liu.seSearch for publications in DiVA
Change search
ReferencesLink to record
Permanent link

Direct link
Designing Security-enhanced Embedded Systems: Bridging Two Islands of Expertise
Linköping University, Department of Computer and Information Science. Linköping University, The Institute of Technology. (Real-time Systems Laboratory)
2013 (English)Licentiate thesis, monograph (Other academic)
Abstract [en]

The increasing prevalence of embedded devices and a boost in sophisticated attacks against them make embedded system security an intricate and pressing issue. New approaches to support the development of security-enhanced systems need to be explored. We realise that efficient transfer of knowledge from security experts to embedded system engineers is vitally important, but hardly achievable in current practice.This thesis proposes a Security-Enhanced Embedded system Design (SEED) approach, which is a set of concepts, methods, and tools that together aim at addressing this challenge of bridging the gap between the two areas of expertise.

First, we introduce the concept of a Domain-Specific Security Model (DSSM) as a suitable abstraction to capture the knowledge of security experts in a way that this knowledge can be later reused by embedded system engineers. Each DSSM characterises common security issues of a specific application domain in a form of security properties, which are further linked to a range of solutions.

As a next step, we complement a DSSM with the concept of a Performance Evaluation Record (PER) to account for the resource-constrained nature of embedded systems. Each PER characterises the resource overhead created by a security solution, a provided level of security, and the evaluation technique applied.

Finally, we define a process that assists an embedded system engineer in selecting a relevant set of security solutions. The process couples together (i) the use of the security knowledge accumulated in DSSMs and PERs, (ii) the identification of security issues in a system design, and (iii) the analysis of resource constraints of a system and available security solutions. The approach is supported by a set of tools that automate its certain steps.

We use a case study from a smart metering domain to demonstrate how the SEED approach can be applied. We show that our approach adequately supports security experts in description of knowledge about security solutions in the form of formalised ontologies and embedded system engineers in integration of an appropriate set of security solutions based on that knowledge.

Place, publisher, year, edition, pages
Linköping University Electronic Press, 2013. , 111 p.
Linköping Studies in Science and Technology. Thesis, ISSN 0280-7971 ; 1624
National Category
Computer Science
URN: urn:nbn:se:liu:diva-98213DOI: 10.3384/lic.diva-98213Local ID: LiU-Tek-Lic-2013:58ISBN: 978-91-7519-486-8 (print)OAI: diva2:662313
2013-11-27, Alan Turing, House E, Campus Valla, Linköping University, Linköping, 13:15 (English)
EU, FP7, Seventh Framework Programme
Available from: 2013-11-11 Created: 2013-10-03 Last updated: 2013-11-11Bibliographically approved

Open Access in DiVA

Designing Security-enhanced Embedded Systems: Bridging Two Islands of Expertise(3332 kB)1585 downloads
File information
File name FULLTEXT01.pdfFile size 3332 kBChecksum SHA-512
Type fulltextMimetype application/pdf
omslag(81 kB)24 downloads
File information
File name COVER01.pdfFile size 81 kBChecksum SHA-512
Type coverMimetype application/pdf

Other links

Publisher's full text

Search in DiVA

By author/editor
Vasilevskaya, Maria
By organisation
Department of Computer and Information ScienceThe Institute of Technology
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 1585 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Altmetric score

Total: 1615 hits
ReferencesLink to record
Permanent link

Direct link