R(2016)Understanding the trust of software-intensive distributed systemsConcurrency and Computation: Practice & Experience10.1002/cpe.365628:1(114-143)Online publication date: 1-Jan-2016
https://dl.acm.org/doi/10.1002/cpe.3656
Vishik CRajan ARamming CGrawrock DWalker J(2011)Defining trust evidenceProceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research10.1145/2179298.2179373(1-1)Online publication date: 12-Oct-2011
https://dl.acm.org/doi/10.1145/2179298.2179373

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents