skip to main content
research-article

Design Space Exploration for Secure IoT Devices and Cyber-Physical Systems

Published:29 May 2021Publication History
Skip Abstract Section

Abstract

With the advent of the Internet of Things (IoT) and Cyber-Physical Systems (CPS), embedded devices have been gaining importance in our daily lives, as well as industrial processes. Independent of their usage, be it within an IoT system or a CPS, embedded devices are always an attractive target for security attacks, mainly due to their continuous network availability and the importance of the data they handle. Thus, the design of such systems requires a thorough consideration of the various security constraints they are liable to. Introducing these security constraints, next to other requirements, such as power consumption, and performance increases the number of design choices a system designer must consider. As the various constraints are often conflicting with each other, designers face the complex task of balancing them. System designers facilitate Design Space Exploration (DSE) tools to support a system designer in this job. However, available DSE tools only offer a limited way of considering security constraints during the design process. In this article, we introduce a novel DSE framework, which allows the consideration of security constraints, in the form of attack scenarios, and attack mitigations in the form of security tasks. Based on the descriptions of the system’s functionality and architecture, possible attacks, and known mitigation techniques, the framework finds the optimal design for a secure IoT device or CPS. Our framework’s functionality and its benefits are shown based on the design of a secure sensor system.

References

  1. 2012. Common Criteria for Information Technology Security Evaluation Part 2. Retrieved from https://doi.org/10.1016/S0168-3659(03)00201-3.Google ScholarGoogle Scholar
  2. Mohammed Nasser Al-mhiqani, Rabiah Ahmad, Warusia Yassin, Aslinda Hassan, Zaheera Zainal Abidin, Nabeel Salih Ali, and Karrar Hameed Abdulkareem. 2018. Cyber-security incidents: A review cases in cyber-physical systems. Int. J. Adv. Comput. Sci. Appl 9, 1 (2018) 499–508.Google ScholarGoogle Scholar
  3. Paul Ammann, Duminda Wijesekera, and Saket Kaushik. 2002. Scalable, graph-based network vulnerability analysis. In Proceedings of the 9th ACM Conference on Computer and Communications Security. ACM, New York, NY, 217–224. DOI:https://doi.org/10.1145/586110.586140Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Nan Feng, Harry Jiannan Wang, and Minqiang Li. 2014. A security risk analysis model for information systems: Causal relationships of risk factors and vulnerability propagation analysis. Inf. Sci. 256 (2014), 57–73. DOI:https://doi.org/10.1016/j.ins.2013.02.036Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Marcel Frigault and Lingyu Wang. 2008. Measuring network security using bayesian network-based attack graphs. In 2008 32nd Annual IEEE International Computer Software and Applications Conference. IEEE, 698–703.Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Sebastian Graf, Michael Glaß, Jürgen Teich, and Christoph Lauer. 2014. Multi-variant-based design space exploration for automotive embedded systems. In Proceedings of the 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE’14). IEEE, 1–6.Google ScholarGoogle ScholarCross RefCross Ref
  7. Lukas Gressl, Christian Steger, and Ulrich Neffe. 2019. A security aware design space exploration framework. In Proceedings of the 14th International Conference on Systems (ICONS’19). ThinkMind(TM) Digital Library, Valencia, Spain.Google ScholarGoogle Scholar
  8. Lukas Gressl, Christian Steger, and Ulrich Neffe. 2019. Security driven design space exploration for embedded systems. In Proceedings of the 2019 Forum for Specification and Design Languages (FDL’19). IEEE, 1–8. DOI:https://doi.org/10.1109/FDL.2019.8876944Google ScholarGoogle ScholarCross RefCross Ref
  9. Haipeng Guo and William Hsu. 2002. A survey of algorithms for real-time bayesian network inference. Pap. Wkshp. Real-Time Decis. Supp. Diagn. Syst.1 (2002).Google ScholarGoogle Scholar
  10. Monowar Hasan, Sibin Mohan, Rodolfo Pellizzoni, and Rakesh B. Bobba. 2018. A design-space exploration for allocating security tasks in multicore real-Time systems. In Proceedings of the 2018 Design, Automation and Test in Europe Conference and Exhibition (DATE’18). DOI:https://doi.org/10.23919/DATE.2018.8342007Google ScholarGoogle ScholarCross RefCross Ref
  11. David Heckerman and John S. Breese. 1996. Causal independence for probability assessment and inference using Bayesian networks. IEEE Trans. Syst. Man Cybernet. A: Syst. Hum. 26, 6 (1996). DOI:https://doi.org/10.1109/3468.541341Google ScholarGoogle Scholar
  12. Shawn Hernan, Scott Lambert, Tomasz Ostwald, and Adam Shostack. 2006. Threat modeling-uncover security design flaws using the stride approach. MSDN Mag. (2006), 68–75.Google ScholarGoogle Scholar
  13. Ke Jiang, Petru Eles, and Zebo Peng. 2013. Optimization of secure embedded systems with dynamic task sets. In Proceedings of the Design, Automation and Test in Europe (DATE’13), 1765–1770. DOI:https://doi.org/10.7873/date.2013.355Google ScholarGoogle ScholarCross RefCross Ref
  14. Jan Jürjens. 2005. Sound methods and effective tools for model-based security engineering with UML. In Proceedings of the 27th International Conference on Software Engineering (ICSE’05). DOI:https://doi.org/10.1145/1062455.1062519Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Eunusk Kang. 2016. Design space exploration for security. IEEE Cybersecur. Dev. Des. (2016). DOI:https://doi.org/10.1109/SecDev.2016.22Google ScholarGoogle ScholarCross RefCross Ref
  16. Bastian Knerr. 2008. Heuristic Optimisation Methods for System Partitioning in HW / SW Co-Design. Ph.D. Dissertation. Vienna University of Technology.Google ScholarGoogle Scholar
  17. Letitia W. Li, Florian Lugou, and Ludovic Apvrille. 2017. Security-aware modeling and analysis for HW/SW partitioning. In Proceedings of the 5th International Conference on Model-Driven Engineering and Software Development (2017). DOI:https://doi.org/10.5220/0006119603020311Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Chih Ta Lin, Sung Lin Wu, and Mei Lin Lee. 2017. Cyber attack and defense on industry control systems. In Proceedings of the 2017 IEEE Conference on Dependable and Secure Computing. DOI:https://doi.org/10.1109/DESEC.2017.8073874Google ScholarGoogle ScholarCross RefCross Ref
  19. Chumg-Wei Lin and Alberto Sangiovanni-Vincentelli. 2017. Security-Aware Design for Cyber-Physical Systems. Springer.Google ScholarGoogle Scholar
  20. Chung Wei Lin, Qi Zhu, and Alberto Sangiovanni-Vincentelli. 2015. Security-aware mapping for TDMA-based real-Time distributed systems. In Proceedings of the IEEE/ACM International Conference on Computer-Aided Design, Digest of Technical Papers (ICCAD’15), 24–31. DOI:https://doi.org/10.1109/ICCAD.2014.7001325Google ScholarGoogle Scholar
  21. Chung Wei Lin, Qi Zhu, and Alberto Sangiovanni-Vincentelli. 2015. Security-aware modeling and efficient mapping for CAN-based real-time distributed automotive systems. IEEE Embed. Syst. Lett. 7, 1 (2015), 11–14. DOI:https://doi.org/10.1109/LES.2014.2354011Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Yung Chia Lin, Chung Wen Huang, and Jenq Kuen Lee. 2005. System-level design space exploration for security processor prototyping in analytical approaches. In Proceedings of the Asia and South Pacific Design Automation Conference (ASP-DAC’05), 376–380. DOI:https://doi.org/10.1145/1120725.1120873Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Martin Lukasiewycz, Philipp Mundhenk, and Sebastian Steinhorst. 2016. Security-aware obfuscated priority assignment for automotive CAN platforms. ACM Trans. Des. Autom. Electr. Syst. 21, 2 (2016), 1–27. DOI:https://doi.org/10.1145/2831232Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Giovanni Mariani, Prabhat Avasare, Geert Vanmeerbeeck, Chantal Ykman-Couvreur, Gianluca Palermo, Cristina Silvano, and Vittorio Zaccaria. 2010. An industrial design space exploration framework for supporting run-time resource management on multi-core systems. In Proceedings of the 2010 Design, Automation & Test in Europe Conference & Exhibition (DATE’10). IEEE, 196–201.Google ScholarGoogle ScholarCross RefCross Ref
  25. Lorenzo Pagliari, Raffaela Mirandola, and Catia Trubiani. 2018. Multi-modeling approach to performance engineering of cyber-physical systems design. In Proceedings of the IEEE International Conference on Engineering of Complex Computer Systems (ICECCS’18). DOI:https://doi.org/10.1109/ICECCS.2017.22Google ScholarGoogle Scholar
  26. Nayot Poolsappasit, Rinku Dewri, and Indrajit Ray. 2012. Dynamic security risk management using bayesian attack graphs. IEEE Trans. Depend. Sec. Comput. 9, 1 (2012). DOI:https://doi.org/10.1109/TDSC.2011.34Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Kathrin Rosvall, Nima Khalilzad, George Ungureanu, and Ingo Sander. 2017. Throughput propagation in constraint-based design space exploration for mixed-criticality systems. In Proceedings of the 9th Workshop on Rapid Simulation and Performance Evaluation: Methods and Tools (RAPIDO’17). DOI:https://doi.org/10.1145/3023973.3023977Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Kathrin Rosvall, Tage Mohammadat, George Ungureanu, Johnny Oberg, and Ingo Sander. 2018. Exploring power and throughput for dataflow applications on predictable NoC multiprocessors. In Proceedings of the 21st Euromicro Conference on Digital System Design (DSD’18). DOI:https://doi.org/10.1109/DSD.2018.00011Google ScholarGoogle ScholarCross RefCross Ref
  29. Kathrin Rosvall and Ingo Sander. 2014. A constraint-based design space exploration framework for real-time applications on MPSoCs. In Proceedings of the Conference on Design, Automation & Test in Europe. DOI:https://doi.org/10.7873/DATE.2014.339Google ScholarGoogle Scholar
  30. Bernhard Schätz, Sebastian Voss, and Sergey Zverlov. 2015. Automating design-space exploration: Optimal deployment of automotive SW-components in an ISO26262 context. In Proceedings of the 52nd Annual Design Automation Conference (DAC’15). Association for Computing Machinery, New York, NY, Article 99, 6 pages. DOI:https://doi.org/10.1145/2744769.2747912Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Vivek Shandilya, Chris B. Simmons, and Sajjan Shiva. 2014. Use of attack graphs in security systems. J. Comput. Netw. Commun. (2014). DOI:https://doi.org/10.1155/2014/818957Google ScholarGoogle Scholar
  32. Ingo Stierand, Sunil Malipatlolla, Sibylle Froschle, Alexander Stuhring, and Stefan Henkler. 2014. Integrating the security aspect into design space exploration of embedded systems. In Proceedings of the IEEE 25th International Symposium on Software Reliability Engineering Workshops (ISSREW’14). DOI:https://doi.org/10.1109/ISSREW.2014.29Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Xiaoyan Sun, Jun Dai, Peng Liu, Anoop Singhal, and John Yen. 2018. Using Bayesian networks for probabilistic identification of zero-day attack paths. IEEE Trans. Inf. Forens. Secur. 13, 10 (2018). DOI:https://doi.org/10.1109/TIFS.2018.2821095Google ScholarGoogle ScholarCross RefCross Ref
  34. Sebastian Voss, Johannes Eder, and Florian Hölzl. 2014. Design space exploration and its visualization in AUTOFOCUS3. In Proceedings of the Software Engineering (Workshops). 57–66.Google ScholarGoogle Scholar
  35. Yong Xie, Liangjiao Liu, Renfa Li, Jianqiang Hu, Yong Han, and Xin Peng. 2015. Security-aware signal packing algorithm for CAN-based automotive cyber-physical systems. IEEE/CAA J. Autom. Sin. 2, 4 (2015), 422–430.Google ScholarGoogle ScholarCross RefCross Ref
  36. Yong Xie, Gang Zeng, Ryo Kurachi, Hiroaki Takada, and Guoqi Xie. 2018. Security/timing-aware design space exploration of CAN FD for automotive cyber-physical systems. IEEE Trans. Industr. Inf. (2018). DOI:https://doi.org/10.1109/TII.2018.2851939Google ScholarGoogle Scholar
  37. Bowen Zheng, Peng Deng, Rajasekhar Anguluri, Qi Zhu, and Fabio Pasqualetti. 2016. Cross-layer codesign for secure cyber-physical systems. IEEE Trans. Comput.-Aid. Des. Integr. Circ. Syst. 35, 5 (2016). DOI:https://doi.org/10.1109/TCAD.2016.2523937Google ScholarGoogle Scholar

Index Terms

  1. Design Space Exploration for Secure IoT Devices and Cyber-Physical Systems

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader

          HTML Format

          View this article in HTML Format .

          View HTML Format
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!