Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Push of first outline. Need addition of equations and images.
- Loading branch information
Duncan
committed
Jun 24, 2016
1 parent
f1461c2
commit ed8fbe5
Showing
28 changed files
with
7,126 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,359 @@ | ||
% This is based on the LLNCS.DEM the demonstration file of | ||
% the LaTeX macro package from Springer-Verlag | ||
% for Lecture Notes in Computer Science, | ||
% version 2.4 for LaTeX2e as of 16. April 2010 | ||
% | ||
% See http://www.springer.com/computer/lncs/lncs+authors?SGWID=0-40209-0-0-0 | ||
% for the full guidelines. | ||
% | ||
\documentclass{llncs} | ||
|
||
% Table package needs | ||
\usepackage{tabularx,booktabs} | ||
\usepackage{multirow} | ||
\usepackage[normalem]{ulem} | ||
\usepackage[english]{babel} | ||
|
||
% Image package needs | ||
\usepackage{graphicx} | ||
%\usepackage{graphics} | ||
|
||
\usepackage{listings} % Include the listings-package | ||
\usepackage{color} | ||
\usepackage{balance} | ||
\useunder{\uline}{\ul}{} | ||
|
||
\definecolor{darkgreen}{rgb}{0,0.5,0} | ||
\definecolor{mygreen}{rgb}{0,0.6,0} | ||
\definecolor{mygray}{rgb}{0.5,0.5,0.5} | ||
\definecolor{mymauve}{rgb}{0.58,0,0.82} | ||
\lstset{ % | ||
backgroundcolor=\color{white}, % choose the background color; you must add \usepackage{color} or \usepackage{xcolor} | ||
basicstyle=\ttfamily\scriptsize, % the size of the fonts that are used for the code | ||
breakatwhitespace=false, % sets if automatic breaks should only happen at whitespace | ||
breaklines=true, % sets automatic line breaking | ||
captionpos=b, % sets the caption-position to bottom | ||
commentstyle=\color{mygreen}, % comment style | ||
deletekeywords={...}, % if you want to delete keywords from the given language | ||
escapeinside={\%*}{*)}, % if you want to add LaTeX within your code | ||
extendedchars=true, % lets you use non-ASCII characters; for 8-bits encodings only, does not work with UTF-8 | ||
frame=single, % adds a frame around the code | ||
keepspaces=true, % keeps spaces in text, useful for keeping indentation of code (possibly needs columns=flexible) | ||
keywordstyle=\color{blue}, % keyword style | ||
% language=C, % the language of the code | ||
morecomment=[l]{--}, | ||
morekeywords={property,set,is,type, constant, enumeration, end, applies, to, inherit, of, *,...}, % if you want to add more keywords to the set | ||
numbers=left, % where to put the line-numbers; possible values are (none, left, right) | ||
numbersep=5pt, % how far the line-numbers are from the code | ||
numberstyle=\tiny\color{mygray}, % the style that is used for the line-numbers | ||
rulecolor=\color{black}, % if not set, the frame-color may be changed on line-breaks within not-black text (e.g. comments (green here)) | ||
showspaces=false, % show spaces everywhere adding particular underscores; it overrides 'showstringspaces' | ||
showstringspaces=false, % underline spaces within strings only | ||
showtabs=false, % show tabs within strings adding particular underscores | ||
stepnumber=1, % the step between two line-numbers. If it's 1, each line will be numbered | ||
stringstyle=\color{mymauve}, % string literal style | ||
tabsize=2, % sets default tabsize to 2 spaces | ||
title=\lstname % show the filename of files included with \lstinputlisting; also try caption instead of title | ||
} | ||
|
||
\begin{document} | ||
|
||
\title{AADL Security Framework Proposition and Examination} | ||
% | ||
\titlerunning{AADL Security} % abbreviated title (for running head) | ||
% also used for the TOC unless | ||
% \toctitle is used | ||
% | ||
%\author{Paul Wortman \and John A. Chandy} | ||
% | ||
%\authorrunning{Ivar Ekeland et al.} % abbreviated author list (for running head) | ||
% | ||
%%%% list of authors for the TOC (use if author list has to be modified) | ||
%\tocauthor{Ivar Ekeland, Roger Temam, Jeffrey Dean, David Grove, | ||
%Craig Chambers, Kim B. Bruce, and Elisa Bertino} | ||
% | ||
%\institute{University of Connecticut, Storrs CT 06269, USA}%\\ | ||
%\email{I.Ekeland@princeton.edu},\\ WWW home page: | ||
%\texttt{http://users/\homedir iekeland/web/welcome.html} | ||
%\and | ||
%Universit\'{e} de Paris-Sud, | ||
%Laboratoire d'Analyse Num\'{e}rique, B\^{a}timent 425,\\ | ||
%F-91405 Orsay Cedex, France} | ||
|
||
\maketitle % typeset the title of the contribution | ||
|
||
\begin{abstract} | ||
%AADL is a common use language that has been developed and tweaked over the years to allow the ability to | ||
%describe model behavior and specifications, with more recent attempts to define language for security | ||
%requirements and verification. This paper examines previous implementations of behavior, requirements, and | ||
%security in AADL and then goes to propose a new framework for better integration and description of security | ||
%requirements and behavior within the AADL lexicon. | ||
\textbf{Something something abstract} | ||
\keywords{security modeling, security framework, secure system design} | ||
\end{abstract} | ||
|
||
\section{Introduction} | ||
Talk about need for a new security framework in AADL. What is missing, what is needed. | ||
What will this paper be bringing to the table? | ||
|
||
\section{Related Work} | ||
What has been done by others to expand the security capabilities of AADL? | ||
|
||
\subsection{Defining Risk} | ||
Talk about how Risk is defined differently depending on the point-of-view. How will risk be examined for the purpose of this paper? | ||
|
||
\section{Introducing the Framework} | ||
Give a detailed description of the framework at this point in time. What is there and what the paper will present. | ||
|
||
\section{Exploring a Simple Implementation} | ||
How does a simple examples such as a wireless transmitter get represented in this new framework? | ||
|
||
\subsection{Expanding Considerations} | ||
What other additional expansions can be made to the simple wireless transmitter example? Additional costs, variables, levels of additional detail. | ||
|
||
\section{Examining Attack and Defense with Detail} | ||
Examination of encryption and authentication processes through the lens of the new security framework. | ||
|
||
\subsection{Expansion of Details} | ||
Expand further on additional details and variables that can affect the modeling of secure system solutions. | ||
|
||
\section{Additional Concerns} | ||
Detail out the concerns about for needs of `libraries' of information and other data that will be required for greater formalization of calculated values. | ||
Point is to try and have as few `unitless' metric values due to their arbitrary nature. At least will need to convert values to monetary value at some point since time can equal \$\$\$. | ||
|
||
\section{Conclusion} | ||
What has this paper shown? What needs to be worked on moving forward? | ||
|
||
% | ||
% ---- Bibliography ---- | ||
% | ||
\begin{thebibliography}{5} | ||
|
||
\bibitem {SysML-Sec} | ||
SysML-Sec, | ||
\url{http://sysml-sec.telecom-paristech.fr/} | ||
|
||
\bibitem {jurjens2005secure} | ||
J{\"u}rjens, J.: | ||
Secure systems development with UML, | ||
Springer Science \& Business Media (2005) | ||
|
||
\bibitem {jurjens2002umlsec} | ||
J{\"u}rjens, J.: | ||
UMLsec: Extending UML for secure systems development, | ||
UML 2002—The Unified Modeling Language, Springer Publishing, pages 412--425 (2002) | ||
|
||
\bibitem {SysML} | ||
SysML, | ||
\url{http://sysml.org/} | ||
|
||
\bibitem {AADLSite} | ||
AADL, | ||
\url{http://www.aadl.info/aadl/currentsite/} | ||
|
||
\bibitem {AADLV2Overview} | ||
Feiler, P.: | ||
SAE AADL V2: An Overview. | ||
Carnegie Mellon University (2010) | ||
|
||
\bibitem {AADLTools} | ||
AADL Tools, | ||
\url{https://wiki.sei.cmu.edu/aadl/index.php/AADL\_tools} | ||
|
||
\bibitem {Osate2} | ||
Osate 2, | ||
\url{https://wiki.sei.cmu.edu/aadl/index.php/Osate\_2} | ||
|
||
\bibitem {Osate2Examples} | ||
Osate 2 Example Repository, | ||
\url{https://github.com/osate/examples} | ||
|
||
\bibitem {UserDaysMay2016} | ||
User Days - May 2016, | ||
\url{https://github.com/saeaadl/userdays/tree/master/UserDays/May2016} | ||
|
||
\bibitem {AADLResolute} | ||
Resolute Website, | ||
\url{http://loonwerks.com/tools/resolute.html} | ||
|
||
\bibitem {RDALOverview} | ||
Blouin, D.: | ||
AADL Requirements Annex Review, | ||
\url{http://www.aadl.info/aadl/downloads/committee/feb2013/presentations/aadl\_standards\_requirements\_annex\_review\_06022013.pdf} | ||
|
||
\bibitem {gacek2014resolute} | ||
Gacek, A., Backes, J., Cofer, D., Slind, K., Whalen, M.: | ||
Resolute: An assurance case language for architecture models, | ||
ACM SIGAda Ada Letters, Volume 34 Number 3, pages 19--28 (2014) | ||
|
||
\bibitem {EMV1} | ||
Feiler, P.: | ||
SAE AADL Error Model Annex: An Overview, | ||
\url{https://wiki.sei.cmu.edu/aadl/images/1/13/ErrorModelOverview-Sept222011-phf.pdf} | ||
|
||
\bibitem {EMV2} | ||
Feiler, P.: | ||
SAE AADL Error Model Annex: Discussion Items, | ||
\url{https://wiki.sei.cmu.edu/aadl/images/1/13/ErrorModelOverview-Sept222011-phf.pdf} | ||
|
||
\bibitem {BLESS2013} | ||
Larson, B.R., Chalin, P., Hatcliff, J.: | ||
BLESS: Formal Specification and Verification of Behaviors for Embedded Systems with Software, | ||
\url{https://ti.arc.nasa.gov/m/events/nfm2013/pubs/BLESS.pdf} | ||
|
||
\bibitem {AADLSecAnnex} | ||
Delange, J., Feiler, P., Klieber, W., Nam, M., Seibel, J.: | ||
AADL Security Annex, | ||
\url{https://github.com/saeaadl/userdays/blob/master/UserDays/May2016/security-annex-May2016.pdf} | ||
|
||
\bibitem {AADLSecAnalysis} | ||
Delange, J., Nam, M., Seibel, J.: | ||
AADL Security Analysis Tools, | ||
\url{https://github.com/saeaadl/userdays/blob/master/UserDays/May2016/security-analysis-May2016.pdf} | ||
|
||
\bibitem {ellison2015extending} | ||
Ellison, R., Householder, A., Hudak, J., Kazman, R., Woody, C.: | ||
Extending AADL for Security Design Assurance of Cyber-Physical Systems, | ||
Software Engineering Institute, CMU/SEI-2015-TR-014 (2015) | ||
|
||
\bibitem {jeepHack} | ||
Drozhzhin, A.: | ||
Black Hat USA 2015: The full story of how that Jeep was hacked, | ||
\url{https://blog.kaspersky.com/blackhat-jeep -cherokee-hack-explained/9493/} | ||
|
||
\bibitem {planeHack} | ||
Zetter, K.: | ||
Feds say that banned researcher commandeered a plane, | ||
\url{http://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/} | ||
|
||
\bibitem {superFish} | ||
Hope, P.: | ||
Superfish adware weakens security and injects ads on some Lenovo laptops, | ||
\url{http://www.techrepublic.com/article/superfish-adware-weakens-security-and-injects-ads-on-some-lenovo-laptops/} | ||
|
||
\bibitem {lenovoWPBT} | ||
Sanders, J.: | ||
Windows and UEFI anti-theft mechanism makes systems less secure, | ||
\url{http://www.techrepublic.com/article/windows-and -uefi-anti-theft-mechanism-makes-systems-less-secure/} | ||
|
||
\bibitem {govHack} | ||
Olorunnipa, T.: | ||
Breach of Employee Data Wider Than Initial Report, U.S. Says, | ||
\url{http://www.bloomberg.com/politics/articles/2015-06-12/white-house-says-personnel-records-possibly-breached-twice} | ||
|
||
\bibitem {stageFright} | ||
Vaughan-Nicholas, S.J.: | ||
Stagefright: Just how scary is it for Android users?, | ||
\url{http://www.zdnet.com/article/stagefright-just-how-scary-is-it-for-android-users/} | ||
|
||
\bibitem {stageFright2} | ||
Whittaker, Z.: | ||
Stagefright is back, and affecting millions of Android devices, | ||
\url{http://www.zdnet.com/article/new-stagefright-2-0-flaws-affect-millions-of-android-devices/} | ||
|
||
\bibitem {androidUpdates} | ||
Tofel, K.: | ||
HTC says monthly Android security updates are ``unrealistic'', | ||
\url{http://www.zdnet.com/article/htc-says-monthly-stagefright-android-security-updates-are-unrealistic/} | ||
|
||
\bibitem {androidMarshmallow} | ||
Jack Wallen, J.: | ||
The woes of Android updates, and how to fix the process, | ||
\url{http://www.techrepublic.com/article/the-woes-of-android-updates-and-how-to-fix-the-process/} | ||
|
||
\bibitem {googleAndroid} | ||
Sanders, J.: | ||
Google finally doubles down on security with monthly Android updates, | ||
\url{http://www.techrepublic.com/article/google-and-some -android-phone-vendors-introduce-welcome-changes-to-security-update-process/} | ||
|
||
\bibitem {aaraj2008analysis} | ||
Aaraj, N., Raghunathan, A., Jha, N.K.: | ||
Analysis and design of a hardware/software trusted platform module for embedded systems, | ||
ACM Transactions on Embedded Computing Systems (TECS), Volume 8 Number 1, page 8 (2008) | ||
|
||
\bibitem {denning1996location} | ||
Denning, D.E., MacDoran, P.F.: | ||
Location-based authentication: Grounding cyberspace for better security, | ||
Computer Fraud \& Security, Volume 1996 Number 2, pages 12--16 (1996) | ||
|
||
\bibitem {saito2015case} | ||
Saito, M., Hazeyama, A., Yoshioka, N., Kobashi, T., Washizaki, H., Kaiya, H., Ohkubo, T.: | ||
A case-based management system for secure software development using software security knowledge, | ||
Procedia Computer Science, Volume 60, pages 1092--1100 (2015) | ||
|
||
\bibitem {denning2015toward} | ||
Denning, D.E.: | ||
Toward more secure software, | ||
Communications of the ACM, Volume 8 Number 4, pages 24--26 (2015) | ||
|
||
\bibitem {nguyen2015model} | ||
Nguyen, P.: | ||
Model-Driven Security With Modularity and Reusability For Engineering Secure Software Systems, | ||
University of Luxembourg (2015) | ||
|
||
\bibitem {ravi2004security} | ||
Ravi, S., Raghunathan, A., Kocher, P., Hattangady, S.: | ||
Security in embedded systems: Design challenges, | ||
ACM Transactions on Embedded Computing Systems (TECS), Volume 3 Number 3, pages 461--491 (2004) | ||
|
||
\bibitem {gokhale2008model} | ||
Gokhale, A., Balasubramanian, K., Krishna, A.S., Balasubramanian, J., Edwards, G., Deng, G., Turkay, E., Parsons, J., Schmidt, D.C.: | ||
Model driven middleware: A new paradigm for developing distributed real-time and embedded systems, | ||
Science of Computer programming, Volume 73 Number 1, pages 39--58 (2008) | ||
|
||
\bibitem {perez2006vtpm} | ||
Perez, R., Sailer, R., van Doorn, L., and others: | ||
vTPM: virtualizing the trusted platform module, | ||
Proc. 15th Conf. on USENIX Security Symposium, pages 305--320 | ||
|
||
\bibitem {yan2015novel} | ||
Yan, W., Tehranipoor, F., Chandy, J.A.: | ||
A Novel Way to Authenticate Untrusted Integrated Circuits, | ||
Proceedings of the IEEE/ACM International Conference on Computer-Aided Design, pages 132--138 (2015) | ||
|
||
\bibitem {tehranipoor2015dram} | ||
Tehranipoor, F., Karimina, N., Xiao, K., Chandy, J.: | ||
DRAM based intrinsic physical unclonable functions for system level security, | ||
Proceedings of the 25th edition on Great Lakes Symposium on VLSI, pages 15--20 (2015) | ||
|
||
\bibitem {CommonCriteria} | ||
Common Criteria for Information Technology Security Evaluation, | ||
ISO/IEC, Number ISO/IEC 15408, July 2015 | ||
|
||
\bibitem {benzel2005design} | ||
Benzel, T.V., Irvine, C.E., Levin, T.E., Bhaskara, G., Nguyen, T.D., Clark, P.C.: | ||
Design principles for security (2005) | ||
|
||
\bibitem {lin2013security} | ||
Lin, C., Zhu, Q., Phung, C., Sangiovanni-Vincentelli, A.: | ||
Security-aware mapping for CAN-based real-time distributed automotive systems, | ||
Computer-Aided Design (ICCAD), 2013 IEEE/ACM International Conference on, pages 115--121 (2013) | ||
|
||
\bibitem {markose2008systematic} | ||
Markose, S., Liu, X., McMillin, B.: | ||
A systematic framework for structured object-oriented security requirements analysis in embedded systems, | ||
IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, 2008. EUC'08, Volume 1, pages 75--81 (2008) | ||
|
||
\bibitem {yu1997towards} | ||
Yu, E.S.: | ||
Towards modelling and reasoning support for early-phase requirements engineering, | ||
Proceedings of the Third IEEE International Symposium on Requirements Engineering, pages 226--235 (1997) | ||
|
||
\bibitem {massacci2010security} | ||
Massacci, F., Mylopoulos, J., Zannone, N.: | ||
Security requirements engineering: the SI* modeling language and the secure tropos methodology, | ||
Advances in Intelligent Information Systems, pages 147--174 (2010) | ||
|
||
\bibitem {sangiovanni2007quo} | ||
Sangiovanni-Vincentelli, A.: | ||
Quo vadis, SLD? Reasoning about the trends and challenges of system level design, | ||
Proceedings of the IEEE, Volume 95 Number 3, pages 467--506 (2007) | ||
|
||
\bibitem {ALISA2016} | ||
Delange, J., Feiler, P., Neil, E.: | ||
Incremental Life Cycle Assurance of Safety-Critical Systems, | ||
8th European Congress on Embedded Real Time Software and Systems (ERTS 2016) | ||
|
||
\end{thebibliography} | ||
|
||
\end{document} |
Oops, something went wrong.