Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Safety Case Development with SBVR-Based Controlled Language Kapitel lesen Erstes Kapitel lesen

2015 | OriginalPaper | Buchkapitel

Designing Safe and Secure Embedded and Cyber-Physical Systems with SysML-Sec

verfasst von : Ludovic Apvrille, Yves Roudier

Erschienen in: Model-Driven Engineering and Software Development

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

The introduction of security flaws into a system may result from design or implementation mistakes. It entail far-reaching consequences for connected embedded or cyber-physical systems, including physical harm. Security experts focus either on finding out and deriving security mechanisms from more or less explicitly defined security requirements or on the a posteriori assessment of vulnerabilities, namely pentesting. These approaches however often miss the necessary iterations between security countermeasures and system functionalities in terms of design and deployment. Worse, they generally fail to consider the implications of security issues over the system’s safety, like for instance the adverse effect that security countermeasures may produce over expected deadlines due to costly computations and communications latencies. SysML-Sec focuses on these issues throughout design and development thanks to its model-driven approach that promotes exchanges between system architects, safety engineers, and security experts. This paper discusses how SysML-Sec can be used to simultaneously deal with safety and security requirements, and illustrates the methodology with an automotive use case.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Using Model Driven Engineering to Support Multi-paradigms Security Analysis
Nächstes Kapitel Architecture Optimization with SysML Modeling: A Case Study Using Variability
Literatur
1.
2.
Apvrille, L., De Saqui-Sannes, P.: Requirements analysis. Embedded Systems: Analysis and Modeling with SysML, UML and AADL (2013)
3.
Apvrille, L., Muhammad, W., Ameur-Boulifa, R., Coudert, S., Pacalet, R.: A UML-based environment for system design space exploration. In: 13th IEEE International Conference on Electronics, Circuits and Systems, ICECS 2006, pp. 1272–1275, December 2006
4.
Apvrille, L., Roudier, Y.: SysML-Sec: a SysML environment for the design and development of secure embedded systems. In: APCOSEC 2013, Yokohama, Japan, September 2013
5.
Apvrille, L., De Saqui Sannes, P.: AVATAR/TTool: un environnement en mode libre pour SysML temps réel. Génie Logiciel (98), 22–26, September 2011
6.
Apvrille, L., Becoulet, A.: Prototyping an embedded automotive system from its UML/SysML models. In: ERTSS 2012, Toulouse, France, February 2012
7.
Armando, A., et al.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005) CrossRef
8.
9.
Balarin, F., Watanabe, Y., Hsieh, H., Lavagno, L., Passerone, C., Sangiovanni-Vincentelli, A.: Metropolis: an integrated electronic system design environment. Computer 36(4), 45–52 (2003)CrossRef
10.
Beck, K., Andres, C.: Extreme Programming Explained: Embrace Change, 2nd edn. Addison-Wesley Professional, New York (2004)
11.
Bengtsson, J., Yi, W.: Timed automata: semantics, algorithms and tools. In: Desel, J., Reisig, W., Rozenberg, G. (eds.) ACPN 2003. LNCS, vol. 3098, pp. 87–124. Springer, Heidelberg (2004) CrossRef
12.
Blanchet, B.: Automatic verification of correspondences for security protocols. J. Comput. Secur. 17(4), 363–434 (2009)
13.
14.
Eames, D.P., Moffett, J.D.: The integration of safety and security requirements. In: Felici, M., Kanoun, K., Pasquini, A. (eds.) SAFECOMP 1999. LNCS, vol. 1698, pp. 468–480. Springer, Heidelberg (1999) CrossRef
15.
Esser, S.: Exploiting the iOS Kernel. In: BlackHat 2011 (2011)
16.
Garavel, H., Mateescu, R., Lang, F., Serwe, W.: CADP 2006: a toolbox for the construction and analysis of distributed processes. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 158–163. Springer, Heidelberg (2007) CrossRef
17.
Huang, A.: Keeping Secrets in Hardware: the Microsoft XBox Case Study, AI Memo 2002–008, Massachusetts Institute of Technology, Artificial Intelligence Laboratory. Technical report (2002)
18.
Jaber, C.: High-Level SoC Modeling and Performance Estimation Applied to a Multi-CoreImplementation of LTE EnodeB Physical Layer. Ph.D. thesis, Telecom ParisTech (2011)
19.
Kelling, E., Friedewald, M., Leimbach, T., Menzel, M., Säger, P., Seudié, H., Weyl, B.: Specification and Evaluation of e-Security Relevant Use cases. Technical report Deliverable D2.1, EVITA Project (2009)
20.
Knorreck, D., Apvrille, L., De Saqui-Sannes, P.: TEPE: a SysML language for time-constrained property modeling and formal verification. ACM SIGSOFT Softw. Eng. Notes 36(1), 1–8 (2011)CrossRef
21.
Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S.: Experimental security analysis of a modern automobile. In: Proceedings of the 2010 IEEE Symposium on Security and Privacy, SP 2010, pp. 447–462. IEEE Computer Society, Washington, DC (2010). http://​dx.​doi.​org/​10.​1109/​SP.​2010.​34
22.
Maslennikov, D.: Russian cybercriminals on the move: profiting from mobile malware. In: The 20th Virus Bulletin International Conference, Vancouver, Canada, pp. 84–89, October 2010
23.
24.
Nhlabatsi, A., Nuseibeh, B., Yu, Y.: Security Requirements Engineering for Evolving Software Systems: a survey. Technical report 1, The Open University (2010)
25.
Nuseibeh, B.: Weaving together requirements and architectures. IEEE Comput. 34(3), 115–117 (2001)CrossRef
26.
27.
28.
Pedroza, G.: Assisting the design of secured applications for mobile vehicles. In: Ph.D. of Ecole doctorale informatique, télécommunications et électronique of Paris, January 2013
29.
Pietre-Cambacedes, L., Bouissou, M.: Cross-fertilization between safety and security engineering. Reliab. Eng. Syst. Saf. 110, 110–126 (2013)CrossRef
30.
Raspotnig, C., Opdahl, A.L.: Comparing risk identification techniques for safety and security requirements. J. Syst. Softw. 86(4), 1124–1151 (2013)CrossRef
31.
Schneier, B.: Attack Trees: Modeling Security Threats, December 1999
32.
Schweppe, H., Roudier, Y., Weyl, B., Apvrille, L., Scheuermann, D.: C2x communication: securing the last meter. In: The 4th IEEE International Symposium on Wireless Vehicular Communications, WIVEC 2011, San Francisco, USA, September 2011
33.
34.
Teso, H.: Aircraft Hacking. In: HITB Security Conference, Amsterdam, The Netherlands (2013)
35.
Van Lamsweerde, A.: Engineering requirements for system reliability and security. Softw. Syst. Reliab. Secur. 9, 196–238 (2007)MATH
36.
Vidal, J., de Lamotte, F., Gogniat, G., Soulard, P., Diguet, J.P.: A co-design approach for embedded system modeling and code generation with UML and MARTE. In: Design, Automation and Test in Europe Conference and Exhibition, DATE 2009, pp. 226–231, April 2009
37.
Vigo, R., Nielson, F., Nielson, H.: Automated generation of attack trees. In: 2014 IEEE 27th Computer Security Foundations Symposium (CSF), pp. 337–350, July 2014
38.
Waters, K.: All About Agile: Agile Management Made Easy!. CreateSpace Independent Publishing Platform, Seattle (2012)
Metadaten
Titel
Designing Safe and Secure Embedded and Cyber-Physical Systems with SysML-Sec
verfasst von
Ludovic Apvrille
Yves Roudier
Copyright-Jahr
2015
Buch
Model-Driven Engineering and Software Development

Print ISBN: 978-3-319-27868-1

Electronic ISBN: 978-3-319-27869-8

Copyright-Jahr: 2015

DOI
https://doi.org/10.1007/978-3-319-27869-8_17