Phu H. Nguyen,Max Kramer,Jacques Klein,Yves Le Traon

DOI: https://doi.org/10.1016/j.infsof.2015.08.006

IF: 3.9

2015-12-01

Information and Software Technology

Abstract:Context: Model-Driven Security (MDS) is as a specialised Model-Driven Engineering research area for supporting the development of secure systems. Over a decade of research on MDS has resulted in a large number of publications.Objective: To provide a detailed analysis of the state of the art in MDS, a systematic literature review (SLR ) is essential.Method: We conducted an extensive SLR on MDS. Derived from our research questions, we designed a rigorous, extensive search and selection process to identify a set of primary MDS studies that is as complete as possible. Our three-pronged search process consists of automatic searching, manual searching, and snowballing. After discovering and considering more than thousand relevant papers, we identified, strictly selected, and reviewed 108 MDS publications.Results: The results of our SLR show the overall status of the key artefacts of MDS, and the identified primary MDS studies. For example, regarding security modelling artefact, we found that developing domain-specific languages plays a key role in many MDS approaches. The current limitations in each MDS artefact are pointed out and corresponding potential research directions are suggested. Moreover, we categorise the identified primary MDS studies into 5 significant MDS studies, and other emerging or less common MDS studies. Finally, some trend analyses of MDS research are given.Conclusion: Our results suggest the need for addressing multiple security concerns more systematically and simultaneously, for tool chains supporting the MDS development cycle, and for more empirical studies on the application of MDS methodologies. To the best of our knowledge, this SLR is the first in the field of Software Engineering that combines a snowballing strategy with database searching. This combination has delivered an extensive literature study on MDS.

computer science, information systems, software engineering

Atif Mashkoor,Alexander Egyed,Robert Wille

DOI: https://doi.org/10.48550/arXiv.2004.08471

2020-04-18

Abstract:This paper presents a systematic mapping study on the model-driven engineering of safety and security concerns in systems. Integrated modeling and development of both safety and security concerns is an emerging field of research. Our mapping study provides an overview of the current state-of-the-art in this field. Through a rigorous and systematic process, this study carefully selected 95 publications out of 17,927 relevant papers published between 1992 and 2018. This paper then proposes and answers several relevant research questions about frequently used methods, development stages where these concerns are typically investigated in, or application domains. Additionally, we identify the community's preference for publication venues and trends.

Software Engineering

Phu H. Nguyen,Shaukat Ali,Tao Yue

DOI: https://doi.org/10.1016/j.infsof.2016.11.004

2017-01-01

Abstract:ContextCyber-physical systems (CPSs) have emerged to be the next generation of engineered systems driving the so-called fourth industrial revolution. CPSs are becoming more complex, open and more prone to security threats, which urges security to be engineered systematically into CPSs. Model-Based Security Engineering (MBSE) could be a key means to tackle this challenge via security by design, abstraction, and automation. ObjectiveWe aim at providing an initial assessment of the state of the art in MBSE for CPSs (MBSE4CPS). Specifically, this work focuses on finding out 1) the publication statistics of MBSE4CPS studies; 2) the characteristics of MBSE4CPS studies; and 3) the open issues of MBSE4CPS research. MethodWe conducted a systematic mapping study (SMS) following a rigorous protocol that was developed based on the state-of-the-art SMS and systematic review guidelines. From thousands of relevant publications, we systematically identified 48 primary MBSE4CPS studies for data extraction and synthesis to answer predefined research questions. ResultsSMS results show that for three recent years (2014-2016) the number of primary MBSE4CPS studies has increased significantly. Within the primary studies, the popularity of using Domain-Specific Languages (DSLs) is comparable with the use of the standardised UML modelling notation. Most primary studies do not explicitly address specific security concerns (e.g., confidentiality, integrity) but rather focus on security analyses in general on threats, attacks or vulnerabilities. Few primary studies propose to engineer security solutions for CPSs. Many focus on the early stages of development lifecycle such as security requirement engineering or analysis. ConclusionThe SMS does not only provide the state of the art in MBSE4CPS, but also points out several open issues that would deserve more investigation, e.g., the lack of engineering security solutions for CPSs, limited tool support, too few industrial case studies, and the challenge of bridging DSLs in engineering secure CPSs.

Mustafa Abshir Mohamed,Geylani Kardas,Moharram Challenger

DOI: https://doi.org/10.48550/arXiv.2103.08644

2021-03-16

Abstract:This technical report presents a Systematic Literature Review (SLR) study that focuses on identifying and classifying the recent research practices pertaining to CPS development through MDE approaches. The study evaluates 140 research papers published during 2010-2018. Accordingly, a comprehensive analysis of various MDE approaches used in the development life-cycle of CPS is presented. Furthermore, the study identifies the research gaps and areas that need more investigation. The contribution helps researchers and practitioners to get an overall understanding of the research trends and existing challenges for further research/development.

Software Engineering

Ludovic Apvrille,Yves Roudier

DOI: https://doi.org/10.4204/EPTCS.148.2

2014-04-08

Abstract:We introduce SysML-Sec, a SysML-based Model-Driven Engineering environment aimed at fostering the collaboration between system designers and security experts at all methodological stages of the development of an embedded system. A central issue in the design of an embedded system is the definition of the hardware/software partitioning of the architecture of the system, which should take place as early as possible. SysML-Sec aims to extend the relevance of this analysis through the integration of security requirements and threats. In particular, we propose an agile methodology whose aim is to assess early on the impact of the security requirements and of the security mechanisms designed to satisfy them over the safety of the system. Security concerns are captured in a component-centric manner through existing SysML diagrams with only minimal extensions. After the requirements captured are derived into security and cryptographic mechanisms, security properties can be formally verified over this design. To perform the latter, model transformation techniques are implemented in the SysML-Sec toolchain in order to derive a ProVerif specification from the SysML models. An automotive firmware flashing procedure serves as a guiding example throughout our presentation.

Software Engineering,Cryptography and Security

Ankur Shukla,Basel Katt,Livinus Obiora Nweke,Prosper Kandabongee Yeng,Goitom Kahsay Weldehawaryat

DOI: https://doi.org/10.1016/j.cosrev.2022.100496

2022-07-29

Abstract:System security assurance provides the confidence that security features, practices, procedures, and architecture of software systems mediate and enforce the security policy and are resilient against security failure and attacks. Alongside the significant benefits of security assurance, the evolution of new information and communication technology (ICT) introduces new challenges regarding information protection. Security assurance methods based on the traditional tools, techniques, and procedures may fail to account new challenges due to poor requirement specifications, static nature, and poor development processes. The common criteria (CC) commonly used for security evaluation and certification process also comes with many limitations and challenges. In this paper, extensive efforts have been made to study the state-of-the-art, limitations and future research directions for security assurance of the ICT and cyber-physical systems (CPS) in a wide range of domains. We conducted a systematic review of requirements, processes, and activities involved in system security assurance including security requirements, security metrics, system and environments and assurance methods. We highlighted the challenges and gaps that have been identified by the existing literature related to system security assurance and corresponding solutions. Finally, we discussed the limitations of the present methods and future research directions.

Cryptography and Security,Software Engineering

Abdelhakim Hannousse,Salima Yahiouche

DOI: https://doi.org/10.1016/j.cosrev.2021.100415

IF: 8.757

2021-08-01

Computer Science Review

Abstract:<p>Microservice architectures (MSA) are becoming trending alternatives to existing software development paradigms notably for developing complex and distributed applications. Microservices emerged as an architectural design pattern aiming to address the scalability and ease the maintenance of online services. However, security breaches have increased threatening availability, integrity and confidentiality of microservice-based systems. A growing body of literature is found addressing security threats and security mechanisms to individual microservices and microservice architectures. The aim of this study is to provide a helpful guide to developers about already recognized threats on microservices and how they can be detected, mitigated or prevented; we also aim to identify potential research gaps on securing MSA. In this paper, we conduct a systematic mapping in order to categorize threats on MSA with their security proposals. Therefore, we extracted threats and details of proposed solutions reported in selected studies. Obtained results are used to design a lightweight ontology for security patterns of MSA. The ontology can be queried to identify source of threats, security mechanisms used to prevent each threat, applicability layer and validation techniques used for each mechanism. The systematic search yielded 1067 studies of which 46 are selected as primary studies. The results of the mapping revealed an unbalanced research focus in favor of external attacks; auditing and enforcing access control are the most investigated techniques compared with prevention and mitigation. Additionally, we found that most proposed solutions are soft-infrastructure applicable layer compared with other layers such as communication and deployment. We also found that performance analysis and case studies are the most used validation techniques of security proposals.</p>

computer science, information systems, theory & methods, software engineering

Amirreza Payandeh,Mohammadreza Sharbaf,Shekoufeh Kolahdouz Rahimi

DOI: https://doi.org/10.1109/tg.2024.3356408

IF: 1.237

2024-01-01

IEEE Transactions on Games

Abstract:Model-driven game development (MDGD) leverages the concept of model-driven engineering and game development. The focus of MDGD is to automate the game development process by emphasizing a higher level of abstraction, which will make game development faster and easier. In recent years, researchers in the MDGD community have developed several approaches in this domain. The goal of this paper is to survey and classify existing works in MDGD, identify the challenges in this domain, and provide promising future research directions. To achieve this, we conducted a systematic review by selecting 43 articles from a set of 849. The results show that MDE techniques are used to develop games in various genres. 42% of the investigated studies proposed a graphical concrete syntax for game specification and 56% of them used different target environment tools such as Unity Engine. Moreover, our suggestions include taking advantage of tooling environments and focusing on game components rather than a complete game.

computer science, artificial intelligence, software engineering

Minghui Sun,Smitha Gautham,Quanbo Ge,Carl Elks,Cody Fleming

DOI: https://doi.org/10.1016/j.ssci.2024.106425

IF: 6.392

2024-01-15

Safety Science

Abstract:Model-based safety assessment (MBSA) has been one of the major research thrusts of the System Safety Engineering community for about three decades. It has attracted attention in many safety-critical industries, such as aviation, mining, and nuclear power. However, there is still a lack of consensus on what MBSA is. For example, how is MBSA different from the traditional safety analysis approach? How one MBSA approach is different from another? The ambiguity in the identity of MBSA poses significant challenges to the advancement of MBSA as an active research area. To answer these questions, we conducted a systematic review of the MBSA literature. Overall, 134 articles were selected for review from a total of 864 papers. We found four core activities that an MBSA approach must perform. Based on how each core activity was conducted, we were able to define (i.e., setting MBSA apart from other safety analysis approaches) and characterize (i.e., setting one MBSA approach apart from another) MBSA. As a result, an MBSA approach must at least (1) model component faults and fault propagation, (2) support the automatic computation of the desired safety analysis, (3) ensure the consistency between the design model and the safety model at the architecture level, and (4) demonstrate the safety risk due to component faults are acceptable. In addition to the insights and implications we identified for each core activity, we presented at the end of the paper a pressing issue of MBSA that multiple articles pointed out over the years: model validity. Without ensuring the validity of the safety model, it will be very challenging to utilize MBSA to its full potential for safety assurance.

engineering, industrial,operations research & management science

Stefano M. Nicoletti,Marijn Peppelman,Christina Kolb,Mariëlle Stoelinga

DOI: https://doi.org/10.48550/arXiv.2106.06272

2023-10-23

Abstract:We survey the state-of-the-art on model-based formalisms for safety and security joint analysis, where safety refers to the absence of unintended failures, and security to absence of malicious attacks. We conduct a thorough literature review and - as a result - we consider fourteen model-based formalisms and compare them with respect to several criteria: (1) Modelling capabilities and Expressiveness: which phenomena can be expressed in these formalisms? To which extent can they capture safety-security interactions? (2) Analytical capabilities: which analysis types are supported? (3) Practical applicability: to what extent have the formalisms been used to analyze small or larger case studies? Furthermore, (1) we present more precise definitions for safety-security dependencies in tree-like formalisms; (2) we showcase the potential of each formalism by modelling the same toy example from the literature and (3) we present our findings and reflect on possible ways to narrow highlighted gaps. In summary, our key findings are the following: (1) the majority of approaches combine tree-like formal models; (2) the exact nature of safety-security interaction is still ill-understood and (3) diverse formalisms can capture different interactions; (4) analyzed formalisms merge modelling constructs from existing safety- and security-specific formalisms, without introducing ad hoc constructs to model safety-security interactions, or (5) metrics to analyze trade offs. Moreover, (6) large case studies representing safety-security interactions are still missing.

Cryptography and Security

Shaofei Huang,Christopher M. Poskitt,Lwin Khin Shar

2024-09-19

Abstract:Cyber-physical systems (CPS) are at the intersection of digital technology and engineering domains, rendering them high-value targets of sophisticated and well-funded cybersecurity threat actors. Prominent cybersecurity attacks on CPS have brought attention to the vulnerability of these systems, and the inherent weaknesses of critical infrastructure reliant on CPS. Security modelling for CPS is an important mechanism to systematically identify and assess vulnerabilities, threats, and risks throughout system lifecycles, and to ultimately ensure system resilience, safety, and reliability. This survey delves into state-of-the-art research in CPS security modelling, encompassing both threat and attack modelling. While these terms are sometimes used interchangeably, they are different concepts. This article elaborates on the differences between threat and attack modelling, examining their implications for CPS security. A systematic search yielded 428 articles, from which 15 were selected and categorised into three clusters: those focused on threat modelling methods, attack modelling methods, and literature reviews. Specifically, we sought to examine what security modelling methods exist today, and how they address real-world cybersecurity threats and CPS-specific attacker capabilities throughout the lifecycle of CPS, which typically span longer durations compared to traditional IT systems. This article also highlights several limitations in existing research, wherein security models adopt simplistic approaches that do not adequately consider the dynamic, multi-layer, multi-path, and multi-agent characteristics of real-world cyber-physical attacks.

Cryptography and Security

Vivek Nigam,Alexander Pretschner,Harald Ruess

DOI: https://doi.org/10.48550/arXiv.1810.04866

2018-10-11

Logic in Computer Science

Abstract:By exploiting the increasing surface attack of systems, cyber-attacks can cause catastrophic events, such as, remotely disable safety mechanisms. This means that in order to avoid hazards, safety and security need to be integrated, exchanging information, such as, key hazards/threats, risk evaluations, mechanisms used. This white paper describes some steps towards this integration by using models. We start by identifying some key technical challenges. Then we demonstrate how models, such as Goal Structured Notation (GSN) for safety and Attack Defense Trees (ADT) for security, can address these challenges. In particular, (1) we demonstrate how to extract in an automated fashion security relevant information from safety assessments by translating GSN-Models into ADTs; (2) We show how security results can impact the confidence of safety assessments; (3) We propose a collaborative development process where safety and security assessments are built by incrementally taking into account safety and security analysis; (4) We describe how to carry out trade-off analysis in an automated fashion, such as identifying when safety and security arguments contradict each other and how to solve such contradictions. We conclude pointing out that these are the first steps towards a wide range of techniques to support Safety and Security Engineering. As a white paper, we avoid being too technical, preferring to illustrate features by using examples and thus being more accessible.

Sergej Japs,Harald Anacker

DOI: https://doi.org/10.1017/pds.2021.517

2021-07-27

Proceedings of the Design Society

Abstract:Abstract Cyber-physical systems (CPS), like autonomous vehicles, are intelligent and networked. The development of such systems and its components requires interdisciplinary cooperation between different stakeholders. A lack of system understanding between stakeholders can lead to unidentified and unresolved security threats & safety hazards in early engineering phases, resulting in high costs in product development and potentially compromises compliance with the safety of CPS. Model-based systems engineering (MBSE) improves the system understanding between stakeholders by using models. However, MBSE approaches only partially address security threats & safety hazards. In particular, their integrative consideration is not taken into account. Established security & safety approaches are either only applicable to specific disciplines or only partially consider security threats & safety hazards. In the context of this paper we present a method for the resolution of safety relevant security threats in the system architecture design phase using design patterns. We illustrate our approach with the example of the automotive sector. Finally, we present an evaluation of the method, based on an 8 week project with 67 master students.

Michael Felderer,Jeffrey C. Carver

DOI: https://doi.org/10.48550/arXiv.1801.06810

2018-01-21

Software Engineering

Abstract:Security engineering in the software lifecycle aims at protecting information and systems to guarantee confidentiality, integrity, and availability. As security engineering matures and the number of research papers grows, there is an increasing need for papers that summarize results and provide an overview of the area. A systematic mapping study "maps" a research area by classifying papers to identify which topics are well-studied and which need additional study. Therefore, systematic mapping studies are becoming increasingly important in security engineering. This chapter provides methodological support for systematic mapping studies in security engineering based on examples from published security engineering papers. Because security engineering is similar to software engineering in that it bridges research and practice, researchers can use the same basic systematic mapping process, as follows: (1) study planning, (2) searching for studies, (3) study selection, (4) study quality assessment, (5) data extraction, (6) data classification, (7) data analysis, and (8) reporting of results. We use published mapping studies to describe the tailoring of this process for security engineering. In addition to guidance on how to perform systematic mapping studies in security engineering, this chapter should increase awareness in the security engineering community of the need for additional mapping studies.

Hira Naveed,Chetan Arora,Hourieh Khalajzadeh,John Grundy,Omar Haggag

DOI: https://doi.org/10.1016/j.infsof.2024.107423

IF: 3.9

2024-02-17

Information and Software Technology

Abstract:Context: Machine Learning (ML) has become widely adopted as a component in many modern software applications. Due to the large volumes of data available, organizations want to increasingly leverage their data to extract meaningful insights and enhance business profitability. ML components enable predictive capabilities, anomaly detection, recommendation, accurate image and text processing, and informed decision-making. However, developing systems with ML components is not trivial; it requires time, effort, knowledge, and expertise in ML, data processing, and software engineering. There have been several studies on the use of model-driven engineering (MDE) techniques to address these challenges when developing traditional software and cyber–physical systems. Recently, there has been a growing interest in applying MDE for systems with ML components. Objective: The goal of this study is to further explore the promising intersection of MDE with ML (MDE4ML) through a systematic literature review (SLR). Through this SLR, we wanted to analyze existing studies, including their motivations, MDE solutions, evaluation techniques, key benefits and limitations. Method: Our SLR is conducted following the well-established guidelines by Kitchenham. We started by devising a protocol and systematically searching seven databases, which resulted in 3934 papers. After iterative filtering, we selected 46 highly relevant primary studies for data extraction, synthesis, and reporting. Results: We analyzed selected studies with respect to several areas of interest and identified the following: (1) the key motivations behind using MDE4ML; (2) a variety of MDE solutions applied, such as modeling languages, model transformations, tool support, targeted ML aspects, contributions and more; (3) the evaluation techniques and metrics used; and (4) the limitations and directions for future work. We also discuss the gaps in existing literature and provide recommendations for future research. Conclusion: This SLR highlights current trends, gaps and future research directions in the field of MDE4ML, benefiting both researchers and practitioners.

computer science, information systems, software engineering

Houda Harkat,Luis M. Camarinha-Matos,João Goes,Hasmath F.T. Ahmed

DOI: https://doi.org/10.1016/j.cie.2024.109891

IF: 7.18

2024-02-01

Computers & Industrial Engineering

Abstract:In recent years, cyber-physical systems (CPS) have been to many vital areas, including medical devices, smart cars, industrial systems, energy grid, etc. As these systems increasingly rely on Internet, ensuring their security requirements, which are different from those of ordinary information technology systems, has become an important research topic. However, the area is not yet well structured and, therefore, it is essential to review and analyze recent work in this field to better understand the adopted approaches and also to identify corresponding gaps and future interesting research directions. This article is based on a systematic literature review that addresses core issues in CPS security. Part of the focus is placed on the defense mechanisms introduced to help the system fully recover from attacks. However, the framework devoted to risk/threat assessments has also been highlighted, as there is a substantial need to strengthen the systems architecture to be more proactive. In addition, the ethical and societal impact of CPS is emphasized since it is essential to get a vision of the unintended outcomes of the possible evolution of these systems.

computer science, interdisciplinary applications,engineering, industrial

Huaming Chen,M. Ali Babar

2023-12-18

Abstract:The rapid development of Machine Learning (ML) has demonstrated superior performance in many areas, such as computer vision, video and speech recognition. It has now been increasingly leveraged in software systems to automate the core tasks. However, how to securely develop the machine learning-based modern software systems (MLBSS) remains a big challenge, for which the insufficient consideration will largely limit its application in safety-critical domains. One concern is that the present MLBSS development tends to be rush, and the latent vulnerabilities and privacy issues exposed to external users and attackers will be largely neglected and hard to be identified. Additionally, machine learning-based software systems exhibit different liabilities towards novel vulnerabilities at different development stages from requirement analysis to system maintenance, due to its inherent limitations from the model and data and the external adversary capabilities. The successful generation of such intelligent systems will thus solicit dedicated efforts jointly from different research areas, i.e., software engineering, system security and machine learning. Most of the recent works regarding the security issues for ML have a strong focus on the data and models, which has brought adversarial attacks into consideration. In this work, we consider that security for machine learning-based software systems may arise from inherent system defects or external adversarial attacks, and the secure development practices should be taken throughout the whole lifecycle. While machine learning has become a new threat domain for existing software engineering practices, there is no such review work covering the topic. Overall, we present a holistic review regarding the security for MLBSS, which covers a systematic understanding from a structure review of three distinct aspects in terms of security threats...

Cryptography and Security,Software Engineering

Abir El Akhdar,Chafik Baidada,Ali Kartit,Mohamed Hanine,Carlos Osorio García,Roberto Garcia Lara,Imran Ashraf

DOI: https://doi.org/10.3390/s24206771

IF: 3.9

2024-10-22

Sensors

Abstract:With the rapid growth of Internet of Things (IoT) systems, ensuring robust security measures has become paramount. Microservices Architecture (MSA) has emerged as a promising approach for enhancing IoT systems security, yet its adoption in this context lacks comprehensive analysis. This systematic review addresses this research gap by examining the incorporation of MSA in IoT systems from 2010 to 2024. From an initial pool of 4388 studies, selected articles underwent thorough quality assessment with weighted critical appraisal questions and a defined inclusion threshold. This study represents the first comprehensive systematic review to investigate the potential of microservices in IoT, with a particular focus on security aspects. The review explores the merits of MSA, highlighting twelve benefits, eight key challenges, and eight security risks. Additionally, the eight best practices for implementing MSA in IoT systems are extracted. The findings underscore MSA's utility in fortifying IoT security while also acknowledging complexities and potential vulnerabilities. Moreover, the study calls attention to the importance of incorporating complementary technologies including blockchain and machine learning to address identified gaps effectively. Finally, we propose a taxonomic classification for Microservice-based IoT security patterns, facilitating the categorization and organization of security measures in this context. Such a review can help researchers and practitioners identify existing gaps, highlight potential research directions, and provide guidelines for designing secure and efficient microservice-based IoT systems.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Lei CHEN,Jian JIAO,Tingdi ZHAO

DOI: https://doi.org/10.3969/j.issn.1001-506X.2017.06.16

2017-01-01

Abstract:The ultimate goal of model-based safety analysis (MBSA) is to implement the automated safety analysis based on semi-formal and formal models of the complex safety-critical system.There are many MBSA methods which contain all the relevant theory, techniques, tools and language used for modelling, safety verification and analysis.Implementation approaches of MBSA could be divided into two categories according to different models used in the safety analysis which means the different relationship between safety models and system models.One of the MBSA approach is based on the extended system model (ESM) and the other one is based on the failure logic modelling (FLM).The implementation of each approach is described.Advantages and boundedness of each approach are analyzed and indicated.Finally, the improvements for each way which could be carried out in the future are proposed.

Annarita Drago,Stefano Marrone,Nicola Mazzocca,Roberto Nardone,Annarita Tedesco,Valeria Vittorini

DOI: https://doi.org/10.1007/s10270-016-0572-7

2016-12-26

Abstract:Modern physical protection systems integrate a number of security systems (including procedures, equipments, and personnel) into a single interface to ensure an adequate level of protection of people and critical assets against malevolent human actions. Due to the critical functions of a protection system, the quantitative evaluation of its effectiveness is an important issue that still raises several challenges. In this paper we propose a model-driven approach to support the design and the evaluation of physical protection systems based on (a) UML models representing threats, protection facilities, assets, and relationships among them, and (b) the automatic construction of a Bayesian Network model to estimate the vulnerability of different system configurations. Hence, the proposed approach is useful both in the context of vulnerability assessment and in designing new security systems as it enables what-if and cost–benefit analyses. A real-world case study is further illustrated in order to validate and demonstrate the potentiality of the approach. Specifically, two attack scenarios are considered against the depot of a mass transit transportation system in Milan, Italy.

computer science, software engineering