Assisting the Design of Secured Applications for Embedded Systems

Abstract : A vast majority of distributed embedded systems is concerned by security risks. The fact that applications may result poorly protected is partially due to methodological lacks in the engineering development process. More specifically, methodologies targeting formal verification may lack support to certain phases of the development process. Particularly, system modeling frameworks may be complex-to-use or not address security at all. Along with that, testing is not usually addressed by verification methodologies since formal verification and testing are considered as exclusive stages. Nevertheless, we believe that platform testing can be applied to ensure that properties formally verified in a model are truly endowed to the real system. Our contribution is made in the scope of a model-driven based methodology that, in particular, targets secure-by-design embedded systems. The methodology is an iterative process that pursues coverage of several engineering development phases and that relies upon existing security analysis techniques. Still in evolution, the methodology is mainly defined via a high level SysML profile named Avatar. The contribution specifically consists on extending Avatar so as to model security concerns and in formally defining a model transformation towards a verification framework. This contribution allows to conduct proofs on authenticity and confidentiality. We illustrate how a cryptographic protocol is partially secured by applying several methodology stages. In addition, it is described how Security Testing was conducted on an embedded prototype platform within the scope of an automotive project.
Complete list of metadatas

Cited literature [177 references]  Display  Hide  Download

https://pastel.archives-ouvertes.fr/tel-01185312
Contributor : Gabriel Pedroza <>
Submitted on : Wednesday, August 19, 2015 - 8:16:43 PM
Last modification on : Friday, December 1, 2017 - 1:20:39 AM
Long-term archiving on : Friday, November 20, 2015 - 11:00:49 AM

Identifiers

  • HAL Id : tel-01185312, version 1

Collections

Citation

Gabriel Pedroza. Assisting the Design of Secured Applications for Embedded Systems. Computer Aided Engineering. Télécom ParisTech, 2013. English. ⟨NNT : 2013-ENST-001⟩. ⟨tel-01185312⟩

Share

Metrics

Record views

244

Files downloads

865