Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Push of first outline. Need addition of equations and images.
  • Loading branch information
Duncan committed Jun 24, 2016
1 parent f1461c2 commit ed8fbe5
Show file tree
Hide file tree
Showing 28 changed files with 7,126 additions and 0 deletions.
359 changes: 359 additions & 0 deletions AADLSecPaper.tex
@@ -0,0 +1,359 @@
% This is based on the LLNCS.DEM the demonstration file of
% the LaTeX macro package from Springer-Verlag
% for Lecture Notes in Computer Science,
% version 2.4 for LaTeX2e as of 16. April 2010
%
% See http://www.springer.com/computer/lncs/lncs+authors?SGWID=0-40209-0-0-0
% for the full guidelines.
%
\documentclass{llncs}

% Table package needs
\usepackage{tabularx,booktabs}
\usepackage{multirow}
\usepackage[normalem]{ulem}
\usepackage[english]{babel}

% Image package needs
\usepackage{graphicx}
%\usepackage{graphics}

\usepackage{listings} % Include the listings-package
\usepackage{color}
\usepackage{balance}
\useunder{\uline}{\ul}{}

\definecolor{darkgreen}{rgb}{0,0.5,0}
\definecolor{mygreen}{rgb}{0,0.6,0}
\definecolor{mygray}{rgb}{0.5,0.5,0.5}
\definecolor{mymauve}{rgb}{0.58,0,0.82}
\lstset{ %
backgroundcolor=\color{white}, % choose the background color; you must add \usepackage{color} or \usepackage{xcolor}
basicstyle=\ttfamily\scriptsize, % the size of the fonts that are used for the code
breakatwhitespace=false, % sets if automatic breaks should only happen at whitespace
breaklines=true, % sets automatic line breaking
captionpos=b, % sets the caption-position to bottom
commentstyle=\color{mygreen}, % comment style
deletekeywords={...}, % if you want to delete keywords from the given language
escapeinside={\%*}{*)}, % if you want to add LaTeX within your code
extendedchars=true, % lets you use non-ASCII characters; for 8-bits encodings only, does not work with UTF-8
frame=single, % adds a frame around the code
keepspaces=true, % keeps spaces in text, useful for keeping indentation of code (possibly needs columns=flexible)
keywordstyle=\color{blue}, % keyword style
% language=C, % the language of the code
morecomment=[l]{--},
morekeywords={property,set,is,type, constant, enumeration, end, applies, to, inherit, of, *,...}, % if you want to add more keywords to the set
numbers=left, % where to put the line-numbers; possible values are (none, left, right)
numbersep=5pt, % how far the line-numbers are from the code
numberstyle=\tiny\color{mygray}, % the style that is used for the line-numbers
rulecolor=\color{black}, % if not set, the frame-color may be changed on line-breaks within not-black text (e.g. comments (green here))
showspaces=false, % show spaces everywhere adding particular underscores; it overrides 'showstringspaces'
showstringspaces=false, % underline spaces within strings only
showtabs=false, % show tabs within strings adding particular underscores
stepnumber=1, % the step between two line-numbers. If it's 1, each line will be numbered
stringstyle=\color{mymauve}, % string literal style
tabsize=2, % sets default tabsize to 2 spaces
title=\lstname % show the filename of files included with \lstinputlisting; also try caption instead of title
}

\begin{document}

\title{AADL Security Framework Proposition and Examination}
%
\titlerunning{AADL Security} % abbreviated title (for running head)
% also used for the TOC unless
% \toctitle is used
%
%\author{Paul Wortman \and John A. Chandy}
%
%\authorrunning{Ivar Ekeland et al.} % abbreviated author list (for running head)
%
%%%% list of authors for the TOC (use if author list has to be modified)
%\tocauthor{Ivar Ekeland, Roger Temam, Jeffrey Dean, David Grove,
%Craig Chambers, Kim B. Bruce, and Elisa Bertino}
%
%\institute{University of Connecticut, Storrs CT 06269, USA}%\\
%\email{I.Ekeland@princeton.edu},\\ WWW home page:
%\texttt{http://users/\homedir iekeland/web/welcome.html}
%\and
%Universit\'{e} de Paris-Sud,
%Laboratoire d'Analyse Num\'{e}rique, B\^{a}timent 425,\\
%F-91405 Orsay Cedex, France}

\maketitle % typeset the title of the contribution

\begin{abstract}
%AADL is a common use language that has been developed and tweaked over the years to allow the ability to
%describe model behavior and specifications, with more recent attempts to define language for security
%requirements and verification. This paper examines previous implementations of behavior, requirements, and
%security in AADL and then goes to propose a new framework for better integration and description of security
%requirements and behavior within the AADL lexicon.
\textbf{Something something abstract}
\keywords{security modeling, security framework, secure system design}
\end{abstract}

\section{Introduction}
Talk about need for a new security framework in AADL. What is missing, what is needed.
What will this paper be bringing to the table?

\section{Related Work}
What has been done by others to expand the security capabilities of AADL?

\subsection{Defining Risk}
Talk about how Risk is defined differently depending on the point-of-view. How will risk be examined for the purpose of this paper?

\section{Introducing the Framework}
Give a detailed description of the framework at this point in time. What is there and what the paper will present.

\section{Exploring a Simple Implementation}
How does a simple examples such as a wireless transmitter get represented in this new framework?

\subsection{Expanding Considerations}
What other additional expansions can be made to the simple wireless transmitter example? Additional costs, variables, levels of additional detail.

\section{Examining Attack and Defense with Detail}
Examination of encryption and authentication processes through the lens of the new security framework.

\subsection{Expansion of Details}
Expand further on additional details and variables that can affect the modeling of secure system solutions.

\section{Additional Concerns}
Detail out the concerns about for needs of `libraries' of information and other data that will be required for greater formalization of calculated values.
Point is to try and have as few `unitless' metric values due to their arbitrary nature. At least will need to convert values to monetary value at some point since time can equal \$\$\$.

\section{Conclusion}
What has this paper shown? What needs to be worked on moving forward?

%
% ---- Bibliography ----
%
\begin{thebibliography}{5}

\bibitem {SysML-Sec}
SysML-Sec,
\url{http://sysml-sec.telecom-paristech.fr/}

\bibitem {jurjens2005secure}
J{\"u}rjens, J.:
Secure systems development with UML,
Springer Science \& Business Media (2005)

\bibitem {jurjens2002umlsec}
J{\"u}rjens, J.:
UMLsec: Extending UML for secure systems development,
UML 2002—The Unified Modeling Language, Springer Publishing, pages 412--425 (2002)

\bibitem {SysML}
SysML,
\url{http://sysml.org/}

\bibitem {AADLSite}
AADL,
\url{http://www.aadl.info/aadl/currentsite/}

\bibitem {AADLV2Overview}
Feiler, P.:
SAE AADL V2: An Overview.
Carnegie Mellon University (2010)

\bibitem {AADLTools}
AADL Tools,
\url{https://wiki.sei.cmu.edu/aadl/index.php/AADL\_tools}

\bibitem {Osate2}
Osate 2,
\url{https://wiki.sei.cmu.edu/aadl/index.php/Osate\_2}

\bibitem {Osate2Examples}
Osate 2 Example Repository,
\url{https://github.com/osate/examples}

\bibitem {UserDaysMay2016}
User Days - May 2016,
\url{https://github.com/saeaadl/userdays/tree/master/UserDays/May2016}

\bibitem {AADLResolute}
Resolute Website,
\url{http://loonwerks.com/tools/resolute.html}

\bibitem {RDALOverview}
Blouin, D.:
AADL Requirements Annex Review,
\url{http://www.aadl.info/aadl/downloads/committee/feb2013/presentations/aadl\_standards\_requirements\_annex\_review\_06022013.pdf}

\bibitem {gacek2014resolute}
Gacek, A., Backes, J., Cofer, D., Slind, K., Whalen, M.:
Resolute: An assurance case language for architecture models,
ACM SIGAda Ada Letters, Volume 34 Number 3, pages 19--28 (2014)

\bibitem {EMV1}
Feiler, P.:
SAE AADL Error Model Annex: An Overview,
\url{https://wiki.sei.cmu.edu/aadl/images/1/13/ErrorModelOverview-Sept222011-phf.pdf}

\bibitem {EMV2}
Feiler, P.:
SAE AADL Error Model Annex: Discussion Items,
\url{https://wiki.sei.cmu.edu/aadl/images/1/13/ErrorModelOverview-Sept222011-phf.pdf}

\bibitem {BLESS2013}
Larson, B.R., Chalin, P., Hatcliff, J.:
BLESS: Formal Specification and Verification of Behaviors for Embedded Systems with Software,
\url{https://ti.arc.nasa.gov/m/events/nfm2013/pubs/BLESS.pdf}

\bibitem {AADLSecAnnex}
Delange, J., Feiler, P., Klieber, W., Nam, M., Seibel, J.:
AADL Security Annex,
\url{https://github.com/saeaadl/userdays/blob/master/UserDays/May2016/security-annex-May2016.pdf}

\bibitem {AADLSecAnalysis}
Delange, J., Nam, M., Seibel, J.:
AADL Security Analysis Tools,
\url{https://github.com/saeaadl/userdays/blob/master/UserDays/May2016/security-analysis-May2016.pdf}

\bibitem {ellison2015extending}
Ellison, R., Householder, A., Hudak, J., Kazman, R., Woody, C.:
Extending AADL for Security Design Assurance of Cyber-Physical Systems,
Software Engineering Institute, CMU/SEI-2015-TR-014 (2015)

\bibitem {jeepHack}
Drozhzhin, A.:
Black Hat USA 2015: The full story of how that Jeep was hacked,
\url{https://blog.kaspersky.com/blackhat-jeep -cherokee-hack-explained/9493/}

\bibitem {planeHack}
Zetter, K.:
Feds say that banned researcher commandeered a plane,
\url{http://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/}

\bibitem {superFish}
Hope, P.:
Superfish adware weakens security and injects ads on some Lenovo laptops,
\url{http://www.techrepublic.com/article/superfish-adware-weakens-security-and-injects-ads-on-some-lenovo-laptops/}

\bibitem {lenovoWPBT}
Sanders, J.:
Windows and UEFI anti-theft mechanism makes systems less secure,
\url{http://www.techrepublic.com/article/windows-and -uefi-anti-theft-mechanism-makes-systems-less-secure/}

\bibitem {govHack}
Olorunnipa, T.:
Breach of Employee Data Wider Than Initial Report, U.S. Says,
\url{http://www.bloomberg.com/politics/articles/2015-06-12/white-house-says-personnel-records-possibly-breached-twice}

\bibitem {stageFright}
Vaughan-Nicholas, S.J.:
Stagefright: Just how scary is it for Android users?,
\url{http://www.zdnet.com/article/stagefright-just-how-scary-is-it-for-android-users/}

\bibitem {stageFright2}
Whittaker, Z.:
Stagefright is back, and affecting millions of Android devices,
\url{http://www.zdnet.com/article/new-stagefright-2-0-flaws-affect-millions-of-android-devices/}

\bibitem {androidUpdates}
Tofel, K.:
HTC says monthly Android security updates are ``unrealistic'',
\url{http://www.zdnet.com/article/htc-says-monthly-stagefright-android-security-updates-are-unrealistic/}

\bibitem {androidMarshmallow}
Jack Wallen, J.:
The woes of Android updates, and how to fix the process,
\url{http://www.techrepublic.com/article/the-woes-of-android-updates-and-how-to-fix-the-process/}

\bibitem {googleAndroid}
Sanders, J.:
Google finally doubles down on security with monthly Android updates,
\url{http://www.techrepublic.com/article/google-and-some -android-phone-vendors-introduce-welcome-changes-to-security-update-process/}

\bibitem {aaraj2008analysis}
Aaraj, N., Raghunathan, A., Jha, N.K.:
Analysis and design of a hardware/software trusted platform module for embedded systems,
ACM Transactions on Embedded Computing Systems (TECS), Volume 8 Number 1, page 8 (2008)

\bibitem {denning1996location}
Denning, D.E., MacDoran, P.F.:
Location-based authentication: Grounding cyberspace for better security,
Computer Fraud \& Security, Volume 1996 Number 2, pages 12--16 (1996)

\bibitem {saito2015case}
Saito, M., Hazeyama, A., Yoshioka, N., Kobashi, T., Washizaki, H., Kaiya, H., Ohkubo, T.:
A case-based management system for secure software development using software security knowledge,
Procedia Computer Science, Volume 60, pages 1092--1100 (2015)

\bibitem {denning2015toward}
Denning, D.E.:
Toward more secure software,
Communications of the ACM, Volume 8 Number 4, pages 24--26 (2015)

\bibitem {nguyen2015model}
Nguyen, P.:
Model-Driven Security With Modularity and Reusability For Engineering Secure Software Systems,
University of Luxembourg (2015)

\bibitem {ravi2004security}
Ravi, S., Raghunathan, A., Kocher, P., Hattangady, S.:
Security in embedded systems: Design challenges,
ACM Transactions on Embedded Computing Systems (TECS), Volume 3 Number 3, pages 461--491 (2004)

\bibitem {gokhale2008model}
Gokhale, A., Balasubramanian, K., Krishna, A.S., Balasubramanian, J., Edwards, G., Deng, G., Turkay, E., Parsons, J., Schmidt, D.C.:
Model driven middleware: A new paradigm for developing distributed real-time and embedded systems,
Science of Computer programming, Volume 73 Number 1, pages 39--58 (2008)

\bibitem {perez2006vtpm}
Perez, R., Sailer, R., van Doorn, L., and others:
vTPM: virtualizing the trusted platform module,
Proc. 15th Conf. on USENIX Security Symposium, pages 305--320

\bibitem {yan2015novel}
Yan, W., Tehranipoor, F., Chandy, J.A.:
A Novel Way to Authenticate Untrusted Integrated Circuits,
Proceedings of the IEEE/ACM International Conference on Computer-Aided Design, pages 132--138 (2015)

\bibitem {tehranipoor2015dram}
Tehranipoor, F., Karimina, N., Xiao, K., Chandy, J.:
DRAM based intrinsic physical unclonable functions for system level security,
Proceedings of the 25th edition on Great Lakes Symposium on VLSI, pages 15--20 (2015)

\bibitem {CommonCriteria}
Common Criteria for Information Technology Security Evaluation,
ISO/IEC, Number ISO/IEC 15408, July 2015

\bibitem {benzel2005design}
Benzel, T.V., Irvine, C.E., Levin, T.E., Bhaskara, G., Nguyen, T.D., Clark, P.C.:
Design principles for security (2005)

\bibitem {lin2013security}
Lin, C., Zhu, Q., Phung, C., Sangiovanni-Vincentelli, A.:
Security-aware mapping for CAN-based real-time distributed automotive systems,
Computer-Aided Design (ICCAD), 2013 IEEE/ACM International Conference on, pages 115--121 (2013)

\bibitem {markose2008systematic}
Markose, S., Liu, X., McMillin, B.:
A systematic framework for structured object-oriented security requirements analysis in embedded systems,
IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, 2008. EUC'08, Volume 1, pages 75--81 (2008)

\bibitem {yu1997towards}
Yu, E.S.:
Towards modelling and reasoning support for early-phase requirements engineering,
Proceedings of the Third IEEE International Symposium on Requirements Engineering, pages 226--235 (1997)

\bibitem {massacci2010security}
Massacci, F., Mylopoulos, J., Zannone, N.:
Security requirements engineering: the SI* modeling language and the secure tropos methodology,
Advances in Intelligent Information Systems, pages 147--174 (2010)

\bibitem {sangiovanni2007quo}
Sangiovanni-Vincentelli, A.:
Quo vadis, SLD? Reasoning about the trends and challenges of system level design,
Proceedings of the IEEE, Volume 95 Number 3, pages 467--506 (2007)

\bibitem {ALISA2016}
Delange, J., Feiler, P., Neil, E.:
Incremental Life Cycle Assurance of Safety-Critical Systems,
8th European Congress on Embedded Real Time Software and Systems (ERTS 2016)

\end{thebibliography}

\end{document}

0 comments on commit ed8fbe5

Please sign in to comment.