Security Modeling for Embedded System Design

  • Letitia W. LiEmail author
  • Florian Lugou
  • Ludovic Apvrille
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10744)


Among the many recent cyber attacks, the Mirai botnet DDOS attacks were carried out using infected IoTs. To prevent our connected devices from being thus compromised, their security vulnerabilities should be detected and mitigated early. This paper presents how the SysML-Sec Methodology has been enhanced for the evolving graphical modeling of security through the three stages of our embedded system design methodology: Analysis, HW/SW Partitioning, and Software Analysis. The security requirements and attack graphs generated during the Analysis phase determine the sensitive data and attacker model during the HW/SW Partitioning phase. We then accordingly generate a secured model with communication protection modeled using abstract security representations, which can then be translated into a Software/System Design Model. The Software Model is intended as the final detailed model of the system. Throughout the design process, formal verification and simulation evaluate safety, security, and performance of the system.


Embedded systems ProVerif Formal verification 



This work was partly funded by the French Government (National Research Agency, ANR) through the Investments for the Future Program reference #ANR-11-LABX-0031-01 and Institut VEDECOM.


  1. 1.
    Ali, Y., El-Kassas, S., Mahmoud, M.: A rigorous methodology for security architecture modeling and verification. In: Proceedings of the 42nd Hawaii International Conference on System Sciences. IEEE (2009). 978-0-7695-3450-3/09Google Scholar
  2. 2.
    Apvrille, L., Roudier, Y.: SysML-Sec: a model driven approach for designing safe and secure systems. In: 3rd International Conference on Model-Driven Engineering and Software Development, Special session on Security and Privacy in Model Based Engineering. SCITEPRESS Digital Library, France, February 2015Google Scholar
  3. 3.
    Apvrille, L.: TTool, December 2003.
  4. 4.
    Hansson, J., Wrage, L., Feiler, P.H., Morley, J., Lewis, B., Hugues, J.: Architectural modeling to verify security and nonfunctional behavior. IEEE Secur. Priv. 8(1), 43–49 (2010)CrossRefGoogle Scholar
  5. 5.
    Jürjens, J.: UMLsec: extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002). CrossRefGoogle Scholar
  6. 6.
    Kamkar, S.: Skyjack: autonomous drone hacking (2003).
  7. 7.
    Kordy, B., Kordy, P., Mauw, S., Schweitzer, P.: ADTool: security analysis with attack–defense trees. In: Joshi, K., Siegle, M., Stoelinga, M., D’Argenio, P.R. (eds.) QEST 2013. LNCS, vol. 8054, pp. 173–176. Springer, Heidelberg (2013). CrossRefGoogle Scholar
  8. 8.
    van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proceedings of the 26th International Conference on Software Engineering, ICSE 2004, pp. 148–157 (2004)Google Scholar
  9. 9.
    Li, L.W., Lugou, F., Apvrille, L.: Security-aware modeling and analysis for HW/SW partitioning. In: Conferénce on Model-Driven Engineering and Software Development (Modelsward 2017), Porto, Portugal, February 2017Google Scholar
  10. 10.
    Lin, C.W., Zheng, B., Zhu, Q., Sangiovanni-Vincentelli, A.: Security-aware design methodology and optimization for automotive systems. ACM Trans. Des. Autom. Electroni. Syst. (TODAES) 21(1), 18 (2015)Google Scholar
  11. 11.
    Lodderstedt, T., Basin, D., Doser, J.: SecureUML: a UML-based modeling language for model-driven security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002). CrossRefGoogle Scholar
  12. 12.
    Lugou, F., Li, L.W., Apvrille, L., Ameur-Boulifa, R.: SysML models and model transformation for security. In: Conferénce on Model-Driven Engineering and Software Development (Modelsward 2016), Rome, Italy, February 2016Google Scholar
  13. 13.
    Rodday, N.: Hacking a Professional Drone, March 2016. Slides at
  14. 14.
    Roudier, Y., Idrees, M.S., Apvrille, L.: Towards the model-driven engineering of security requirements for embedded systems. In: Proceedings of MoDRE 2013, Rio de Janeiro, Brazil, July 2013Google Scholar
  15. 15.
    Tanzi, T.J., Sebastien, O., Rizza, C.: Designing autonomous crawling equipment to detect personal connected devices and support rescue operations: technical and societal concerns. Radio Sci. Bull. 355(355), 35–44 (2015)Google Scholar
  16. 16.
    Vasilevskaya, M., Nadjm-Tehrani, S.: Quantifying risks to data assets using formal metrics in embedded system design. In: Koornneef, F., van Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9337, pp. 347–361. Springer, Cham (2015). CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  • Letitia W. Li
    • 1
    • 2
    Email author
  • Florian Lugou
    • 1
  • Ludovic Apvrille
    • 1
  1. 1.Télécom ParisTechUniversité Paris-SaclaySophia AntipolisFrance
  2. 2.Institut VEDECOMVersaillesFrance

Personalised recommendations