Towards the Model-Driven Engineering of Secure yet Safe Embedded Systems

We introduce SysML-Sec, a SysML-based Model-Driven Engineering environment aimed at fostering the collaboration between system designers and security experts at all methodological stages of the development of an embedded system. A central issue in the design of an embedded system is the definition of the hardware/software partitioning of the architecture of the system, which should take place as early as possible. SysML-Sec aims to extend the relevance of this analysis through the integration of security requirements and threats. In particular, we propose an agile methodology whose aim is to assess early on the impact of the security requirements and of the security mechanisms designed to satisfy them over the safety of the system. Security concerns are captured in a component-centric manner through existing SysML diagrams with only minimal extensions. After the requirements captured are derived into security and cryptographic mechanisms, security properties can be formally verified over this design. To perform the latter, model transformation techniques are implemented in the SysML-Sec toolchain in order to derive a ProVerif specification from the SysML models. An automotive firmware flashing procedure serves as a guiding example throughout our presentation.Comment: In Proceedings GraMSec 2014, arXiv:1404.163

Making formal verification amenable to real-time UML practitioners

TTool, a real-time UML toolkit, offers user-friendly interfaces to formal verification techniques such as reachability analysis, observer-based analysis and automatic generation of traceability matrices. Those techniques are surveyed in the paper

TURTLE: Four Weddings and a Tutorial

The paper discusses an educational case study of protocol modelling in TURTLE, a real-time UML profile supported by the open source toolkit TTool. The method associated with TURTLE is step by step illustrated with the connection set up and handover procedures defined for the Future Air navigation Systems. The paper covers the following methodological stages: requirement modeling, use-case driven and scenario based analysis, object-oriented design and rapid prototyping in Java. Emphasis is laid on the formal verification of analysis and design diagrams

Traçabilité d'exigences temporelles dans l'outil UML/SysML TTool

La démonstration proposée concerne la traçabilité d'exigences tout au long du cycle de développement d'un système temps-réel, potentiellement distribué. L'outil TTool, basé sur un profil UML2, permet de saisir les exigences au format SysML, puis de confronter, par utilisation de techniques de vérification formelle, ces exigences aux diagrammes UML du système

Un environnement formel d'assistance à la modélisation de protocoles

The use of protocol design toolkits based on UML profiles has been hampered by the lack of methodological support. Indeed, those toolkits should include an assistant based on patterns and dedicated to driving the designer step by step through a well defined methodology. Thus, the TURTLE UML profile is extended with widely accepted service and protocol-oriented patterns. These patterns are built upon UML analysis diagrams i.e. use case, interaction overview and sequence diagrams. Moreover, all these patterns and diagrams have a formal semantics. Finally, they have been implemented in TTool, the open-source toolkit supporting TURTLE. The proposed approach remains general and may be applied to various modeling languages and use-case analysis driven processes

Model the System from Adversary Viewpoint: Threats Identification and Modeling

Security attacks are hard to understand, often expressed with unfriendly and limited details, making it difficult for security experts and for security analysts to create intelligible security specifications. For instance, to explain Why (attack objective), What (i.e., system assets, goals, etc.), and How (attack method), adversary achieved his attack goals. We introduce in this paper a security attack meta-model for our SysML-Sec framework, developed to improve the threat identification and modeling through the explicit representation of security concerns with knowledge representation techniques. Our proposed meta-model enables the specification of these concerns through ontological concepts which define the semantics of the security artifacts and introduced using SysML-Sec diagrams. This meta-model also enables representing the relationships that tie several such concepts together. This representation is then used for reasoning about the knowledge introduced by system designers as well as security experts through the graphical environment of the SysML-Sec framework.Comment: In Proceedings AIDP 2014, arXiv:1410.322

Safe and Secure Support for Public Safety Networks

International audienceAs explained by Tanzi et al. in the first volume of this book, communicating and autonomous devices will surely have a role to play in the future Public Safety Networks. The “communicating” feature comes from the fact that the information should be delivered in a fast way to rescuers. The “autonomous” characteristic comes from the fact that rescuers should not have to concern themselves about these objects: they should perform their mission autonomously so as not to delay the intervention of the rescuers, but rather to assist them efficiently and reliably.</p

System-Level Design and Virtual Prototyping of a Telecommunication Application on a NUMA Platform

International audienceThe use of model-driven approaches for embedded system design has become a common practice. Among these model-driven approaches, only a few of them include the generation of a full-system simulation comprising operating system, code generation for tasks and hardware simulation models. Even less common is the extension to massively parallel, NoC based designs, such as required for high performance streaming applications where dozens of tasks are replicated onto identical general purpose processor cores of a Multi-processor System-on-chip (MP-SoC). We present the extension of a system-level tool to handle clustered Network-on-Chip (NoC) with virtual prototyping platforms. On the one hand, the automatic generation of the virtual prototype becomes more complex as topcell, address mapping and linker script have to be adapted. On the other hand, the exploration of the design space is particularly important for this class of applications, as performance may strongly be impacted by Non Uniform Memory Access (NUMA)

TURTLE-P: a UML profile for the formal validation of critical and distributed systems

The timed UML and RT-LOTOS environment, or TURTLE for short, extends UML class and activity diagrams with composition and temporal operators. TURTLE is a real-time UML profile with a formal semantics expressed in RT-LOTOS. Further, it is supported by a formal validation toolkit. This paper introduces TURTLE-P, an extended profile no longer restricted to the abstract modeling of distributed systems. Indeed, TURTLE-P addresses the concrete descriptions of communication architectures, including quality of service parameters (delay, jitter, etc.). This new profile enables co-design of hardware and software components with extended UML component and deployment diagrams. Properties of these diagrams can be evaluated and/or validated thanks to the formal semantics given in RT-LOTOS. The application of TURTLE-P is illustrated with a telecommunication satellite system

Verifying service continuity in a satellite reconfiguration procedure: application to a satellite

The paper discusses the use of the TURTLE UML profile to model and verify service continuity during dynamic reconfiguration of embedded software, and space-based telecommunication software in particular. TURTLE extends UML class diagrams with composition operators, and activity diagrams with temporal operators. Translating TURTLE to the formal description technique RT-LOTOS gives the profile a formal semantics and makes it possible to reuse verification techniques implemented by the RTL, the RT-LOTOS toolkit developed at LAAS-CNRS. The paper proposes a modeling and formal validation methodology based on TURTLE and RTL, and discusses its application to a payload software application in charge of an embedded packet switch. The paper demonstrates the benefits of using TURTLE to prove service continuity for dynamic reconfiguration of embedded software