Towards the Model-Driven Engineering of Secure yet Safe Embedded Systems

We introduce SysML-Sec, a SysML-based Model-Driven Engineering environment aimed at fostering the collaboration between system designers and security experts at all methodological stages of the development of an embedded system. A central issue in the design of an embedded system is the definition of the hardware/software partitioning of the architecture of the system, which should take place as early as possible. SysML-Sec aims to extend the relevance of this analysis through the integration of security requirements and threats. In particular, we propose an agile methodology whose aim is to assess early on the impact of the security requirements and of the security mechanisms designed to satisfy them over the safety of the system. Security concerns are captured in a component-centric manner through existing SysML diagrams with only minimal extensions. After the requirements captured are derived into security and cryptographic mechanisms, security properties can be formally verified over this design. To perform the latter, model transformation techniques are implemented in the SysML-Sec toolchain in order to derive a ProVerif specification from the SysML models. An automotive firmware flashing procedure serves as a guiding example throughout our presentation.Comment: In Proceedings GraMSec 2014, arXiv:1404.163

Model the System from Adversary Viewpoint: Threats Identification and Modeling

Security attacks are hard to understand, often expressed with unfriendly and limited details, making it difficult for security experts and for security analysts to create intelligible security specifications. For instance, to explain Why (attack objective), What (i.e., system assets, goals, etc.), and How (attack method), adversary achieved his attack goals. We introduce in this paper a security attack meta-model for our SysML-Sec framework, developed to improve the threat identification and modeling through the explicit representation of security concerns with knowledge representation techniques. Our proposed meta-model enables the specification of these concerns through ontological concepts which define the semantics of the security artifacts and introduced using SysML-Sec diagrams. This meta-model also enables representing the relationships that tie several such concepts together. This representation is then used for reasoning about the knowledge introduced by system designers as well as security experts through the graphical environment of the SysML-Sec framework.Comment: In Proceedings AIDP 2014, arXiv:1410.322

Measuring Password Strength: An Empirical Analysis

We present an in-depth analysis on the strength of the almost 10,000 passwords from users of an instant messaging server in Italy. We estimate the strength of those passwords, and compare the effectiveness of state-of-the-art attack methods such as dictionaries and Markov chain-based techniques. We show that the strength of passwords chosen by users varies enormously, and that the cost of attacks based on password strength grows very quickly when the attacker wants to obtain a higher success percentage. In accordance with existing studies we observe that, in the absence of measures for enforcing password strength, weak passwords are common. On the other hand we discover that there will always be a subset of users with extremely strong passwords that are very unlikely to be broken. The results of our study will help in evaluating the security of password-based authentication means, and they provide important insights for inspiring new and better proactive password checkers and password recovery tools.Comment: 15 pages, 9 figure

Secure P2P Data Storage and Maintenance

P2P data storage requires strong reliability and security assurances. Existing data storage solutions have been designed for centralized as well as distributed settings; yet they do not address the security and cooperation issues raised by self-organization. P2P systems also introduce new needs regarding data availability due to the dynamicity of the infrastructure, which are unaddressed so far. This paper first discusses the approaches for tackling these problems. A solution is then introduced that relies on self-organizing security mechanisms in conjunction with a data rejuvenation scheme using erasure codes

Summary of Articles

CARAM Experiments. This file contains the simulation data (see Section Experimental results) including the risk values for several classes of CSCs for all the analyzed CSPs from STAR. (XLSX 331 kb

The SLOOP project: Simulations, Parallel Object-Oriented Languages, Interconnection Networks

International audienc