Skip to main content

Model-Based Real-Time Evaluation of Security Patterns: A SCADA System Case Study

  • Conference paper
  • First Online:
Computer Safety, Reliability, and Security (SAFECOMP 2016)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 9923))

Included in the following conference series:

Abstract

Securing critical systems such as cyber physical systems (CPS) is an important feature especially when it comes to critical transmitted data. At the same time, the implementation of security counter-measures in such systems may impact other functional or non-functional concerns. In this context, we propose a model-based approach for securing critical systems at early design stage. This approach combines security analysis and mitigation solution proposals with multi-concern architectural evaluation. It exploits two views of security counter-measures patterns: abstract and concrete. The abstract view is used to select relevant solutions to security requirements on a logical point of view. Then, the concrete view helps the architect evaluating different possible implementation alternatives against other design constraints. The modeling is based on accepted OMG standards such as UML and MARTE. In this paper, the approach is illustrated on a SCADA (Supervisory Control and Data Acquisition) system case study and a tool chain based on Papyrus UML supports the approach.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    EBIOS: Expression of Needs and Identification of Security Objectives from ANSSI, the french agency for security of information systems (Agence nationale de la sécurité des systèmes d'information).

  2. 2.

    Optimum methodology is developed at LIST CEATech and is integrated within Papyrus opensource modeling tool.

  3. 3.

    MARTE profile is a standard from the OMG (UML Profile for MARTE™: Modeling and Analysis of Real-time Embedded Systems™). http://www.omgmarte.org/.

References

  1. ISO/IEC 27005: Information Technology — Security Techniques — Information Security Risk Management (2011)

    Google Scholar 

  2. Fernandez, E.B.: Security Patterns in Practice: Designing Secure Architectures Using Software Patterns. Wiley, New York (2013)

    Google Scholar 

  3. Bernardi, S., Merseguer, J., Petriu, D.C.: Dependability modeling and analysis of software systems specified with UML. ACM Comput. Surv. 45, 2 (2012)

    Article  MATH  Google Scholar 

  4. Bernardi, S., Merseguer, J., Petriu, D.C.: A dependability profile within MARTE. Softw. Syst. Model. 10, 313–336 (2011)

    Article  Google Scholar 

  5. Mehiaoui, A., Wozniak, E., Piergiovanni, S.T., Mraidha, C., Natale, M.D., Zeng, H., Babau, J.-P., Lemarchand, L., Gérard, S.: A two-step optimization technique for functions placement, partitioning, and priority assignment in distributed systems. In: SIGPLAN/SIGBED Conference on Languages, Compilers and Tools for Embedded Systems 2013, LCTES 2013, Seattle, WA, USA, June 20–21, 2013, pp. 121–132 (2013)

    Google Scholar 

  6. Walker, M., Reiser, M.-O., Tucci-Piergiovanni, S., Papadopoulos, Y., Lönn, H., Mraidha, C., Parker, D., Chen, D., Servat, D.: Automatic optimisation of system architectures using EAST-ADL. J. Syst. Softw. 86, 2467–2487 (2013)

    Article  Google Scholar 

  7. Petriu, D.C., Woodside, C.M., Petriu, D.B., Xu, J., Israr, T., Georg, G., France, R., Bieman, J.M., Houmb, S.H., Jürjens, J.: Performance analysis of security aspects in UML models. In: Proceedings of the 6th International Workshop Software Performance, pp. 91–102 (2007)

    Google Scholar 

  8. Motii, A., Hamid, B., Lanusse, A., Bruel, J.-M.: Guiding the selection of security patterns based on security requirements and pattern classification. In: Proceedings of the 20th European Conference on Pattern Languages of Programs, pp. 10:1–10:17. ACM, New York (2015)

    Google Scholar 

  9. Hamid, B.: Interplay of security and dependability and resource using model-driven and pattern-based development. In: 2015 IEEE Trustcom/BigDataSE/ISPA, pp. 254–262 (2015)

    Google Scholar 

  10. Technical Information Bulletin 04-1: Supervisory Control and Data Acquisition (SCADA) System (2004)

    Google Scholar 

  11. Abdallah, R., Motii, A., Yakymets, N., Lanusse, A.: Using model driven engineering to support multi-paradigms security analysis. In: Desfray, P., et al. (eds.) MODELSWARD 2015. CCIS, vol. 580, pp. 278–292. Springer, Heidelberg (2015). doi:10.1007/978-3-319-27869-8_16

    Chapter  Google Scholar 

  12. Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley Longman Publishing Co., Inc., Boston (1995)

    MATH  Google Scholar 

  13. Fernandez, E.B.: Using security patterns to develop secure systems. In: Software Engineering for Secure Systems: Industrial and Research Perspectives, pp. 16–31 (2011)

    Google Scholar 

  14. Bunke, M., Koschke, R., Sohr, K.: Organizing security patterns related to security and pattern recognition requirements. Int. J. Adv. Secur. 5, 46–67 (2012)

    Google Scholar 

  15. Hamid, B., Percebois, C.: A modeling and formal approach for the precise specification of security patterns. In: Jürjens, J., Piessens, F., Bielova, N. (eds.) ESSoS. LNCS, vol. 8364, pp. 95–112. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  16. Dai, L.: Security variability design and analysis in an aspect oriented software architecture. In: Third IEEE International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2009, pp. 275–280 (2009)

    Google Scholar 

  17. Alam, O., Kienzle, J., Mussbacher, G.: Concern-oriented software design. In: Moreira, A., Schätz, B., Gray, J., Vallecillo, A., Clarke, P. (eds.) MODELS 2013. LNCS, vol. 8107, pp. 604–621. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  18. Nguyen, P.H., Yskout, K., Heyman, T., Klein, J., Scandariato, R., Le Traon, Y.: Model-driven security based on a unified system of security design patterns (2015)

    Google Scholar 

  19. Hamid, B., Percebois, C., Gouteux, D.: A methodology for integration of patterns with validation purpose. In: Proceedings of the 17th European Conference on Pattern Languages of Programs, pp. 8:1–8:14. ACM, New York (2012)

    Google Scholar 

  20. Mraidha, C., Tucci-Piergiovanni, S., Gerard, S.: Optimum: a MARTE-based methodology for schedulability analysis at early design stages. SIGSOFT Softw. Eng. Notes 36, 1–8 (2011)

    Article  Google Scholar 

  21. Harbour, M.G., Gutiérrez, J.J., Drake, J.M., Martínez, P.L., Palencia, J.C.: Modeling distributed real-time systems with MAST 2. J. Syst. Archit. 59, 331–340 (2013)

    Article  Google Scholar 

  22. Tindell, K., Clark, J.: Holistic schedulability analysis for distributed hard real-time systems. Microprocess. Microprogram. 40, 117–134 (1994)

    Article  Google Scholar 

  23. Alshamsi, A., Saito, T.: A technical comparison of IPSec and SSL. In: 19th International Conference on Advanced Information Networking and Applications (AINA 2005), Volume 1 (AINA papers), vol. 2, pp. 395–398 (2005)

    Google Scholar 

  24. Design and Performance of the OpenBSD Stateful Packet Filter (pf). http://www.benzedrine.ch/pf-paper.html

Download references

Acknowledgements

This work is conducted in the context of a Ph.D. thesis funded by CEA LIST and co-leaded by CEA (LISE) and IRIT (MACAO).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Anas Motii .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Motii, A., Lanusse, A., Hamid, B., Bruel, JM. (2016). Model-Based Real-Time Evaluation of Security Patterns: A SCADA System Case Study. In: Skavhaug, A., Guiochet, J., Schoitsch, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2016. Lecture Notes in Computer Science(), vol 9923. Springer, Cham. https://doi.org/10.1007/978-3-319-45480-1_30

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-45480-1_30

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-45479-5

  • Online ISBN: 978-3-319-45480-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics