AADLSecPaper.tex

% This is based on the LLNCS.DEM the demonstration file of
% the LaTeX macro package from Springer-Verlag
% for Lecture Notes in Computer Science,
% version 2.4 for LaTeX2e as of 16. April 2010
%
% See http://www.springer.com/computer/lncs/lncs+authors?SGWID=0-40209-0-0-0
% for the full guidelines.
%
\documentclass{llncs}

% Table package needs
\usepackage{tabularx,booktabs}
\usepackage{multirow}
\usepackage[normalem]{ulem}
\usepackage[english]{babel}

% Image package needs
\usepackage{graphicx}
%\usepackage{graphics}

\usepackage{listings}	% Include the listings-package
\usepackage{color}
\usepackage{balance}
\useunder{\uline}{\ul}{}

\definecolor{darkgreen}{rgb}{0,0.5,0}
\definecolor{mygreen}{rgb}{0,0.6,0}
\definecolor{mygray}{rgb}{0.5,0.5,0.5}
\definecolor{mymauve}{rgb}{0.58,0,0.82}
\lstset{ %
  backgroundcolor=\color{white},   % choose the background color; you must add \usepackage{color} or \usepackage{xcolor}
  basicstyle=\ttfamily\scriptsize,        % the size of the fonts that are used for the code
  breakatwhitespace=false,         % sets if automatic breaks should only happen at whitespace
  breaklines=true,                 % sets automatic line breaking
  captionpos=b,                    % sets the caption-position to bottom
  commentstyle=\color{mygreen},    % comment style
  deletekeywords={...},            % if you want to delete keywords from the given language
  escapeinside={\%*}{*)},          % if you want to add LaTeX within your code
  extendedchars=true,              % lets you use non-ASCII characters; for 8-bits encodings only, does not work with UTF-8
  frame=single,                    % adds a frame around the code
  keepspaces=true,                 % keeps spaces in text, useful for keeping indentation of code (possibly needs columns=flexible)
  keywordstyle=\color{blue},       % keyword style
%  language=C,                 % the language of the code
  morecomment=[l]{--},
  morekeywords={property,set,is,type, constant, enumeration, end, applies, to, inherit, of, *,...},            % if you want to add more keywords to the set
  numbers=left,                    % where to put the line-numbers; possible values are (none, left, right)
  numbersep=5pt,                   % how far the line-numbers are from the code
  numberstyle=\tiny\color{mygray}, % the style that is used for the line-numbers
  rulecolor=\color{black},         % if not set, the frame-color may be changed on line-breaks within not-black text (e.g. comments (green here))
  showspaces=false,                % show spaces everywhere adding particular underscores; it overrides 'showstringspaces'
  showstringspaces=false,          % underline spaces within strings only
  showtabs=false,                  % show tabs within strings adding particular underscores
  stepnumber=1,                    % the step between two line-numbers. If it's 1, each line will be numbered
  stringstyle=\color{mymauve},     % string literal style
  tabsize=2,                       % sets default tabsize to 2 spaces
  title=\lstname                   % show the filename of files included with \lstinputlisting; also try caption instead of title
}

\begin{document}

\title{AADL Security Framework Proposition and Examination}
%
\titlerunning{AADL Security}  % abbreviated title (for running head)
%                                     also used for the TOC unless
%                                     \toctitle is used
%
%\author{Paul Wortman \and John A. Chandy}
%
%\authorrunning{Ivar Ekeland et al.} % abbreviated author list (for running head)
%
%%%% list of authors for the TOC (use if author list has to be modified)
%\tocauthor{Ivar Ekeland, Roger Temam, Jeffrey Dean, David Grove,
%Craig Chambers, Kim B. Bruce, and Elisa Bertino}
%
%\institute{University of Connecticut, Storrs CT 06269, USA}%\\
%\email{I.Ekeland@princeton.edu},\\ WWW home page:
%\texttt{http://users/\homedir iekeland/web/welcome.html}
%\and
%Universit\'{e} de Paris-Sud,
%Laboratoire d'Analyse Num\'{e}rique, B\^{a}timent 425,\\
%F-91405 Orsay Cedex, France}

\maketitle              % typeset the title of the contribution

\begin{abstract}
%AADL is a common use language that has been developed and tweaked over the years to allow the ability to
%describe model behavior and specifications, with more recent attempts to define language for security
%requirements and verification.  This paper examines previous implementations of behavior, requirements, and
%security in AADL and then goes to propose a new framework for better integration and description of security
%requirements and behavior within the AADL lexicon.
\textbf{Something something abstract}
\keywords{security modeling, security framework, secure system design}
\end{abstract}

\section{Introduction}
Talk about need for a new security framework in AADL. What is missing, what is needed.
What will this paper be bringing to the table?

\section{Related Work}
What has been done by others to expand the security capabilities of AADL?

\subsection{Defining Risk}
Talk about how Risk is defined differently depending on the point-of-view.  How will risk be examined for the purpose of this paper?

\section{Introducing the Framework}
Give a detailed description of the framework at this point in time.  What is there and what the paper will present.

\section{Exploring a Simple Implementation}
How does a simple examples such as a wireless transmitter get represented in this new framework?

\subsection{Expanding Considerations}
What other additional expansions can be made to the simple wireless transmitter example? Additional costs, variables, levels of additional detail.

\section{Examining Attack and Defense with Detail}
Examination of encryption and authentication processes through the lens of the new security framework.

\subsection{Expansion of Details}
Expand further on additional details and variables that can affect the modeling of secure system solutions.

\section{Additional Concerns}
Detail out the concerns about for needs of `libraries' of information and other data that will be required for greater formalization of calculated values.
Point is to try and have as few `unitless' metric values due to their arbitrary nature.  At least will need to convert values to monetary value at some point since time can equal \$\$\$.

\section{Conclusion}
What has this paper shown? What needs to be worked on moving forward?

%
% ---- Bibliography ----
%
\begin{thebibliography}{5}

\bibitem {SysML-Sec}
SysML-Sec,
\url{http://sysml-sec.telecom-paristech.fr/}

\bibitem {jurjens2005secure}
J{\"u}rjens, J.:
Secure systems development with UML,
Springer Science \& Business Media (2005)

\bibitem {jurjens2002umlsec}
J{\"u}rjens, J.:
UMLsec: Extending UML for secure systems development,
UML 2002—The Unified Modeling Language, Springer Publishing, pages 412--425 (2002)

\bibitem {SysML}
SysML,
\url{http://sysml.org/}

\bibitem {AADLSite}
AADL,
\url{http://www.aadl.info/aadl/currentsite/}

\bibitem {AADLV2Overview}
Feiler, P.:
SAE AADL V2: An Overview.
Carnegie Mellon University (2010)

\bibitem {AADLTools}
AADL Tools,
\url{https://wiki.sei.cmu.edu/aadl/index.php/AADL\_tools}

\bibitem {Osate2}
Osate 2,
\url{https://wiki.sei.cmu.edu/aadl/index.php/Osate\_2}

\bibitem {Osate2Examples}
Osate 2 Example Repository,
\url{https://github.com/osate/examples}

\bibitem {UserDaysMay2016}
User Days - May 2016,
\url{https://github.com/saeaadl/userdays/tree/master/UserDays/May2016}

\bibitem {AADLResolute}
Resolute Website,
\url{http://loonwerks.com/tools/resolute.html}

\bibitem {RDALOverview}
Blouin, D.:
AADL Requirements Annex Review,
\url{http://www.aadl.info/aadl/downloads/committee/feb2013/presentations/aadl\_standards\_requirements\_annex\_review\_06022013.pdf}

\bibitem {gacek2014resolute}
Gacek, A., Backes, J., Cofer, D., Slind, K., Whalen, M.:
Resolute: An assurance case language for architecture models,
ACM SIGAda Ada Letters, Volume 34 Number 3, pages 19--28 (2014)

\bibitem {EMV1}
Feiler, P.:
SAE AADL Error Model Annex: An Overview,
\url{https://wiki.sei.cmu.edu/aadl/images/1/13/ErrorModelOverview-Sept222011-phf.pdf}

\bibitem {EMV2}
Feiler, P.:
SAE AADL Error Model Annex: Discussion Items,
\url{https://wiki.sei.cmu.edu/aadl/images/1/13/ErrorModelOverview-Sept222011-phf.pdf}

\bibitem {BLESS2013}
Larson, B.R., Chalin, P., Hatcliff, J.:
BLESS: Formal Specification and Verification of Behaviors for Embedded Systems with Software,
\url{https://ti.arc.nasa.gov/m/events/nfm2013/pubs/BLESS.pdf}

\bibitem {AADLSecAnnex}
Delange, J., Feiler, P., Klieber, W., Nam, M., Seibel, J.:
AADL Security Annex,
\url{https://github.com/saeaadl/userdays/blob/master/UserDays/May2016/security-annex-May2016.pdf}

\bibitem {AADLSecAnalysis}
Delange, J., Nam, M., Seibel, J.:
AADL Security Analysis Tools,
\url{https://github.com/saeaadl/userdays/blob/master/UserDays/May2016/security-analysis-May2016.pdf}

\bibitem {ellison2015extending}
Ellison, R., Householder, A., Hudak, J., Kazman, R., Woody, C.:
Extending AADL for Security Design Assurance of Cyber-Physical Systems,
Software Engineering Institute, CMU/SEI-2015-TR-014 (2015)

\bibitem {jeepHack}
Drozhzhin, A.:
Black Hat USA 2015: The full story of how that Jeep was hacked,
\url{https://blog.kaspersky.com/blackhat-jeep -cherokee-hack-explained/9493/}

\bibitem {planeHack}
Zetter, K.:
Feds say that banned researcher commandeered a plane,
\url{http://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/}

\bibitem {superFish}
Hope, P.:
Superfish adware weakens security and injects ads on some Lenovo laptops,
\url{http://www.techrepublic.com/article/superfish-adware-weakens-security-and-injects-ads-on-some-lenovo-laptops/}

\bibitem {lenovoWPBT}
Sanders, J.:
Windows and UEFI anti-theft mechanism makes systems less secure,
\url{http://www.techrepublic.com/article/windows-and -uefi-anti-theft-mechanism-makes-systems-less-secure/}

\bibitem {govHack}
Olorunnipa, T.:
Breach of Employee Data Wider Than Initial Report, U.S. Says,
\url{http://www.bloomberg.com/politics/articles/2015-06-12/white-house-says-personnel-records-possibly-breached-twice}

\bibitem {stageFright}
Vaughan-Nicholas, S.J.:
Stagefright: Just how scary is it for Android users?,
\url{http://www.zdnet.com/article/stagefright-just-how-scary-is-it-for-android-users/}

\bibitem {stageFright2}
Whittaker, Z.:
Stagefright is back, and affecting millions of Android devices,
\url{http://www.zdnet.com/article/new-stagefright-2-0-flaws-affect-millions-of-android-devices/}

\bibitem {androidUpdates}
Tofel, K.:
HTC says monthly Android security updates are ``unrealistic'',
\url{http://www.zdnet.com/article/htc-says-monthly-stagefright-android-security-updates-are-unrealistic/}

\bibitem {androidMarshmallow}
Jack Wallen, J.:
The woes of Android updates, and how to fix the process,
\url{http://www.techrepublic.com/article/the-woes-of-android-updates-and-how-to-fix-the-process/}

\bibitem {googleAndroid}
Sanders, J.:
Google finally doubles down on security with monthly Android updates,
\url{http://www.techrepublic.com/article/google-and-some -android-phone-vendors-introduce-welcome-changes-to-security-update-process/}

\bibitem {aaraj2008analysis}
Aaraj, N., Raghunathan, A., Jha, N.K.:
Analysis and design of a hardware/software trusted platform module for embedded systems,
ACM Transactions on Embedded Computing Systems (TECS), Volume 8 Number 1, page 8 (2008)

\bibitem {denning1996location}
Denning, D.E., MacDoran, P.F.:
Location-based authentication: Grounding cyberspace for better security,
Computer Fraud \& Security, Volume 1996 Number 2, pages 12--16 (1996)

\bibitem {saito2015case}
Saito, M., Hazeyama, A., Yoshioka, N., Kobashi, T., Washizaki, H., Kaiya, H., Ohkubo, T.:
A case-based management system for secure software development using software security knowledge,
Procedia Computer Science, Volume 60, pages 1092--1100 (2015)

\bibitem {denning2015toward}
Denning, D.E.:
Toward more secure software,
Communications of the ACM, Volume 8 Number 4, pages 24--26 (2015)

\bibitem {nguyen2015model}
Nguyen, P.:
Model-Driven Security With Modularity and Reusability For Engineering Secure Software Systems,
University of Luxembourg (2015)

\bibitem {ravi2004security}
Ravi, S., Raghunathan, A., Kocher, P., Hattangady, S.:
Security in embedded systems: Design challenges,
ACM Transactions on Embedded Computing Systems (TECS), Volume 3 Number 3, pages 461--491 (2004)

\bibitem {gokhale2008model}
Gokhale, A., Balasubramanian, K., Krishna, A.S., Balasubramanian, J., Edwards, G., Deng, G., Turkay, E., Parsons, J., Schmidt, D.C.:
Model driven middleware: A new paradigm for developing distributed real-time and embedded systems,
Science of Computer programming, Volume 73 Number 1, pages 39--58  (2008)

\bibitem {perez2006vtpm}
Perez, R., Sailer, R., van Doorn, L., and others:
vTPM: virtualizing the trusted platform module,
Proc. 15th Conf. on USENIX Security Symposium, pages 305--320

\bibitem {yan2015novel}
Yan, W., Tehranipoor, F., Chandy, J.A.:
A Novel Way to Authenticate Untrusted Integrated Circuits,
Proceedings of the IEEE/ACM International Conference on Computer-Aided Design, pages 132--138 (2015)

\bibitem {tehranipoor2015dram}
Tehranipoor, F., Karimina, N., Xiao, K., Chandy, J.:
DRAM based intrinsic physical unclonable functions for system level security,
Proceedings of the 25th edition on Great Lakes Symposium on VLSI, pages 15--20 (2015)

\bibitem {CommonCriteria}
Common Criteria for Information Technology Security Evaluation,
ISO/IEC, Number ISO/IEC 15408, July 2015

\bibitem {benzel2005design}
Benzel, T.V., Irvine, C.E., Levin, T.E., Bhaskara, G., Nguyen, T.D., Clark, P.C.:
Design principles for security (2005)

\bibitem {lin2013security}
Lin, C., Zhu, Q., Phung, C., Sangiovanni-Vincentelli, A.:
Security-aware mapping for CAN-based real-time distributed automotive systems,
Computer-Aided Design (ICCAD), 2013 IEEE/ACM International Conference on, pages 115--121 (2013)

\bibitem {markose2008systematic}
Markose, S., Liu, X., McMillin, B.:
A systematic framework for structured object-oriented security requirements analysis in embedded systems,
 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, 2008. EUC'08, Volume 1, pages 75--81 (2008)

\bibitem {yu1997towards}
Yu, E.S.:
Towards modelling and reasoning support for early-phase requirements engineering,
Proceedings of the Third IEEE International Symposium on Requirements Engineering, pages 226--235 (1997)

\bibitem {massacci2010security}
Massacci, F., Mylopoulos, J., Zannone, N.:
Security requirements engineering: the SI* modeling language and the secure tropos methodology,
Advances in Intelligent Information Systems, pages 147--174 (2010)

\bibitem {sangiovanni2007quo}
Sangiovanni-Vincentelli, A.:
Quo vadis, SLD? Reasoning about the trends and challenges of system level design,
Proceedings of the IEEE, Volume 95 Number 3, pages 467--506 (2007)

\bibitem {ALISA2016}
Delange, J., Feiler, P., Neil, E.:
Incremental Life Cycle Assurance of Safety-Critical Systems,
8th European Congress on Embedded Real Time Software and Systems (ERTS 2016)

\end{thebibliography}

\end{document}
	% This is based on the LLNCS.DEM the demonstration file of
	% the LaTeX macro package from Springer-Verlag
	% for Lecture Notes in Computer Science,
	% version 2.4 for LaTeX2e as of 16. April 2010
	%
	% See http://www.springer.com/computer/lncs/lncs+authors?SGWID=0-40209-0-0-0
	% for the full guidelines.
	%
	\documentclass{llncs}

	% Table package needs
	\usepackage{tabularx,booktabs}
	\usepackage{multirow}
	\usepackage[normalem]{ulem}
	\usepackage[english]{babel}

	% Image package needs
	\usepackage{graphicx}
	%\usepackage{graphics}

	\usepackage{listings} % Include the listings-package
	\usepackage{color}
	\usepackage{balance}
	\useunder{\uline}{\ul}{}

	\definecolor{darkgreen}{rgb}{0,0.5,0}
	\definecolor{mygreen}{rgb}{0,0.6,0}
	\definecolor{mygray}{rgb}{0.5,0.5,0.5}
	\definecolor{mymauve}{rgb}{0.58,0,0.82}
	\lstset{ %
	backgroundcolor=\color{white}, % choose the background color; you must add \usepackage{color} or \usepackage{xcolor}
	basicstyle=\ttfamily\scriptsize, % the size of the fonts that are used for the code
	breakatwhitespace=false, % sets if automatic breaks should only happen at whitespace
	breaklines=true, % sets automatic line breaking
	captionpos=b, % sets the caption-position to bottom
	commentstyle=\color{mygreen}, % comment style
	deletekeywords={...}, % if you want to delete keywords from the given language
	escapeinside={\%}{)}, % if you want to add LaTeX within your code
	extendedchars=true, % lets you use non-ASCII characters; for 8-bits encodings only, does not work with UTF-8
	frame=single, % adds a frame around the code
	keepspaces=true, % keeps spaces in text, useful for keeping indentation of code (possibly needs columns=flexible)
	keywordstyle=\color{blue}, % keyword style
	% language=C, % the language of the code
	morecomment=[l]{--},
	morekeywords={property,set,is,type, constant, enumeration, end, applies, to, inherit, of, *,...}, % if you want to add more keywords to the set
	numbers=left, % where to put the line-numbers; possible values are (none, left, right)
	numbersep=5pt, % how far the line-numbers are from the code
	numberstyle=\tiny\color{mygray}, % the style that is used for the line-numbers
	rulecolor=\color{black}, % if not set, the frame-color may be changed on line-breaks within not-black text (e.g. comments (green here))
	showspaces=false, % show spaces everywhere adding particular underscores; it overrides 'showstringspaces'
	showstringspaces=false, % underline spaces within strings only
	showtabs=false, % show tabs within strings adding particular underscores
	stepnumber=1, % the step between two line-numbers. If it's 1, each line will be numbered
	stringstyle=\color{mymauve}, % string literal style
	tabsize=2, % sets default tabsize to 2 spaces
	title=\lstname % show the filename of files included with \lstinputlisting; also try caption instead of title
	}

	\begin{document}

	\title{AADL Security Framework Proposition and Examination}
	%
	\titlerunning{AADL Security} % abbreviated title (for running head)
	% also used for the TOC unless
	% \toctitle is used
	%
	%\author{Paul Wortman \and John A. Chandy}
	%
	%\authorrunning{Ivar Ekeland et al.} % abbreviated author list (for running head)
	%
	%%%% list of authors for the TOC (use if author list has to be modified)
	%\tocauthor{Ivar Ekeland, Roger Temam, Jeffrey Dean, David Grove,
	%Craig Chambers, Kim B. Bruce, and Elisa Bertino}
	%
	%\institute{University of Connecticut, Storrs CT 06269, USA}%\\
	%\email{I.Ekeland@princeton.edu},\\ WWW home page:
	%\texttt{http://users/\homedir iekeland/web/welcome.html}
	%\and
	%Universit\'{e} de Paris-Sud,
	%Laboratoire d'Analyse Num\'{e}rique, B\^{a}timent 425,\\
	%F-91405 Orsay Cedex, France}

	\maketitle % typeset the title of the contribution

	\begin{abstract}
	%AADL is a common use language that has been developed and tweaked over the years to allow the ability to
	%describe model behavior and specifications, with more recent attempts to define language for security
	%requirements and verification. This paper examines previous implementations of behavior, requirements, and
	%security in AADL and then goes to propose a new framework for better integration and description of security
	%requirements and behavior within the AADL lexicon.
	\textbf{Something something abstract}
	\keywords{security modeling, security framework, secure system design}
	\end{abstract}

	\section{Introduction}
	Talk about need for a new security framework in AADL. What is missing, what is needed.
	What will this paper be bringing to the table?

	\section{Related Work}
	What has been done by others to expand the security capabilities of AADL?

	\subsection{Defining Risk}
	Talk about how Risk is defined differently depending on the point-of-view. How will risk be examined for the purpose of this paper?

	\section{Introducing the Framework}
	Give a detailed description of the framework at this point in time. What is there and what the paper will present.

	\section{Exploring a Simple Implementation}
	How does a simple examples such as a wireless transmitter get represented in this new framework?

	\subsection{Expanding Considerations}
	What other additional expansions can be made to the simple wireless transmitter example? Additional costs, variables, levels of additional detail.

	\section{Examining Attack and Defense with Detail}
	Examination of encryption and authentication processes through the lens of the new security framework.

	\subsection{Expansion of Details}
	Expand further on additional details and variables that can affect the modeling of secure system solutions.

	\section{Additional Concerns}
	Detail out the concerns about for needs of `libraries' of information and other data that will be required for greater formalization of calculated values.
	Point is to try and have as few `unitless' metric values due to their arbitrary nature. At least will need to convert values to monetary value at some point since time can equal \$\$\$.

	\section{Conclusion}
	What has this paper shown? What needs to be worked on moving forward?

	%
	% ---- Bibliography ----
	%
	\begin{thebibliography}{5}

	\bibitem {SysML-Sec}
	SysML-Sec,
	\url{http://sysml-sec.telecom-paristech.fr/}

	\bibitem {jurjens2005secure}
	J{\"u}rjens, J.:
	Secure systems development with UML,
	Springer Science \& Business Media (2005)

	\bibitem {jurjens2002umlsec}
	J{\"u}rjens, J.:
	UMLsec: Extending UML for secure systems development,
	UML 2002—The Unified Modeling Language, Springer Publishing, pages 412--425 (2002)

	\bibitem {SysML}
	SysML,
	\url{http://sysml.org/}

	\bibitem {AADLSite}
	AADL,
	\url{http://www.aadl.info/aadl/currentsite/}

	\bibitem {AADLV2Overview}
	Feiler, P.:
	SAE AADL V2: An Overview.
	Carnegie Mellon University (2010)

	\bibitem {AADLTools}
	AADL Tools,
	\url{https://wiki.sei.cmu.edu/aadl/index.php/AADL\_tools}

	\bibitem {Osate2}
	Osate 2,
	\url{https://wiki.sei.cmu.edu/aadl/index.php/Osate\_2}

	\bibitem {Osate2Examples}
	Osate 2 Example Repository,
	\url{https://github.com/osate/examples}

	\bibitem {UserDaysMay2016}
	User Days - May 2016,
	\url{https://github.com/saeaadl/userdays/tree/master/UserDays/May2016}

	\bibitem {AADLResolute}
	Resolute Website,
	\url{http://loonwerks.com/tools/resolute.html}

	\bibitem {RDALOverview}
	Blouin, D.:
	AADL Requirements Annex Review,
	\url{http://www.aadl.info/aadl/downloads/committee/feb2013/presentations/aadl\_standards\_requirements\_annex\_review\_06022013.pdf}

	\bibitem {gacek2014resolute}
	Gacek, A., Backes, J., Cofer, D., Slind, K., Whalen, M.:
	Resolute: An assurance case language for architecture models,
	ACM SIGAda Ada Letters, Volume 34 Number 3, pages 19--28 (2014)

	\bibitem {EMV1}
	Feiler, P.:
	SAE AADL Error Model Annex: An Overview,
	\url{https://wiki.sei.cmu.edu/aadl/images/1/13/ErrorModelOverview-Sept222011-phf.pdf}

	\bibitem {EMV2}
	Feiler, P.:
	SAE AADL Error Model Annex: Discussion Items,
	\url{https://wiki.sei.cmu.edu/aadl/images/1/13/ErrorModelOverview-Sept222011-phf.pdf}

	\bibitem {BLESS2013}
	Larson, B.R., Chalin, P., Hatcliff, J.:
	BLESS: Formal Specification and Verification of Behaviors for Embedded Systems with Software,
	\url{https://ti.arc.nasa.gov/m/events/nfm2013/pubs/BLESS.pdf}

	\bibitem {AADLSecAnnex}
	Delange, J., Feiler, P., Klieber, W., Nam, M., Seibel, J.:
	AADL Security Annex,
	\url{https://github.com/saeaadl/userdays/blob/master/UserDays/May2016/security-annex-May2016.pdf}

	\bibitem {AADLSecAnalysis}
	Delange, J., Nam, M., Seibel, J.:
	AADL Security Analysis Tools,
	\url{https://github.com/saeaadl/userdays/blob/master/UserDays/May2016/security-analysis-May2016.pdf}

	\bibitem {ellison2015extending}
	Ellison, R., Householder, A., Hudak, J., Kazman, R., Woody, C.:
	Extending AADL for Security Design Assurance of Cyber-Physical Systems,
	Software Engineering Institute, CMU/SEI-2015-TR-014 (2015)

	\bibitem {jeepHack}
	Drozhzhin, A.:
	Black Hat USA 2015: The full story of how that Jeep was hacked,
	\url{https://blog.kaspersky.com/blackhat-jeep -cherokee-hack-explained/9493/}

	\bibitem {planeHack}
	Zetter, K.:
	Feds say that banned researcher commandeered a plane,
	\url{http://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/}

	\bibitem {superFish}
	Hope, P.:
	Superfish adware weakens security and injects ads on some Lenovo laptops,
	\url{http://www.techrepublic.com/article/superfish-adware-weakens-security-and-injects-ads-on-some-lenovo-laptops/}

	\bibitem {lenovoWPBT}
	Sanders, J.:
	Windows and UEFI anti-theft mechanism makes systems less secure,
	\url{http://www.techrepublic.com/article/windows-and -uefi-anti-theft-mechanism-makes-systems-less-secure/}

	\bibitem {govHack}
	Olorunnipa, T.:
	Breach of Employee Data Wider Than Initial Report, U.S. Says,
	\url{http://www.bloomberg.com/politics/articles/2015-06-12/white-house-says-personnel-records-possibly-breached-twice}

	\bibitem {stageFright}
	Vaughan-Nicholas, S.J.:
	Stagefright: Just how scary is it for Android users?,
	\url{http://www.zdnet.com/article/stagefright-just-how-scary-is-it-for-android-users/}

	\bibitem {stageFright2}
	Whittaker, Z.:
	Stagefright is back, and affecting millions of Android devices,
	\url{http://www.zdnet.com/article/new-stagefright-2-0-flaws-affect-millions-of-android-devices/}

	\bibitem {androidUpdates}
	Tofel, K.:
	HTC says monthly Android security updates are ``unrealistic'',
	\url{http://www.zdnet.com/article/htc-says-monthly-stagefright-android-security-updates-are-unrealistic/}

	\bibitem {androidMarshmallow}
	Jack Wallen, J.:
	The woes of Android updates, and how to fix the process,
	\url{http://www.techrepublic.com/article/the-woes-of-android-updates-and-how-to-fix-the-process/}

	\bibitem {googleAndroid}
	Sanders, J.:
	Google finally doubles down on security with monthly Android updates,
	\url{http://www.techrepublic.com/article/google-and-some -android-phone-vendors-introduce-welcome-changes-to-security-update-process/}

	\bibitem {aaraj2008analysis}
	Aaraj, N., Raghunathan, A., Jha, N.K.:
	Analysis and design of a hardware/software trusted platform module for embedded systems,
	ACM Transactions on Embedded Computing Systems (TECS), Volume 8 Number 1, page 8 (2008)

	\bibitem {denning1996location}
	Denning, D.E., MacDoran, P.F.:
	Location-based authentication: Grounding cyberspace for better security,
	Computer Fraud \& Security, Volume 1996 Number 2, pages 12--16 (1996)

	\bibitem {saito2015case}
	Saito, M., Hazeyama, A., Yoshioka, N., Kobashi, T., Washizaki, H., Kaiya, H., Ohkubo, T.:
	A case-based management system for secure software development using software security knowledge,
	Procedia Computer Science, Volume 60, pages 1092--1100 (2015)

	\bibitem {denning2015toward}
	Denning, D.E.:
	Toward more secure software,
	Communications of the ACM, Volume 8 Number 4, pages 24--26 (2015)

	\bibitem {nguyen2015model}
	Nguyen, P.:
	Model-Driven Security With Modularity and Reusability For Engineering Secure Software Systems,
	University of Luxembourg (2015)

	\bibitem {ravi2004security}
	Ravi, S., Raghunathan, A., Kocher, P., Hattangady, S.:
	Security in embedded systems: Design challenges,
	ACM Transactions on Embedded Computing Systems (TECS), Volume 3 Number 3, pages 461--491 (2004)

	\bibitem {gokhale2008model}
	Gokhale, A., Balasubramanian, K., Krishna, A.S., Balasubramanian, J., Edwards, G., Deng, G., Turkay, E., Parsons, J., Schmidt, D.C.:
	Model driven middleware: A new paradigm for developing distributed real-time and embedded systems,
	Science of Computer programming, Volume 73 Number 1, pages 39--58 (2008)

	\bibitem {perez2006vtpm}
	Perez, R., Sailer, R., van Doorn, L., and others:
	vTPM: virtualizing the trusted platform module,
	Proc. 15th Conf. on USENIX Security Symposium, pages 305--320

	\bibitem {yan2015novel}
	Yan, W., Tehranipoor, F., Chandy, J.A.:
	A Novel Way to Authenticate Untrusted Integrated Circuits,
	Proceedings of the IEEE/ACM International Conference on Computer-Aided Design, pages 132--138 (2015)

	\bibitem {tehranipoor2015dram}
	Tehranipoor, F., Karimina, N., Xiao, K., Chandy, J.:
	DRAM based intrinsic physical unclonable functions for system level security,
	Proceedings of the 25th edition on Great Lakes Symposium on VLSI, pages 15--20 (2015)

	\bibitem {CommonCriteria}
	Common Criteria for Information Technology Security Evaluation,
	ISO/IEC, Number ISO/IEC 15408, July 2015

	\bibitem {benzel2005design}
	Benzel, T.V., Irvine, C.E., Levin, T.E., Bhaskara, G., Nguyen, T.D., Clark, P.C.:
	Design principles for security (2005)

	\bibitem {lin2013security}
	Lin, C., Zhu, Q., Phung, C., Sangiovanni-Vincentelli, A.:
	Security-aware mapping for CAN-based real-time distributed automotive systems,
	Computer-Aided Design (ICCAD), 2013 IEEE/ACM International Conference on, pages 115--121 (2013)

	\bibitem {markose2008systematic}
	Markose, S., Liu, X., McMillin, B.:
	A systematic framework for structured object-oriented security requirements analysis in embedded systems,
	IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, 2008. EUC'08, Volume 1, pages 75--81 (2008)

	\bibitem {yu1997towards}
	Yu, E.S.:
	Towards modelling and reasoning support for early-phase requirements engineering,
	Proceedings of the Third IEEE International Symposium on Requirements Engineering, pages 226--235 (1997)

	\bibitem {massacci2010security}
	Massacci, F., Mylopoulos, J., Zannone, N.:
	Security requirements engineering: the SI* modeling language and the secure tropos methodology,
	Advances in Intelligent Information Systems, pages 147--174 (2010)

	\bibitem {sangiovanni2007quo}
	Sangiovanni-Vincentelli, A.:
	Quo vadis, SLD? Reasoning about the trends and challenges of system level design,
	Proceedings of the IEEE, Volume 95 Number 3, pages 467--506 (2007)

	\bibitem {ALISA2016}
	Delange, J., Feiler, P., Neil, E.:
	Incremental Life Cycle Assurance of Safety-Critical Systems,
	8th European Congress on Embedded Real Time Software and Systems (ERTS 2016)

	\end{thebibliography}

	\end{document}