Designing Security-enhanced Embedded Systems: Bridging Two Islands of Expertise
2013 (English)Licentiate thesis, monograph (Other academic)
The increasing prevalence of embedded devices and a boost in sophisticated attacks against them make embedded system security an intricate and pressing issue. New approaches to support the development of security-enhanced systems need to be explored. We realise that efficient transfer of knowledge from security experts to embedded system engineers is vitally important, but hardly achievable in current practice.This thesis proposes a Security-Enhanced Embedded system Design (SEED) approach, which is a set of concepts, methods, and tools that together aim at addressing this challenge of bridging the gap between the two areas of expertise.
First, we introduce the concept of a Domain-Specific Security Model (DSSM) as a suitable abstraction to capture the knowledge of security experts in a way that this knowledge can be later reused by embedded system engineers. Each DSSM characterises common security issues of a specific application domain in a form of security properties, which are further linked to a range of solutions.
As a next step, we complement a DSSM with the concept of a Performance Evaluation Record (PER) to account for the resource-constrained nature of embedded systems. Each PER characterises the resource overhead created by a security solution, a provided level of security, and the evaluation technique applied.
Finally, we define a process that assists an embedded system engineer in selecting a relevant set of security solutions. The process couples together (i) the use of the security knowledge accumulated in DSSMs and PERs, (ii) the identification of security issues in a system design, and (iii) the analysis of resource constraints of a system and available security solutions. The approach is supported by a set of tools that automate its certain steps.
We use a case study from a smart metering domain to demonstrate how the SEED approach can be applied. We show that our approach adequately supports security experts in description of knowledge about security solutions in the form of formalised ontologies and embedded system engineers in integration of an appropriate set of security solutions based on that knowledge.
Place, publisher, year, edition, pages
Linköping University Electronic Press, 2013. , 111 p.
Linköping Studies in Science and Technology. Thesis, ISSN 0280-7971 ; 1624
IdentifiersURN: urn:nbn:se:liu:diva-98213DOI: 10.3384/lic.diva-98213Local ID: LiU-Tek-Lic-2013:58ISBN: 978-91-7519-486-8 (print)OAI: oai:DiVA.org:liu-98213DiVA: diva2:662313
2013-11-27, Alan Turing, House E, Campus Valla, Linköping University, Linköping, 13:15 (English)
Crnkovic, Ivica, Professor
Nadjm-Tehrani, Simin, Professor
FunderEU, FP7, Seventh Framework Programme