Abstract
With the advent of the Internet of Things (IoT) and Cyber-Physical Systems (CPS), embedded devices have been gaining importance in our daily lives, as well as industrial processes. Independent of their usage, be it within an IoT system or a CPS, embedded devices are always an attractive target for security attacks, mainly due to their continuous network availability and the importance of the data they handle. Thus, the design of such systems requires a thorough consideration of the various security constraints they are liable to. Introducing these security constraints, next to other requirements, such as power consumption, and performance increases the number of design choices a system designer must consider. As the various constraints are often conflicting with each other, designers face the complex task of balancing them. System designers facilitate Design Space Exploration (DSE) tools to support a system designer in this job. However, available DSE tools only offer a limited way of considering security constraints during the design process. In this article, we introduce a novel DSE framework, which allows the consideration of security constraints, in the form of attack scenarios, and attack mitigations in the form of security tasks. Based on the descriptions of the system’s functionality and architecture, possible attacks, and known mitigation techniques, the framework finds the optimal design for a secure IoT device or CPS. Our framework’s functionality and its benefits are shown based on the design of a secure sensor system.
- 2012. Common Criteria for Information Technology Security Evaluation Part 2. Retrieved from https://doi.org/10.1016/S0168-3659(03)00201-3.Google Scholar
- Mohammed Nasser Al-mhiqani, Rabiah Ahmad, Warusia Yassin, Aslinda Hassan, Zaheera Zainal Abidin, Nabeel Salih Ali, and Karrar Hameed Abdulkareem. 2018. Cyber-security incidents: A review cases in cyber-physical systems. Int. J. Adv. Comput. Sci. Appl 9, 1 (2018) 499–508.Google Scholar
- Paul Ammann, Duminda Wijesekera, and Saket Kaushik. 2002. Scalable, graph-based network vulnerability analysis. In Proceedings of the 9th ACM Conference on Computer and Communications Security. ACM, New York, NY, 217–224. DOI:https://doi.org/10.1145/586110.586140Google Scholar
Digital Library
- Nan Feng, Harry Jiannan Wang, and Minqiang Li. 2014. A security risk analysis model for information systems: Causal relationships of risk factors and vulnerability propagation analysis. Inf. Sci. 256 (2014), 57–73. DOI:https://doi.org/10.1016/j.ins.2013.02.036Google Scholar
Digital Library
- Marcel Frigault and Lingyu Wang. 2008. Measuring network security using bayesian network-based attack graphs. In 2008 32nd Annual IEEE International Computer Software and Applications Conference. IEEE, 698–703.Google Scholar
Digital Library
- Sebastian Graf, Michael Glaß, Jürgen Teich, and Christoph Lauer. 2014. Multi-variant-based design space exploration for automotive embedded systems. In Proceedings of the 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE’14). IEEE, 1–6.Google Scholar
Cross Ref
- Lukas Gressl, Christian Steger, and Ulrich Neffe. 2019. A security aware design space exploration framework. In Proceedings of the 14th International Conference on Systems (ICONS’19). ThinkMind(TM) Digital Library, Valencia, Spain.Google Scholar
- Lukas Gressl, Christian Steger, and Ulrich Neffe. 2019. Security driven design space exploration for embedded systems. In Proceedings of the 2019 Forum for Specification and Design Languages (FDL’19). IEEE, 1–8. DOI:https://doi.org/10.1109/FDL.2019.8876944Google Scholar
Cross Ref
- Haipeng Guo and William Hsu. 2002. A survey of algorithms for real-time bayesian network inference. Pap. Wkshp. Real-Time Decis. Supp. Diagn. Syst.1 (2002).Google Scholar
- Monowar Hasan, Sibin Mohan, Rodolfo Pellizzoni, and Rakesh B. Bobba. 2018. A design-space exploration for allocating security tasks in multicore real-Time systems. In Proceedings of the 2018 Design, Automation and Test in Europe Conference and Exhibition (DATE’18). DOI:https://doi.org/10.23919/DATE.2018.8342007Google Scholar
Cross Ref
- David Heckerman and John S. Breese. 1996. Causal independence for probability assessment and inference using Bayesian networks. IEEE Trans. Syst. Man Cybernet. A: Syst. Hum. 26, 6 (1996). DOI:https://doi.org/10.1109/3468.541341Google Scholar
- Shawn Hernan, Scott Lambert, Tomasz Ostwald, and Adam Shostack. 2006. Threat modeling-uncover security design flaws using the stride approach. MSDN Mag. (2006), 68–75.Google Scholar
- Ke Jiang, Petru Eles, and Zebo Peng. 2013. Optimization of secure embedded systems with dynamic task sets. In Proceedings of the Design, Automation and Test in Europe (DATE’13), 1765–1770. DOI:https://doi.org/10.7873/date.2013.355Google Scholar
Cross Ref
- Jan Jürjens. 2005. Sound methods and effective tools for model-based security engineering with UML. In Proceedings of the 27th International Conference on Software Engineering (ICSE’05). DOI:https://doi.org/10.1145/1062455.1062519Google Scholar
Digital Library
- Eunusk Kang. 2016. Design space exploration for security. IEEE Cybersecur. Dev. Des. (2016). DOI:https://doi.org/10.1109/SecDev.2016.22Google Scholar
Cross Ref
- Bastian Knerr. 2008. Heuristic Optimisation Methods for System Partitioning in HW / SW Co-Design. Ph.D. Dissertation. Vienna University of Technology.Google Scholar
- Letitia W. Li, Florian Lugou, and Ludovic Apvrille. 2017. Security-aware modeling and analysis for HW/SW partitioning. In Proceedings of the 5th International Conference on Model-Driven Engineering and Software Development (2017). DOI:https://doi.org/10.5220/0006119603020311Google Scholar
Digital Library
- Chih Ta Lin, Sung Lin Wu, and Mei Lin Lee. 2017. Cyber attack and defense on industry control systems. In Proceedings of the 2017 IEEE Conference on Dependable and Secure Computing. DOI:https://doi.org/10.1109/DESEC.2017.8073874Google Scholar
Cross Ref
- Chumg-Wei Lin and Alberto Sangiovanni-Vincentelli. 2017. Security-Aware Design for Cyber-Physical Systems. Springer.Google Scholar
- Chung Wei Lin, Qi Zhu, and Alberto Sangiovanni-Vincentelli. 2015. Security-aware mapping for TDMA-based real-Time distributed systems. In Proceedings of the IEEE/ACM International Conference on Computer-Aided Design, Digest of Technical Papers (ICCAD’15), 24–31. DOI:https://doi.org/10.1109/ICCAD.2014.7001325Google Scholar
- Chung Wei Lin, Qi Zhu, and Alberto Sangiovanni-Vincentelli. 2015. Security-aware modeling and efficient mapping for CAN-based real-time distributed automotive systems. IEEE Embed. Syst. Lett. 7, 1 (2015), 11–14. DOI:https://doi.org/10.1109/LES.2014.2354011Google Scholar
Digital Library
- Yung Chia Lin, Chung Wen Huang, and Jenq Kuen Lee. 2005. System-level design space exploration for security processor prototyping in analytical approaches. In Proceedings of the Asia and South Pacific Design Automation Conference (ASP-DAC’05), 376–380. DOI:https://doi.org/10.1145/1120725.1120873Google Scholar
Digital Library
- Martin Lukasiewycz, Philipp Mundhenk, and Sebastian Steinhorst. 2016. Security-aware obfuscated priority assignment for automotive CAN platforms. ACM Trans. Des. Autom. Electr. Syst. 21, 2 (2016), 1–27. DOI:https://doi.org/10.1145/2831232Google Scholar
Digital Library
- Giovanni Mariani, Prabhat Avasare, Geert Vanmeerbeeck, Chantal Ykman-Couvreur, Gianluca Palermo, Cristina Silvano, and Vittorio Zaccaria. 2010. An industrial design space exploration framework for supporting run-time resource management on multi-core systems. In Proceedings of the 2010 Design, Automation & Test in Europe Conference & Exhibition (DATE’10). IEEE, 196–201.Google Scholar
Cross Ref
- Lorenzo Pagliari, Raffaela Mirandola, and Catia Trubiani. 2018. Multi-modeling approach to performance engineering of cyber-physical systems design. In Proceedings of the IEEE International Conference on Engineering of Complex Computer Systems (ICECCS’18). DOI:https://doi.org/10.1109/ICECCS.2017.22Google Scholar
- Nayot Poolsappasit, Rinku Dewri, and Indrajit Ray. 2012. Dynamic security risk management using bayesian attack graphs. IEEE Trans. Depend. Sec. Comput. 9, 1 (2012). DOI:https://doi.org/10.1109/TDSC.2011.34Google Scholar
Digital Library
- Kathrin Rosvall, Nima Khalilzad, George Ungureanu, and Ingo Sander. 2017. Throughput propagation in constraint-based design space exploration for mixed-criticality systems. In Proceedings of the 9th Workshop on Rapid Simulation and Performance Evaluation: Methods and Tools (RAPIDO’17). DOI:https://doi.org/10.1145/3023973.3023977Google Scholar
Digital Library
- Kathrin Rosvall, Tage Mohammadat, George Ungureanu, Johnny Oberg, and Ingo Sander. 2018. Exploring power and throughput for dataflow applications on predictable NoC multiprocessors. In Proceedings of the 21st Euromicro Conference on Digital System Design (DSD’18). DOI:https://doi.org/10.1109/DSD.2018.00011Google Scholar
Cross Ref
- Kathrin Rosvall and Ingo Sander. 2014. A constraint-based design space exploration framework for real-time applications on MPSoCs. In Proceedings of the Conference on Design, Automation & Test in Europe. DOI:https://doi.org/10.7873/DATE.2014.339Google Scholar
- Bernhard Schätz, Sebastian Voss, and Sergey Zverlov. 2015. Automating design-space exploration: Optimal deployment of automotive SW-components in an ISO26262 context. In Proceedings of the 52nd Annual Design Automation Conference (DAC’15). Association for Computing Machinery, New York, NY, Article 99, 6 pages. DOI:https://doi.org/10.1145/2744769.2747912Google Scholar
Digital Library
- Vivek Shandilya, Chris B. Simmons, and Sajjan Shiva. 2014. Use of attack graphs in security systems. J. Comput. Netw. Commun. (2014). DOI:https://doi.org/10.1155/2014/818957Google Scholar
- Ingo Stierand, Sunil Malipatlolla, Sibylle Froschle, Alexander Stuhring, and Stefan Henkler. 2014. Integrating the security aspect into design space exploration of embedded systems. In Proceedings of the IEEE 25th International Symposium on Software Reliability Engineering Workshops (ISSREW’14). DOI:https://doi.org/10.1109/ISSREW.2014.29Google Scholar
Digital Library
- Xiaoyan Sun, Jun Dai, Peng Liu, Anoop Singhal, and John Yen. 2018. Using Bayesian networks for probabilistic identification of zero-day attack paths. IEEE Trans. Inf. Forens. Secur. 13, 10 (2018). DOI:https://doi.org/10.1109/TIFS.2018.2821095Google Scholar
Cross Ref
- Sebastian Voss, Johannes Eder, and Florian Hölzl. 2014. Design space exploration and its visualization in AUTOFOCUS3. In Proceedings of the Software Engineering (Workshops). 57–66.Google Scholar
- Yong Xie, Liangjiao Liu, Renfa Li, Jianqiang Hu, Yong Han, and Xin Peng. 2015. Security-aware signal packing algorithm for CAN-based automotive cyber-physical systems. IEEE/CAA J. Autom. Sin. 2, 4 (2015), 422–430.Google Scholar
Cross Ref
- Yong Xie, Gang Zeng, Ryo Kurachi, Hiroaki Takada, and Guoqi Xie. 2018. Security/timing-aware design space exploration of CAN FD for automotive cyber-physical systems. IEEE Trans. Industr. Inf. (2018). DOI:https://doi.org/10.1109/TII.2018.2851939Google Scholar
- Bowen Zheng, Peng Deng, Rajasekhar Anguluri, Qi Zhu, and Fabio Pasqualetti. 2016. Cross-layer codesign for secure cyber-physical systems. IEEE Trans. Comput.-Aid. Des. Integr. Circ. Syst. 35, 5 (2016). DOI:https://doi.org/10.1109/TCAD.2016.2523937Google Scholar
Index Terms
Design Space Exploration for Secure IoT Devices and Cyber-Physical Systems
Recommendations
Cyber physical systems security
Cyber Physical Systems (CPS) are networked systems of cyber (computation and communication) and physical (sensors and actuators) components that interact in a feedback loop with the possible help of human intervention, interaction and utilization. These ...
Security Objectives of Cyber Physical Systems
SECTECH '14: Proceedings of the 2014 7th International Conference on Security TechnologyToday, cyber physical systems (CPS) are ubiquitous in power networks, healthcare devices, transportation networks, industrial process and infrastructures. Security of cyber physical systems has become the utmost important concern in system design, ...
Towards an Automated Exploration of Secure IoT/CPS Design-Variants
Computer Safety, Reliability, and SecurityAbstractThe advent of the Internet of Things (IoT) and Cyber-Physical Systems (CPS) enabled a new class of connected, smart, and interactive devices. With their continuous connectivity and their access to valuable information in both the digital and ...






Comments