Towards the Model-Driven Engineering of Secure yet Safe Embedded Systems

We introduce SysML-Sec, a SysML-based Model-Driven Engineering environment aimed at fostering the collaboration between system designers and security experts at all methodological stages of the development of an embedded system. A central issue in the design of an embedded system is the definition of the hardware/software partitioning of the architecture of the system, which should take place as early as possible. SysML-Sec aims to extend the relevance of this analysis through the integration of security requirements and threats. In particular, we propose an agile methodology whose aim is to assess early on the impact of the security requirements and of the security mechanisms designed to satisfy them over the safety of the system. Security concerns are captured in a component-centric manner through existing SysML diagrams with only minimal extensions. After the requirements captured are derived into security and cryptographic mechanisms, security properties can be formally verified over this design. To perform the latter, model transformation techniques are implemented in the SysML-Sec toolchain in order to derive a ProVerif specification from the SysML models. An automotive firmware flashing procedure serves as a guiding example throughout our presentation.Comment: In Proceedings GraMSec 2014, arXiv:1404.163

Model-Based Security Testing

Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST) is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns. This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.Comment: In Proceedings MBT 2012, arXiv:1202.582

A UML-based static verification framework for security

Secure software engineering is a new research area that has been proposed to address security issues during the development of software systems. This new area of research advocates that security characteristics should be considered from the early stages of the software development life cycle and should not be added as another layer in the system on an ad-hoc basis after the system is built. In this paper, we describe a UML-based Static Verification Framework (USVF) to support the design and verification of secure software systems in early stages of the software development life-cycle taking into consideration security and general requirements of the software system. USVF performs static verification on UML models consisting of UML class and state machine diagrams extended by an action language. We present an operational semantics of UML models, define a property specification language designed to reason about temporal and general properties of UML state machines using the semantic domains of the former, and implement the model checking process by translating models and properties into Promela, the input language of the SPIN model checker. We show that the methodology can be applied to the verification of security properties by representing the main aspects of security, namely availability, integrity and confidentiality, in the USVF property specification language

A fuzzy-based technique for describing security requirements of intrusion tolerant systems

To care for security in early stages of software development has always been a major engineering trend. However, due to the existence of unpreventable and accidental security faults within the system, it is not always possible to entirely identify and mitigate the security threats. This may eventually lead to security failure of the target system. To avoid security failure, it is required to incorporate fault tolerance (i.e. intrusion tolerant) into the security requirements of the system. In this paper, we propose a new technique toward description of security requirements of Intrusion Tolerant Systems (ITS) using fuzzy logic. We care for intrusion tolerance in security requirements of the system through considering partial satisfaction of security goals. This partiality is accepted and formally described through establishment of a Goal-Based Fuzzy Grammar (GFG) and its respective Goal -Based Fuzzy Language (GFL) for describing Security Requirement Model (SRM) of the target ITS

S-Scrum: a secure methodology for agile development of web services

To care for security in early stages of software development has always been a major engineering trend. However, due to the existence of unpreventable and accidental security faults within the system, it is not always possible to entirely identify and mitigate the security threats. This may eventually lead to security failure of the target system. To avoid security failure, it is required to incorporate fault tolerance (i.e. intrusion tolerant) into the security requirements of the system. In this paper, we propose a new technique toward description of security requirements of Intrusion Tolerant Systems (ITS) using fuzzy logic. We care for intrusion tolerance in security requirements of the system through considering partial satisfaction of security goals. This partiality is accepted and formally described through establishment of a Goal-Based Fuzzy Grammar (GFG) and its respective Goal-Based Fuzzy Language (GFL) for describing Security Requirement Model (SRM) of the target ITS

A New Consistency Validation Approach to Enhance the Quality of Functional Security Requirements for Secure Software

Quality security requirements contribute to the success of secure software development. However, the process of eliciting security requirements is tedious and complex. It also requires requirements engineers to have security experience in the process of eliciting consistent security requirements from the clients-stakeholders. Most of the requirements engineers faced problems in eliciting consistent security compliance requirements from the clients-stakeholders as they misunderstood the real needs and the security term used. Thus, this resulted to inconsistent security requirements being elicited. The inconsistency leads to incorrect and insecure software systems being developed as well as to disruptions of schedule and increase of a project's expenditure. Motivated by these problems, this study is aimed to propose a new approach for consistency validation of functional security requirements. Here, security requirements specifications will be collected from software vendors to analyse the flow of functional security requirements process. Next, visual differencing will be integrated to cross-validate the consistency of the elicited functional security requirements with the best-practise template. Here, security requirements best-practice template pattern library will be designed and a new mathematical formulation that defines the consistency validation rules of security requirements will also be constructed. The formulation will be based on the security-related semi-formalised model, called SecEssential Use Case (SecEUC).This approach will then be realised with a proof of concept prototype tool and will be compared with the existing approaches, focusing on its ability to validate the inconsistency of the functional security requirements. Finally, this study is believed could provide a positive impact to the software industry by reducing the development cost as it allows the requirements engineers to validate the inconsistency that occurs in the elicited security compliance requirements at the early stage of the secure software development

A collective intelligence approach for building student's trustworthiness profile in online learning

(c) 2014 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.Information and communication technologies have been widely adopted in most of educational institutions to support e-Learning through different learning methodologies such as computer supported collaborative learning, which has become one of the most influencing learning paradigms. In this context, e-Learning stakeholders, are increasingly demanding new requirements, among them, information security is considered as a critical factor involved in on-line collaborative processes. Information security determines the accurate development of learning activities, especially when a group of students carries out on-line assessment, which conducts to grades or certificates, in these cases, IS is an essential issue that has to be considered. To date, even most advances security technological solutions have drawbacks that impede the development of overall security e-Learning frameworks. For this reason, this paper suggests enhancing technological security models with functional approaches, namely, we propose a functional security model based on trustworthiness and collective intelligence. Both of these topics are closely related to on-line collaborative learning and on-line assessment models. Therefore, the main goal of this paper is to discover how security can be enhanced with trustworthiness in an on-line collaborative learning scenario through the study of the collective intelligence processes that occur on on-line assessment activities. To this end, a peer-to-peer public student's profile model, based on trustworthiness is proposed, and the main collective intelligence processes involved in the collaborative on-line assessments activities, are presented.Peer ReviewedPostprint (author's final draft

A framework for the formulation of security issues in the field of e-learning using Meta-Synthesis method

Application development and e-learning services in the context of communication networks and information along with qualitative and quantitative improvements of activities and services can expand some of threats which emergence in the networks of this infrastructure of telecommunications. Consequently, this is an inevitable necessity attention to accuracy and efficiency payment issues and security concerns to managers and decision makers. Based on other researches and effective experiences in the field of e-learning security, this research attempts to define a logical structure to security contents in this field. We have presented a three-dimensional model for security issues and requirements of e-learning, based on the findings of research. Actuarial three-dimensional model are infrastructure-oriented viewpoint; service-oriented viewpoint and customer-oriented viewpoint. Each of these three dimensions in this model has described in the form of model with two fields: e-learning issues and security of e-learning issues

Modeling the linkage between systems interoperability and security engineering

Industry, finance, and other business activities are increasingly reliant on computer networks and systems, which demand effective interoperability of systems. But this also demands effective systems security, which poses a major challenge to the socio-technical interactions enabled by interoperable tools. This paper addresses modeling of the linkages between interoperability and security in the model design stage of systems development. It considers current interoperability frameworks and the manner in which they may be combined with security standards and desirable characteristics to create trusted, robust systems that are central to the operation of network enabled large scale applications. An holistic approach for interoperability and security is presented based on systems requirements modeling and model based architecting principles

Supporting the Discovery, Reuse, and Validation of Cybersecurity Requirements at the Early Stages of the Software Development Lifecycle

The focus of this research is to develop an approach that enhances the elicitation and specification of reusable cybersecurity requirements. Cybersecurity has become a global concern as cyber-attacks are projected to cost damages totaling more than $10.5 trillion dollars by 2025. Cybersecurity requirements are more challenging to elicit than other requirements because they are nonfunctional requirements that requires cybersecurity expertise and knowledge of the proposed system. The goal of this research is to generate cybersecurity requirements based on knowledge acquired from requirements elicitation and analysis activities, to provide cybersecurity specifications without requiring the specialized knowledge of a cybersecurity expert, and to generate reusable cybersecurity requirements. The proposed approach can be an effective way to implement cybersecurity requirements at the earliest stages of the system development life cycle because the approach facilitates the identification of cybersecurity requirements throughout the requirements gathering stage. This is accomplished through the development of the Secure Development Ontology that maps cybersecurity features and the functional features descriptions in order to train a classification machine-learning model to return the suggested security requirements. The SD-SRE requirements engineering portal was created to support the application of this research by providing a platform to submit use case scenarios and requirements and suggest security requirements for the given system. The efficacy of this approach was tested with students in a graduate requirements engineering course. The students were presented with a system description and tasked with creating use case scenarios using the SD-SRE portal. The entered models were automatically analyzed by the SD-SRE system to suggest the security requirements. The results showed that the approach can be an effective approach to assist in the identification of security requirements