A Systematic Framework for Structured Object-Oriented Security Requirements Analysis in Embedded Systems

The primary goal of this paper is to develop a structured objectoriented security requirements analysis methodology for the elicitation and analysis of security requirements in embedded systems. There are several approaches to elicit, analyze and specify security requirements in embedded systems ranging from formal mathematical models for proof of certain security properties to informal methods that are easily understood. Applicability of formal security models is limited because they are complex and it is time consuming to develop. On the other hand, informal security requirements analysis methods are not integrated with conceptual models in requirements analysis, and although both external and internal threats have been dealt using use cases and misuse cases, they provide no process for analyzing both internal and external threats in a structured manner. This paper discusses a structured object-oriented security requirements analysis methodology for the elicitation and analysis of security requirements in embedded systems. It is capable of identifying hierarchically both external and internal threats posed by both external and internal actors of a system level by level. It is illustrated and validated by security requirements analysis for an advanced embedded power grid control system

Run-time implementation issues for real-time embedded Ada

A motivating factor in the development of Ada as the department of defense standard language was the high cost of embedded system software development. It was with embedded system requirements in mind that many of the features of the language were incorporated. Yet it is the designers of embedded systems that seem to comprise the majority of the Ada community dissatisfied with the language. There are a variety of reasons for this dissatisfaction, but many seem to be related in some way to the Ada run-time support system. Some of the areas in which the inconsistencies were found to have the greatest impact on performance from the standpoint of real-time systems are presented. In particular, a large part of the duties of the tasking supervisor are subject to the design decisions of the implementer. These include scheduling, rendezvous, delay processing, and task activation and termination. Some of the more general issues presented include time and space efficiencies, generic expansions, memory management, pragmas, and tracing features. As validated compilers become available for bare computer targets, it is important for a designer to be aware that, at least for many real-time issues, all validated Ada compilers are not created equal

A Systematic Framework for Structured Object-Oriented Security Requirements Analysis

ABSTRACT The primary goal of this paper is to develop a structured objectoriented security requirements analysis methodology for the elicitation and analysis of security requirements in embedded systems. There are several approaches to elicit, analyze and specify security requirements in embedded systems ranging from formal mathematical models for proof of certain security properties to informal methods that are easily understood. Applicability of formal security models is limited because they are complex and it is time consuming to develop. On the other hand, informal security requirements analysis methods are not integrated with conceptual models in requirements analysis, and although both external and internal threats have been dealt using use cases and misuse cases, they provide no process for analyzing both internal and external threats in a structured manner. This paper discusses a structured object-oriented security requirements analysis methodology for the elicitation and analysis of security requirements in embedded systems. It is capable of identifying hierarchically both external and internal threats posed by both external and internal actors of a system level by level. It is illustrated and validated by security requirements analysis for an advanced embedded power grid control system

A POS Tagging Approach to Capture Security Requirements within an Agile Software Development Process

Software use is an inescapable reality. Computer systems are embedded into devices from the mundane to the complex and significantly impact daily life. Increased use expands the opportunity for malicious use which threatens security and privacy. Factors such as high profile data breaches, rising cost due to security incidents, competitive advantage and pending legislation are driving software developers to integrate security into software development rather than adding security after a product has been developed. Security requirements must be elicited, modeled, analyzed, documented and validated beginning at the initial phases of the software engineering process rather than being added at later stages. However, approaches to developing security requirements have been lacking which presents barriers to security requirements integration during the requirements phase of software development. In particular, software development organizations working within short development lifecycles (often characterized as agile lifecycle) and minimal resources need a light and practical approach to security requirements engineering that can be easily integrated into existing agile processes. In this thesis, we present an approach for eliciting, analyzing, prioritizing and developing security requirements which can be integrated into existing software development lifecycles for small, agile organizations. The approach is based on identifying candidate security goals, categorizing security goals based on security principles, understanding the stakeholder goals to develop preliminary security requirements and prioritizing preliminary security requirements. The identification activity consists of part of speech (POS) tagging of requirements related artifacts for security terminology to discover candidate security goals. The categorization activity applies a general security principle to candidate goals. Elicitation activities are undertaken to gain a deeper understanding of the security goals from stakeholders. Elicited goals are prioritized using risk management techniques and security requirements are developed from validated goals. Security goals may fail the validation activity, requiring further iterations of analysis, elicitation, and prioritization activities until stakeholders are satisfied with or have eliminated the security requirement. Finally, candidate security requirements are output which can be further modeled, defined and validated using other approaches. A security requirements repository is integrated into our proposed approach for future security requirements refinement and reuse. We validate the framework through an industrial case study with a small, agile software development organization

Bellerbys Educational Services Ltd embedded college review for educational oversight by the Quality Assurance Agency for Higher Education

Annex 1: Heriot-Watt University International Study Centre Annex 2: University of Huddersfield International Study Centre Annex 3: Keele University International Study Centre Annex 4: Kingston University, London International Study Centre Annex 5: Lancaster University International Study Centre Annex 6: University of Leicester International Study Centre Annex 7: University of Lincoln International Study Centre Annex 8: Liverpool John Moores University International Study Centre Annex 9: Royal Holloway, University of London International Study Centre Annex 10: University of Surrey International Study Centre Annex 11: University of Sussex International Study Centre Annex 12: University of Stirling International Study Centre Annex 13: Wales International Study Centr

An Implementation of a Predictable Cache-coherent Multi-core System

Multi-core platforms have entered the realm of the embedded systems to meet the ever growing performance requirements of the real-time embedded applications. Real-time applications leverage the hardware parallelism from multi-cores while keeping the hardware cost minimum. However, when the real-time tasks are deployed on the multi-core platforms, they experience interference due to sharing of hardware resources such as shared bus, last level cache, and main memory. As a result, it complicates computing the worst-case execution time of the real-time tasks. In this thesis, I present a hardware prototype that implements a predictable cache-coherent real-time multi-core system. The designed hardware follows the design guidelines outlined in the predictable cache coherence protocol. The hardware uses a latency insensitive interfaces to integrate the multi-core components such as the processor, cache controller, and interconnecting bus. The prototyped multi-core hardware is synthesized and implemented in a low-cost and high-performing FPGA board. The hardware is validated and verified on a tethered system that enables the design to run multi-threaded pthread applications

Combining SysML and AADL for the design, validation and implementation of critical systems

The realization of critical systems goes through multiple phases of specification, design, integration, validation, and testing. It starts from high-level sketches down to the final product. Model-Based Design has been acknowledged as a good conveyor to capture these steps. Yet, there is no universal solution to represent all activities. Two candidates are the OMG-based SysML to perform high-level modeling tasks, and the SAE AADL to perform lower-level ones, down to the implementation. The paper shares an experience on the seamless use of SysML and the AADL to model, validate/verify and implement a flight management system

An Accurate EEGNet-based Motor-Imagery Brain-Computer Interface for Low-Power Edge Computing

This paper presents an accurate and robust embedded motor-imagery brain-computer interface (MI-BCI). The proposed novel model, based on EEGNet, matches the requirements of memory footprint and computational resources of low-power microcontroller units (MCUs), such as the ARM Cortex-M family. Furthermore, the paper presents a set of methods, including temporal downsampling, channel selection, and narrowing of the classification window, to further scale down the model to relax memory requirements with negligible accuracy degradation. Experimental results on the Physionet EEG Motor Movement/Imagery Dataset show that standard EEGNet achieves 82.43%, 75.07%, and 65.07% classification accuracy on 2-, 3-, and 4-class MI tasks in global validation, outperforming the state-of-the-art (SoA) convolutional neural network (CNN) by 2.05%, 5.25%, and 5.48%. Our novel method further scales down the standard EEGNet at a negligible accuracy loss of 0.31% with 7.6x memory footprint reduction and a small accuracy loss of 2.51% with 15x reduction. The scaled models are deployed on a commercial Cortex-M4F MCU taking 101ms and consuming 4.28mJ per inference for operating the smallest model, and on a Cortex-M7 with 44ms and 18.1mJ per inference for the medium-sized model, enabling a fully autonomous, wearable, and accurate low-power BCI