Skip to content
Browse files

Push of first outline. Need addition of equations and images.

  • Loading branch information
Duncan committed Jun 24, 2016
1 parent f1461c2 commit ed8fbe57f355fe03c680a804e355b9a508134a35
@@ -0,0 +1,359 @@
% This is based on the LLNCS.DEM the demonstration file of
% the LaTeX macro package from Springer-Verlag
% for Lecture Notes in Computer Science,
% version 2.4 for LaTeX2e as of 16. April 2010
% See
% for the full guidelines.

% Table package needs

% Image package needs

\usepackage{listings} % Include the listings-package

\lstset{ %
backgroundcolor=\color{white}, % choose the background color; you must add \usepackage{color} or \usepackage{xcolor}
basicstyle=\ttfamily\scriptsize, % the size of the fonts that are used for the code
breakatwhitespace=false, % sets if automatic breaks should only happen at whitespace
breaklines=true, % sets automatic line breaking
captionpos=b, % sets the caption-position to bottom
commentstyle=\color{mygreen}, % comment style
deletekeywords={...}, % if you want to delete keywords from the given language
escapeinside={\%*}{*)}, % if you want to add LaTeX within your code
extendedchars=true, % lets you use non-ASCII characters; for 8-bits encodings only, does not work with UTF-8
frame=single, % adds a frame around the code
keepspaces=true, % keeps spaces in text, useful for keeping indentation of code (possibly needs columns=flexible)
keywordstyle=\color{blue}, % keyword style
% language=C, % the language of the code
morekeywords={property,set,is,type, constant, enumeration, end, applies, to, inherit, of, *,...}, % if you want to add more keywords to the set
numbers=left, % where to put the line-numbers; possible values are (none, left, right)
numbersep=5pt, % how far the line-numbers are from the code
numberstyle=\tiny\color{mygray}, % the style that is used for the line-numbers
rulecolor=\color{black}, % if not set, the frame-color may be changed on line-breaks within not-black text (e.g. comments (green here))
showspaces=false, % show spaces everywhere adding particular underscores; it overrides 'showstringspaces'
showstringspaces=false, % underline spaces within strings only
showtabs=false, % show tabs within strings adding particular underscores
stepnumber=1, % the step between two line-numbers. If it's 1, each line will be numbered
stringstyle=\color{mymauve}, % string literal style
tabsize=2, % sets default tabsize to 2 spaces
title=\lstname % show the filename of files included with \lstinputlisting; also try caption instead of title


\title{AADL Security Framework Proposition and Examination}
\titlerunning{AADL Security} % abbreviated title (for running head)
% also used for the TOC unless
% \toctitle is used
%\author{Paul Wortman \and John A. Chandy}
%\authorrunning{Ivar Ekeland et al.} % abbreviated author list (for running head)
%%%% list of authors for the TOC (use if author list has to be modified)
%\tocauthor{Ivar Ekeland, Roger Temam, Jeffrey Dean, David Grove,
%Craig Chambers, Kim B. Bruce, and Elisa Bertino}
%\institute{University of Connecticut, Storrs CT 06269, USA}%\\
%\email{},\\ WWW home page:
%\texttt{http://users/\homedir iekeland/web/welcome.html}
%Universit\'{e} de Paris-Sud,
%Laboratoire d'Analyse Num\'{e}rique, B\^{a}timent 425,\\
%F-91405 Orsay Cedex, France}

\maketitle % typeset the title of the contribution

%AADL is a common use language that has been developed and tweaked over the years to allow the ability to
%describe model behavior and specifications, with more recent attempts to define language for security
%requirements and verification. This paper examines previous implementations of behavior, requirements, and
%security in AADL and then goes to propose a new framework for better integration and description of security
%requirements and behavior within the AADL lexicon.
\textbf{Something something abstract}
\keywords{security modeling, security framework, secure system design}

Talk about need for a new security framework in AADL. What is missing, what is needed.
What will this paper be bringing to the table?

\section{Related Work}
What has been done by others to expand the security capabilities of AADL?

\subsection{Defining Risk}
Talk about how Risk is defined differently depending on the point-of-view. How will risk be examined for the purpose of this paper?

\section{Introducing the Framework}
Give a detailed description of the framework at this point in time. What is there and what the paper will present.

\section{Exploring a Simple Implementation}
How does a simple examples such as a wireless transmitter get represented in this new framework?

\subsection{Expanding Considerations}
What other additional expansions can be made to the simple wireless transmitter example? Additional costs, variables, levels of additional detail.

\section{Examining Attack and Defense with Detail}
Examination of encryption and authentication processes through the lens of the new security framework.

\subsection{Expansion of Details}
Expand further on additional details and variables that can affect the modeling of secure system solutions.

\section{Additional Concerns}
Detail out the concerns about for needs of `libraries' of information and other data that will be required for greater formalization of calculated values.
Point is to try and have as few `unitless' metric values due to their arbitrary nature. At least will need to convert values to monetary value at some point since time can equal \$\$\$.

What has this paper shown? What needs to be worked on moving forward?

% ---- Bibliography ----

\bibitem {SysML-Sec}

\bibitem {jurjens2005secure}
J{\"u}rjens, J.:
Secure systems development with UML,
Springer Science \& Business Media (2005)

\bibitem {jurjens2002umlsec}
J{\"u}rjens, J.:
UMLsec: Extending UML for secure systems development,
UML 2002—The Unified Modeling Language, Springer Publishing, pages 412--425 (2002)

\bibitem {SysML}

\bibitem {AADLSite}

\bibitem {AADLV2Overview}
Feiler, P.:
SAE AADL V2: An Overview.
Carnegie Mellon University (2010)

\bibitem {AADLTools}
AADL Tools,

\bibitem {Osate2}
Osate 2,

\bibitem {Osate2Examples}
Osate 2 Example Repository,

\bibitem {UserDaysMay2016}
User Days - May 2016,

\bibitem {AADLResolute}
Resolute Website,

\bibitem {RDALOverview}
Blouin, D.:
AADL Requirements Annex Review,

\bibitem {gacek2014resolute}
Gacek, A., Backes, J., Cofer, D., Slind, K., Whalen, M.:
Resolute: An assurance case language for architecture models,
ACM SIGAda Ada Letters, Volume 34 Number 3, pages 19--28 (2014)

\bibitem {EMV1}
Feiler, P.:
SAE AADL Error Model Annex: An Overview,

\bibitem {EMV2}
Feiler, P.:
SAE AADL Error Model Annex: Discussion Items,

\bibitem {BLESS2013}
Larson, B.R., Chalin, P., Hatcliff, J.:
BLESS: Formal Specification and Verification of Behaviors for Embedded Systems with Software,

\bibitem {AADLSecAnnex}
Delange, J., Feiler, P., Klieber, W., Nam, M., Seibel, J.:
AADL Security Annex,

\bibitem {AADLSecAnalysis}
Delange, J., Nam, M., Seibel, J.:
AADL Security Analysis Tools,

\bibitem {ellison2015extending}
Ellison, R., Householder, A., Hudak, J., Kazman, R., Woody, C.:
Extending AADL for Security Design Assurance of Cyber-Physical Systems,
Software Engineering Institute, CMU/SEI-2015-TR-014 (2015)

\bibitem {jeepHack}
Drozhzhin, A.:
Black Hat USA 2015: The full story of how that Jeep was hacked,
\url{ -cherokee-hack-explained/9493/}

\bibitem {planeHack}
Zetter, K.:
Feds say that banned researcher commandeered a plane,

\bibitem {superFish}
Hope, P.:
Superfish adware weakens security and injects ads on some Lenovo laptops,

\bibitem {lenovoWPBT}
Sanders, J.:
Windows and UEFI anti-theft mechanism makes systems less secure,
\url{ -uefi-anti-theft-mechanism-makes-systems-less-secure/}

\bibitem {govHack}
Olorunnipa, T.:
Breach of Employee Data Wider Than Initial Report, U.S. Says,

\bibitem {stageFright}
Vaughan-Nicholas, S.J.:
Stagefright: Just how scary is it for Android users?,

\bibitem {stageFright2}
Whittaker, Z.:
Stagefright is back, and affecting millions of Android devices,

\bibitem {androidUpdates}
Tofel, K.:
HTC says monthly Android security updates are ``unrealistic'',

\bibitem {androidMarshmallow}
Jack Wallen, J.:
The woes of Android updates, and how to fix the process,

\bibitem {googleAndroid}
Sanders, J.:
Google finally doubles down on security with monthly Android updates,
\url{ -android-phone-vendors-introduce-welcome-changes-to-security-update-process/}

\bibitem {aaraj2008analysis}
Aaraj, N., Raghunathan, A., Jha, N.K.:
Analysis and design of a hardware/software trusted platform module for embedded systems,
ACM Transactions on Embedded Computing Systems (TECS), Volume 8 Number 1, page 8 (2008)

\bibitem {denning1996location}
Denning, D.E., MacDoran, P.F.:
Location-based authentication: Grounding cyberspace for better security,
Computer Fraud \& Security, Volume 1996 Number 2, pages 12--16 (1996)

\bibitem {saito2015case}
Saito, M., Hazeyama, A., Yoshioka, N., Kobashi, T., Washizaki, H., Kaiya, H., Ohkubo, T.:
A case-based management system for secure software development using software security knowledge,
Procedia Computer Science, Volume 60, pages 1092--1100 (2015)

\bibitem {denning2015toward}
Denning, D.E.:
Toward more secure software,
Communications of the ACM, Volume 8 Number 4, pages 24--26 (2015)

\bibitem {nguyen2015model}
Nguyen, P.:
Model-Driven Security With Modularity and Reusability For Engineering Secure Software Systems,
University of Luxembourg (2015)

\bibitem {ravi2004security}
Ravi, S., Raghunathan, A., Kocher, P., Hattangady, S.:
Security in embedded systems: Design challenges,
ACM Transactions on Embedded Computing Systems (TECS), Volume 3 Number 3, pages 461--491 (2004)

\bibitem {gokhale2008model}
Gokhale, A., Balasubramanian, K., Krishna, A.S., Balasubramanian, J., Edwards, G., Deng, G., Turkay, E., Parsons, J., Schmidt, D.C.:
Model driven middleware: A new paradigm for developing distributed real-time and embedded systems,
Science of Computer programming, Volume 73 Number 1, pages 39--58 (2008)

\bibitem {perez2006vtpm}
Perez, R., Sailer, R., van Doorn, L., and others:
vTPM: virtualizing the trusted platform module,
Proc. 15th Conf. on USENIX Security Symposium, pages 305--320

\bibitem {yan2015novel}
Yan, W., Tehranipoor, F., Chandy, J.A.:
A Novel Way to Authenticate Untrusted Integrated Circuits,
Proceedings of the IEEE/ACM International Conference on Computer-Aided Design, pages 132--138 (2015)

\bibitem {tehranipoor2015dram}
Tehranipoor, F., Karimina, N., Xiao, K., Chandy, J.:
DRAM based intrinsic physical unclonable functions for system level security,
Proceedings of the 25th edition on Great Lakes Symposium on VLSI, pages 15--20 (2015)

\bibitem {CommonCriteria}
Common Criteria for Information Technology Security Evaluation,
ISO/IEC, Number ISO/IEC 15408, July 2015

\bibitem {benzel2005design}
Benzel, T.V., Irvine, C.E., Levin, T.E., Bhaskara, G., Nguyen, T.D., Clark, P.C.:
Design principles for security (2005)

\bibitem {lin2013security}
Lin, C., Zhu, Q., Phung, C., Sangiovanni-Vincentelli, A.:
Security-aware mapping for CAN-based real-time distributed automotive systems,
Computer-Aided Design (ICCAD), 2013 IEEE/ACM International Conference on, pages 115--121 (2013)

\bibitem {markose2008systematic}
Markose, S., Liu, X., McMillin, B.:
A systematic framework for structured object-oriented security requirements analysis in embedded systems,
IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, 2008. EUC'08, Volume 1, pages 75--81 (2008)

\bibitem {yu1997towards}
Yu, E.S.:
Towards modelling and reasoning support for early-phase requirements engineering,
Proceedings of the Third IEEE International Symposium on Requirements Engineering, pages 226--235 (1997)

\bibitem {massacci2010security}
Massacci, F., Mylopoulos, J., Zannone, N.:
Security requirements engineering: the SI* modeling language and the secure tropos methodology,
Advances in Intelligent Information Systems, pages 147--174 (2010)

\bibitem {sangiovanni2007quo}
Sangiovanni-Vincentelli, A.:
Quo vadis, SLD? Reasoning about the trends and challenges of system level design,
Proceedings of the IEEE, Volume 95 Number 3, pages 467--506 (2007)

\bibitem {ALISA2016}
Delange, J., Feiler, P., Neil, E.:
Incremental Life Cycle Assurance of Safety-Critical Systems,
8th European Congress on Embedded Real Time Software and Systems (ERTS 2016)



0 comments on commit ed8fbe5

Please sign in to comment.
You can’t perform that action at this time.