Model-Based Security Risk Analysis for Networked Embedded Systems
Finding a balance between functional and non-functional requirements and resources in embedded systems has always been a challenge. What brings this challenge into a sharper focus is that embedded devices are increasingly deployed in many networked applications, some of which will form the backbone of the critical information infrastructures on which we all depend. The Security-Enhanced Embedded system Development (SEED) process has proposed a set of tools that a bridge the two islands of expertise, the engineers specialised in embedded systems development and the security experts. This paper identifies a gap in the tool chain that links the identification of assets to be protected to the associated security risks seen from different stakeholder perspectives. The needed tool support for systematic prioritisation of identified assets, and the selection of security building blocks at design stage based on a risk picture of different stakeholders, are characterised. The ideas are illustrated in a smart metering infrastructure scenario.
KeywordsEmbed System Smart Grid Stakeholder Perspective Embed Device National Regulatory Agency
- 1.The SecFutur project: Design of Secure and Energy-efficient Embedded Systems for Future Internet Application. http://www.secfutur.eu
- 3.Alberts, C., Dorofee, A.: Managing Information Security Risks: The Octave Approach. SEI Series in Software Engineering. Addison-Wesley, Boston (2003)Google Scholar