107,393 research outputs found
Towards the Model-Driven Engineering of Secure yet Safe Embedded Systems
We introduce SysML-Sec, a SysML-based Model-Driven Engineering environment
aimed at fostering the collaboration between system designers and security
experts at all methodological stages of the development of an embedded system.
A central issue in the design of an embedded system is the definition of the
hardware/software partitioning of the architecture of the system, which should
take place as early as possible. SysML-Sec aims to extend the relevance of this
analysis through the integration of security requirements and threats. In
particular, we propose an agile methodology whose aim is to assess early on the
impact of the security requirements and of the security mechanisms designed to
satisfy them over the safety of the system. Security concerns are captured in a
component-centric manner through existing SysML diagrams with only minimal
extensions. After the requirements captured are derived into security and
cryptographic mechanisms, security properties can be formally verified over
this design. To perform the latter, model transformation techniques are
implemented in the SysML-Sec toolchain in order to derive a ProVerif
specification from the SysML models. An automotive firmware flashing procedure
serves as a guiding example throughout our presentation.Comment: In Proceedings GraMSec 2014, arXiv:1404.163
Model and Integrate Medical Resource Available Times and Relationships in Verifiably Correct Executable Medical Best Practice Guideline Models (Extended Version)
Improving patient care safety is an ultimate objective for medical
cyber-physical systems. A recent study shows that the patients' death rate is
significantly reduced by computerizing medical best practice guidelines. Recent
data also show that some morbidity and mortality in emergency care are directly
caused by delayed or interrupted treatment due to lack of medical resources.
However, medical guidelines usually do not provide guidance on medical resource
demands and how to manage potential unexpected delays in resource availability.
If medical resources are temporarily unavailable, safety properties in existing
executable medical guideline models may fail which may cause increased risk to
patients under care. The paper presents a separately model and jointly verify
(SMJV) architecture to separately model medical resource available times and
relationships and jointly verify safety properties of existing medical best
practice guideline models with resource models being integrated in. The SMJV
architecture allows medical staff to effectively manage medical resource
demands and unexpected resource availability delays during emergency care. The
separated modeling approach also allows different domain professionals to make
independent model modifications, facilitates the management of frequent
resource availability changes, and enables resource statechart reuse in
multiple medical guideline models. A simplified stroke scenario is used as a
case study to investigate the effectiveness and validity of the SMJV
architecture. The case study indicates that the SMJV architecture is able to
identify unsafe properties caused by unexpected resource delays.Comment: full version, 12 page
Handling Data-Based Concurrency in Context-Aware Service Protocols
Dependency analysis is a technique to identify and determine data
dependencies between service protocols. Protocols evolving concurrently in the
service composition need to impose an order in their execution if there exist
data dependencies. In this work, we describe a model to formalise context-aware
service protocols. We also present a composition language to handle dynamically
the concurrent execution of protocols. This language addresses data dependency
issues among several protocols concurrently executed on the same user device,
using mechanisms based on data semantic matching. Our approach aims at
assisting the user in establishing priorities between these dependencies,
avoiding the occurrence of deadlock situations. Nevertheless, this process is
error-prone, since it requires human intervention. Therefore, we also propose
verification techniques to automatically detect possible inconsistencies
specified by the user while building the data dependency set. Our approach is
supported by a prototype tool we have implemented.Comment: In Proceedings FOCLASA 2010, arXiv:1007.499
- …