Automated design, verification and testing of secure systems with embedded devices based on elicitation of expert knowledge

Original Research


The rising significance and widening of embedded systems stipulate the importance of the security means against a great deal of computer security threats. Such systems involving a diversity of an-hoc embedded and mobile electronic devices functioning with the use of a broadband Internet access and even cloud technologies, are referenced conventionally as Internet of Things systems (IoT). Due to specificity of IoT systems the application of the combined security mechanisms requires their efficient energy and computing resource consumption, identification of potential conflicts and incompatibilities, control of information flows, monitoring anomalies of data in the system and other issues. At that an increased design complexity of IoT systems is determined by a low structuring and formalization of security knowledge in the field. We proposed an approach to identification of embedded security expert knowledge for its subsequent use in automated design, verification and testing tools for secure IoT systems. The paper encompasses the core elements of the proposed technique, namely security component configuring, revelation of implicit conflicts, verification of network information flows and abnormal data from sensors. The domain specific analysis of the field of embedded security is described. We also present the revealed expert knowledge used for configuration, verification and testing of embedded devices. Issues of software implementation and discussion are covered.


Embedded device design Internet of Things Security Verification and testing of IoT systems Security components Expert knowledge 



This research is being supported by the Grants of The Ministry of Education and Science of The Russian Federation (contract # 14.604.21.0147, unique contract identifier RFMEFI60414X0147).


  1. Abraham DG, Dolan GM, Double GP, Stevens JV (1991) Transaction security system. IBM Syst J 30(2):206–228CrossRefGoogle Scholar
  2. Agaskar A, He T, Tong L (2010) Distributed detection of multi-hop information flows with fusion capacity constraints. Signal Process IEEE Trans 58(6):3373–3383MathSciNetCrossRefGoogle Scholar
  3. Arbaugh WA, van Doorn L (2001) Embedded security: challenges and concerns. Comput J 34(10):40–41CrossRefGoogle Scholar
  4. Braghin C, Sharygina N, Barone-Adesi K (2011) A model checking-based approach for security policy verification of mobile systems. Form Asp Comput 23(5):627–648CrossRefMATHGoogle Scholar
  5. Burleson W, Clark SS, Ransford B, Fu K (2012) Design challenges for secure implantable medical devices. In: Design Automation Conference (DAC), 49th ACM/EDAC/IEEE, pp 12–17Google Scholar
  6. Chechulin A, Kotenko I, Desnitsky V (2012) An approach for network information flow analysis for systems of embedded components. LNCS 7531:146–155Google Scholar
  7. Desnitsky V, Kotenko I (2014) Expert knowledge based design and verification of secure systems with embedded devices. Lecture notes in computer science (LNCS), vol 8708. Springer, Cham, pp 194–210Google Scholar
  8. Desnitsky V, Kotenko I, Chechulin A (2012) Configuration-based approach to embedded device security. LNCS 7531:270–285Google Scholar
  9. Desnitsky V, Kotenko I, Nogin S (2015) Detection of anomalies in data for monitoring of security components in the internet of things. In: XVIII international conference on soft computing and measurements (SCM’2015). IEEE XploreGoogle Scholar
  10. Dick N, McCallum N (2004) High-speed security embedded security. Commun Eng J 2(2):37–39CrossRefGoogle Scholar
  11. Henzinger TA, Sifakis J (2006) The embedded systems design challenge. LNCS, vol 4085. Springer, Berlin Heidelberg, pp 1–15Google Scholar
  12. Hwang DD, Schaumont P, Tiri K, Verbauwhede I (2006) Securing embedded systems. IEEE Educ Act Dep IEEE Secur Priv 4(2):40–49CrossRefGoogle Scholar
  13. Accessed 4 April 2016
  14. Juengst WE, Heinrich M (1998) Using resource balancing to configure modular systems. Intell Syst Appl IEEE Comput Soc 13(4):50–58CrossRefGoogle Scholar
  15. Knezevic M, Rozic V, Verbauwhede I (2009) Design methods for embedded security. Telfor J 1(2):69–72Google Scholar
  16. Kocher P, Lee R, Mcgraw G, Ravi S (2004) Security as a new dimension in embedded system design. In: Proceedings of the 41st design automation conference (DAC’04), pp 753–760Google Scholar
  17. Kommerling O, Kuhn MG (1999) Design principles for tamper-resistant smartcard processors. In: Proceedings of the USENIX workshop on smartcard technology, pp 9–20Google Scholar
  18. Koopman P (2004) Embedded system security. IEEE Comput 37(7):95-97MathSciNetCrossRefGoogle Scholar
  19. Kotenko I, Polubelova O (2011) Verification of security policy filtering rules by model checking. In: Proceedings of IEEE fourth international workshop on “intelligent data acquisition and advanced computing systems: technology and applications” (IDAACS’2011), pp 706–710Google Scholar
  20. Accessed 4 April 2016
  21. McComb T, Wildman L (2006) User guide for SIFA v.1.0. Technical reportGoogle Scholar
  22. Accessed 4 April 2016
  23. Moyers BR, Dunning JP, Marchany RC, Tron JG (2010) Effects of wi-fi and bluetooth battery exhaustion attacks on mobile devices. In: Proceedings of the 43rd Hawaii international conference on system sciences (HICSS’10), IEEE Computer Society, pp 1–9Google Scholar
  24. MARTE. Object Management Group (2011) The UML profile for MARTE: modeling and analysis of real-time and embedded systems, Version 1.1Google Scholar
  25. Pistoia M, Chandra S, Fink S, Yahav E (2007) A survey of static analysis methods for identifying security vulnerabilities in software systems. IBM Syst J 46:265–288CrossRefGoogle Scholar
  26. Potlapally N (2011) Topics in secure embedded system design. A Dissertation presented to the Faculty of Princeton University in Candidacy for the Degree of Doctor of Philosophy by the Department of Electrical Engineering, Published 2011.10.19 by ProQuest, UMI Dissertation Publishing, ISBN:1244946192, Paperback 86 pagesGoogle Scholar
  27. Rae A, Fidge C (2005) Identifying critical components during information security evaluations. J Res Pract Inf Technol 37:391–402Google Scholar
  28. Rae AJ, Wildman LP (2003) A taxonomy of attacks on secure devices. In: Australian information warfare and IT security, 20–21 November 2003, Australia, pp 251–264Google Scholar
  29. Ravi S, Raghunathan A, Kocher P, Hattangady S (2004) Security in embedded systems: design challenges. ACM Trans Embed Comput Syst 3(3):461–491CrossRefGoogle Scholar
  30. Ruiz JF, Harjani R, Maña A, Desnitsky V, Kotenko I, Chechulin A (2012) A methodology for the analysis and modeling of security threats and attacks for systems of embedded components. In: Proceedings of the 20th Euromicro international conference on parallel, distributed and network-based computing (PDP2012). Munich, Germany, February 15–17Google Scholar
  31. Ruiz JF, Rein A, Arjona M, Mana A, Monsifrot A, Morvan M (2012) Security engineering and modelling of set-top boxes. In: Proceedings of biomedical computing (BioMedCom), 2012 ASE/IEEE international conference, pp 113–122Google Scholar
  32. Sabin D, Weigel R (1998) Product configuration frameworks-a survey. Intell Syst Appl IEEE Comput Soc 13(4):42–49CrossRefGoogle Scholar
  33. SecFutur. Design of Secure and energy-efficient embedded systems for Future internet applications, FP7 Project Web site, Accessed 4 April 2016
  34. Schumacher M, Fernandez-Buglioni E, Hybertson D, Buschmann F, Sommerlad P (2006) Security patterns: integrating security and systems engineering. Wiley, HobokenGoogle Scholar
  35. Sprintson A, El Rouayheb S, Georghiades C (2009) A new construction method for networks from matroids. In: Proceedings of the 2009 symposium on information theory (ISIT’09)Google Scholar
  36. Trusted Platform Module. Accessed 4 April 2016
  37. Accessed 4 April 2016
  38. Wang Z, Johnson R, Murmuria R, Stavrou A (2012) Exposing security risks for commercial mobile devices. Comput Netw Secur LNCS 7531:3–21CrossRefGoogle Scholar
  39. Wei G, Qin Y (2009) An approach of product configuration based on decision tree and minimum conflicts repair algorithm. In: Proceedings of the International Conference on Information Management, Innovation Management and Industrial Engineering (ICII ‘09), vol 1, pp 126–129Google Scholar
  40. Yu B, Skovgaard HJ (1998) A configuration tool to increase product competitiveness. IEEE Intell Syst 4:34–41Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2016

Authors and Affiliations

  1. 1.Laboratory of Computer Security ProblemsSt. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences (SPIIRAS)St. PetersburgRussia

Personalised recommendations