Security Analysis of System Behaviour - From "Security by Design" to "Security at Runtime" -

The Internet today provides the environment for novel applications and processes which may evolve way beyond pre-planned scope and purpose. Security analysis is growing in complexity with the increase in functionality, connectivity, and dynamics of current electronic business processes. Technical processes within critical infrastructures also have to cope with these developments. To tackle the complexity of the security analysis, the application of models is becoming standard practice. However, model-based support for security analysis is not only needed in pre-operational phases but also during process execution, in order to provide situational security awareness at runtime. This cumulative thesis provides three major contributions to modelling methodology. Firstly, this thesis provides an approach for model-based analysis and verification of security and safety properties in order to support fault prevention and fault removal in system design or redesign. Furthermore, some construction principles for the design of well-behaved scalable systems are given. The second topic is the analysis of the exposition of vulnerabilities in the software components of networked systems to exploitation by internal or external threats. This kind of fault forecasting allows the security assessment of alternative system configurations and security policies. Validation and deployment of security policies that minimise the attack surface can now improve fault tolerance and mitigate the impact of successful attacks. Thirdly, the approach is extended to runtime applicability. An observing system monitors an event stream from the observed system with the aim to detect faults - deviations from the specified behaviour or security compliance violations - at runtime. Furthermore, knowledge about the expected behaviour given by an operational model is used to predict faults in the near future. Building on this, a holistic security management strategy is proposed. The architecture of the observing system is described and the applicability of model-based security analysis at runtime is demonstrated utilising processes from several industrial scenarios. The results of this cumulative thesis are provided by 19 selected peer-reviewed papers

Embedded Linux as a Platform for Dynamically Self-Reconfiguring Systems-On-Chip

We have previously argued the benefits of embedded Linux as an operating system platform for reconfigurable system-on-chip design. In this paper we describe our approach to building tools for the implementation of dynamically and self-reconfigurable systems, and show that embedded Linux is a natural and powerful platform on which to build these tools. We present examples and demonstrations that show how complex operations such as obtaining partial bit streams from remote servers and initiating reconfiguration are achieved with a single line of Linux shell script

MADES: A SysML/MARTE high level methodology for real-time and embedded systems

International audienceRapid evolution of real-time and embedded systems (RTES) is continuing at an increasing rate, and new method-ologies and design tools are needed to reduce design complexity while decreasing development costs and integrating aspects such as verification and validation. Model-Driven Engineering offers an interesting solution to the above mentioned challenges and is being widely used in various industrial and academic research projects. This paper presents the EU funded MADES project which aims to develop novel model-driven techniques to improve existing practices in development of RTES for avionics and surveillance embedded systems industries. MADES proposes a subset of existing UML profiles for embedded systems modeling: namely MARTE and SysML, and is developing new tools and technologies that support design, validation, simulation and eventual automatic code generation, while integrating aspects such as component re-use. In this paper, we first introduce the MADES language, which enables rapid system design and specification that can be then taken by underlying MADES tools for goals such as simulation or code generation. Finally, we illustrate the various concepts present in the MADES language by means of a car collision avoidance system case study

From FPGA to ASIC: A RISC-V processor experience

This work document a correct design flow using these tools in the Lagarto RISC- V Processor and the RTL design considerations that must be taken into account, to move from a design for FPGA to design for ASIC

Software Product Line

The Software Product Line (SPL) is an emerging methodology for developing software products. Currently, there are two hot issues in the SPL: modelling and the analysis of the SPL. Variability modelling techniques have been developed to assist engineers in dealing with the complications of variability management. The principal goal of modelling variability techniques is to configure a successful software product by managing variability in domain-engineering. In other words, a good method for modelling variability is a prerequisite for a successful SPL. On the other hand, analysis of the SPL aids the extraction of useful information from the SPL and provides a control and planning strategy mechanism for engineers or experts. In addition, the analysis of the SPL provides a clear view for users. Moreover, it ensures the accuracy of the SPL. This book presents new techniques for modelling and new methods for SPL analysis

New verification method for embedded systems

Journal ArticleAbstract-Verification of embedded systems is complicated by the fact that they are composed of digital hardware, analog sensors and actuators, and low level software. In order to verify the interaction of these heterogeneous components, it would be beneficial to have a single modeling formalism that is capable of representing all of these components. To address this need, this paper describes an extended labeled hybrid Petri net (LHPN) model that includes constructs for Boolean, discrete, and continuous variables as well as constructs to model timing. This paper also presents a method to verify these extended LHPNs. Finally, this paper presents a case study to illustrate the application of this model to the verification of a fault-tolerant temperature sensor