Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems Vanderbilt University A joint work with Matthew Eby, Janos Mathe, Jan Werner, Taojun Wu, Gabor Karsai, Sandeep Neema, Janos Sztipanovits, Akos Ledeczi
28
Embed
Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Building Security into Embedded Systems:Validating Theoretical Designs using Experimental
Platforms
Yuan XueInstitute for Software Integrated Systems Vanderbilt University
A joint work withMatthew Eby, Janos Mathe, Jan Werner, Taojun Wu, Gabor Karsai, Sandeep Neema, Janos Sztipanovits, Akos Ledeczi
Outline
• Introduction• Challenge• Approach• Two Projects
– Experiment Platform for Model-based Secure Embedded System Design
– Application-Driven Testbed for Wireless Sensor Network Security Analysis and Design
Introduction
• Embedded systems – Low end: cellphones, PDAs, sensors, smartcards– High end: routers, home appliances
• They are– Interactive with physical world – Pervasive in our daily life– Essential for national critical infrastructure
• Currently embedded systems are migrating – From proprietary solutions to open standard– From standalone systems to networked
environments
Increasing concern of security threats in embedded systems
Challenge
• Security solutions developed in the context of desktop-based operating systems and networks– Cryptography, – Secure network protocol– Etc.
• Designing secure embedded systems faces unique challenges– Embedded system design is a systems-software co-design
problem needs to meet cross-cutting requirements in terms of performance and physical constraints
– Securing embedded systems involves more issues than what are addressed for desktop computing
• Resource constraint • Development model and environment
Applying existing security mechanisms as the additions of functional features is insufficient to secure embedded systems
Approach
• Our approach– security consideration as an integral part
throughout the design process, – security design to be validated over the
software and system platforms.
• This talk will present two experimental platforms– Plant control system– Wireless sensor network
Secure embedded system design needs to be validatedusing the experimental platforms
Experimental Platform for
Model-Based Secure Embedded System Design
Overview
• Model-based Approach to Embedded System Design
• Integrate Security into Model-based Approach
• Experiment Platform Architecture• Demonstration System
Model-based Approach
Models facilitate formal analysis, verification, validationand generation of embedded systems
Functional Models
ComponentModels
Componentized Model Platform
Model
Deployment Model
Generators(Interpreters)
Composition Platform(e.g.: AADL)
HW/SW Architecture(Windows, Linux)
Source Files(e.g.: SimuLink, Hand crafted code, etc.)
Source Files(e.g.: SimuLink, Hand crafted code, etc.)
Security Extension examples
• Role Based Access Control
• Secure Links• Fair Exchange
Functional Model
Component Model
Secure Componentized Model
PlatformModel
Deployment Model
Securityextension
Securityservice
Secure Component Structure Model
Securitypolicy
Advantages
• Advantages to integrate security into model-based embedded system development– Introducing security at design level– Verifying required security properties using
explicit security models– Consistent and automatic configuration of
security services offered by the operating system
– Investigating design tradeoffs between performance and security properties
An Example based on AADL
• AADL (Architectural Analysis and Design Language – SAE Aerospace Standard (AS5506)– provide a standard interface and
environment for system designers to model, analyze and generate embedded system code. AADL Components
AADL Metamodel
AADL Security Extension
An example security mechanism
Role-based Access Control
• Objects – subject to access control
• Operations – execution of some functions on objects
• Permissions – approval to perform operation on RBAC protected object
• Roles – job with assigned authority and responsibility
• Users – human being, machine, network or agent requesting operation on objects
Security Extension Metamodel
Platform Security Service Modeling
Security Service Providers• OS (ex: Linux, LynxOS, WinCE)• HW (ex: Space Partitioning,
Memory protection)• Services of different
applications• (ex: Web Browser Based
Authentication)• Partition in OS
Platform Security Models with sufficient detail enable Code Generators to access Platform Specific Security Services