Towards the Model-Driven Engineering of Secure yet Safe Embedded Systems

We introduce SysML-Sec, a SysML-based Model-Driven Engineering environment aimed at fostering the collaboration between system designers and security experts at all methodological stages of the development of an embedded system. A central issue in the design of an embedded system is the definition of the hardware/software partitioning of the architecture of the system, which should take place as early as possible. SysML-Sec aims to extend the relevance of this analysis through the integration of security requirements and threats. In particular, we propose an agile methodology whose aim is to assess early on the impact of the security requirements and of the security mechanisms designed to satisfy them over the safety of the system. Security concerns are captured in a component-centric manner through existing SysML diagrams with only minimal extensions. After the requirements captured are derived into security and cryptographic mechanisms, security properties can be formally verified over this design. To perform the latter, model transformation techniques are implemented in the SysML-Sec toolchain in order to derive a ProVerif specification from the SysML models. An automotive firmware flashing procedure serves as a guiding example throughout our presentation.Comment: In Proceedings GraMSec 2014, arXiv:1404.163

Un environnement formel d'assistance à la modélisation de protocoles

The use of protocol design toolkits based on UML profiles has been hampered by the lack of methodological support. Indeed, those toolkits should include an assistant based on patterns and dedicated to driving the designer step by step through a well defined methodology. Thus, the TURTLE UML profile is extended with widely accepted service and protocol-oriented patterns. These patterns are built upon UML analysis diagrams i.e. use case, interaction overview and sequence diagrams. Moreover, all these patterns and diagrams have a formal semantics. Finally, they have been implemented in TTool, the open-source toolkit supporting TURTLE. The proposed approach remains general and may be applied to various modeling languages and use-case analysis driven processes

Model the System from Adversary Viewpoint: Threats Identification and Modeling

Security attacks are hard to understand, often expressed with unfriendly and limited details, making it difficult for security experts and for security analysts to create intelligible security specifications. For instance, to explain Why (attack objective), What (i.e., system assets, goals, etc.), and How (attack method), adversary achieved his attack goals. We introduce in this paper a security attack meta-model for our SysML-Sec framework, developed to improve the threat identification and modeling through the explicit representation of security concerns with knowledge representation techniques. Our proposed meta-model enables the specification of these concerns through ontological concepts which define the semantics of the security artifacts and introduced using SysML-Sec diagrams. This meta-model also enables representing the relationships that tie several such concepts together. This representation is then used for reasoning about the knowledge introduced by system designers as well as security experts through the graphical environment of the SysML-Sec framework.Comment: In Proceedings AIDP 2014, arXiv:1410.322

TURTLE-P: a UML profile for the formal validation of critical and distributed systems

The timed UML and RT-LOTOS environment, or TURTLE for short, extends UML class and activity diagrams with composition and temporal operators. TURTLE is a real-time UML profile with a formal semantics expressed in RT-LOTOS. Further, it is supported by a formal validation toolkit. This paper introduces TURTLE-P, an extended profile no longer restricted to the abstract modeling of distributed systems. Indeed, TURTLE-P addresses the concrete descriptions of communication architectures, including quality of service parameters (delay, jitter, etc.). This new profile enables co-design of hardware and software components with extended UML component and deployment diagrams. Properties of these diagrams can be evaluated and/or validated thanks to the formal semantics given in RT-LOTOS. The application of TURTLE-P is illustrated with a telecommunication satellite system

TURTLE: Four Weddings and a Tutorial

The paper discusses an educational case study of protocol modelling in TURTLE, a real-time UML profile supported by the open source toolkit TTool. The method associated with TURTLE is step by step illustrated with the connection set up and handover procedures defined for the Future Air navigation Systems. The paper covers the following methodological stages: requirement modeling, use-case driven and scenario based analysis, object-oriented design and rapid prototyping in Java. Emphasis is laid on the formal verification of analysis and design diagrams

Traçabilité d'exigences temporelles dans l'outil UML/SysML TTool

La démonstration proposée concerne la traçabilité d'exigences tout au long du cycle de développement d'un système temps-réel, potentiellement distribué. L'outil TTool, basé sur un profil UML2, permet de saisir les exigences au format SysML, puis de confronter, par utilisation de techniques de vérification formelle, ces exigences aux diagrammes UML du système

Making formal verification amenable to real-time UML practitioners

TTool, a real-time UML toolkit, offers user-friendly interfaces to formal verification techniques such as reachability analysis, observer-based analysis and automatic generation of traceability matrices. Those techniques are surveyed in the paper

Vérification d'exigences d'un modèle SysML

Vérification formelle du modèle SysML du pacemaker qui sert d'étude de cas au long de l'ouvrage

Verifying service continuity in a satellite reconfiguration procedure: application to a satellite

The paper discusses the use of the TURTLE UML profile to model and verify service continuity during dynamic reconfiguration of embedded software, and space-based telecommunication software in particular. TURTLE extends UML class diagrams with composition operators, and activity diagrams with temporal operators. Translating TURTLE to the formal description technique RT-LOTOS gives the profile a formal semantics and makes it possible to reuse verification techniques implemented by the RTL, the RT-LOTOS toolkit developed at LAAS-CNRS. The paper proposes a modeling and formal validation methodology based on TURTLE and RTL, and discusses its application to a payload software application in charge of an embedded packet switch. The paper demonstrates the benefits of using TURTLE to prove service continuity for dynamic reconfiguration of embedded software

Nouvelle approche TURTLE pour le dimensionnement et la validation de systèmes répartis temps réel

Le profil UML temps réel TURTLE supporté par l'outil open-source TTool offre un cadre formel pour la modélisation et la vérification formelle de systèmes temps réel communicants. Cet article ajoute à la méthode TURTLE un volet "calcul réseau" adapté au traitement des systèmes temps réel répartis à large échelle. Ce volet permet de dimensionner le réseau en prenant en compte les trafics des différents n\oe uds, puis d'injecter les résultats de dimensionnement dans les modélisations TURTLE. Cette approche permet au niveau des modèles TURTLE de n'explorer le système que pour un nombre réduit de nœuds du système réparti. Un système de vidéo-conférence au sein d'un campus universitaire sert d'étude de cas