Unleash the potential of security in embedded environments through the provision of standardised security building blocks and application models fit for use.

Home Publications
Publications

Deliverable D2.1: Documentation of use cases, requirements and success factor indicators

In the SecFutur project, a new security engineering process and security solutions in form of building blocks will be developed. In order to facilitate the identification of requirements on languages, tools and techniques for this purpose, and in order to evaluate the results of the project, three different use cases will be developed and implemented as show cases. This document contains the descriptions of these use cases, as well as a definition of success factors. The main purpose of the use case descriptions is to provide an input to the formal specification of the use cases, for which the abstract model for embedded systems being developed in work package 3 “Security building blocks” will be used. The purpose of the definition of success factors is to prepare the final evaluation of the project results.


The use case descriptions found in this document are the results of the use case analysis carried out by the show case developers, each as an expert in their respective field, supported by other project partners in discussions and reviews in order to provide alternative views and outside perspectives. A common approach for the security requirements analysis for the three use cases has been based on threat analysis, which is an often used practice in the present state of the art. The success factors are the results of common discussions, with the purpose of defining evaluation criteria which are interesting and relevant for each task result to evaluate.


The results of the analysis are functional descriptions of the use cases and informal but comprehensive specifications of their security objectives, which form an input to the formal specification in work package 3, as well as a list of evaluation criteria for the final evaluation, which can also be used as a support for documenting experiences and observations during the development.

In each use case description, the high level functionality of the system is presented, as well as a somewhat more elaborated description of the security aspects of the system. Since implementation depends on the results from work packages 3 “Security building blocks” and 4 “Security engineering process”, detailed functional requirements and detailed design are not covered in this document, but will instead be specified when optimal solutions are found, using the results from those work packages.

Deliverable 2.1b: Documentation of use cases, requirements and success factor indicators, revision (Revised)

In the SecFutur project, a new security engineering process and security solutions in form of building blocks will be developed. In order to facilitate the identification of requirements on languages, tools and techniques for this purpose, and in order to evaluate the results of the project, three different use cases will be developed and implemented as show cases. This document contains the descriptions of these use cases, as well as a definition of success factors. The main purpose of the use case descriptions is to provide an input to the formal specification of the use cases, for which the abstract model for embedded systems being developed in work package 3 “Security building blocks” will be used. The purpose of the definition of success factors is to prepare the final evaluation of the project results.

The use case descriptions found in this document are the results of the use case analysis carried out by the use case developers, each as an expert in their respective field, supported by other project partners in discussions and reviews in order to provide alternative views and outside perspectives. A common approach for the security requirements analysis for the three use cases has been based on threat analysis, which is an often-used practice in the present state of the art. The success factors are the results of common discussions, with the purpose of defining evaluation criteria that are interesting and relevant for each task result to evaluate.

The results of the analysis are functional descriptions of the use cases and informal but comprehensive specifications of their security objectives, which form an input to the formal specification in work package 3, as well as a list of evaluation criteria for the final evaluation, which can also be used as a support for documenting experiences and observations during the development.

In each use case description, the high level functionality of the system is presented, as well as a more elaborated description of the security aspects of the system. Since implementation depends on the results from work packages 3 “Security building blocks” and 4 “Security engineering process”, detailed functional requirements and detailed designs are not covered in this document. Instead, they will be specified when optimal solutions are found, using the results of the previous work packages.

Since Telefónica I+D (TID) left the project its role has been taken by Technicolor. Due to this, the new Technicolor scenario (Multi-functional service Set Top Box) has replaced the old TID scenario (Multi-functional service gateway). However, it is still possible to find the old TID scenario at the end of the document for historical purposes.

Deliverable D2.2: Feedback report and cross-cutting issues

The task 2.5 “Providing evidence of improved embedded system development” in the SecFutur project of the work package 2 “Multiple sector use case development and show case” is important to prove that the developed tools and methods are usable and coherent to the global goals of this project. For this reason a preliminary evaluation was executed by all partners who participate in this task. This document contains the evaluation results from all participating SecFutur members. After the collected answers from the project members there is a summarization of the results and their consequential conclusions, which will show how well the whole SecFutur process is performed and how well the developed tools and methods are adapted to the show case developments. The evaluation might reveal any cross-cutting issues in the current stage of the project.
The evaluation results are tremendously depending on the output that the partners, participating in the task 2.5, provide. For this reason a success factor chapter can be found in the deliverable D2.1 "Documentation of use cases, requirements and success factor indicators". It defines the evaluation criteria for the evaluation task and also contains example answers for each of the evaluation questions. This will help the partners at some partial difficult questions defined in the evaluation criteria.

The preliminary evaluation in this document is based on these criteria, but was expanded and modified, for the purpose that the evaluation could be performed by more project partners. Most of the criteria questions were aimed at the show case developers and were answerable only roughly for the rest of the partners. Through the recent events, it would have meant that only two partners were able to fill out the evaluation. Since nearly all of the SecFutur members gain experiences with the developed tools and methods, it was reasonable to extend and alter the evaluation criteria to all participants in the evidence task 2.5.

At the end of project the evaluation will be executed again to see the improvements that will have been made between these two evaluations. The final results of this second evaluation will be documented in deliverable D2.6 "Documentation on improved quality in embedded systems development" with more precise information to the adaptation of the developed tools and methods.

Deliverable D2.3: Show case prototype from selected User Trial in T2.2

This document describes the demonstrator of the use case “Multi-functional service Set Top Box”. The document summarises the essential system features and security goals, describes the developed device, compares it against its model and summarises its test results. The document is completed with feedback about the suitability of the SecFutur engineering process and model to challenging embedded systems and security engineering.

Summarizing, after the development of the “Multi-functional service Set Top Box” demonstrator we noticed the next features as well as possible improvements for the SecFutur model and engineering process.

The SecFutur model allows a formal way to specify and model security properties and its related threats and attacks as well as their solutions in the form of SBBs and security patterns. It provides a solid platform where to browse well categorized, well documented and domain relevant security expertise and allows to find and apply solutions to these security requirements in an easy way. All this is a possibility thanks mainly to the SPT, but also thanks to the available repositories for DSMs, SBBs and security patterns. While it is true that for a wider adoption of the SecFutur process these repositories would need to offer a wider range of up-to-date DSMs, patterns and SBBs, it is also true that the tools to achieve this goal are already there.

One aspect that could be improved is some kind of automatic way to help with the integration of solutions into the system, such as code generation. This is important since depending on how the implementation is done it might also might open new non-modelling related vulnerabilities. Anyway this point alone might need a whole new project of its own due to the huge technical difficulties that it would entail.

Still, those are all minor issues that do not diminish at all the usefulness and importance of the process to achieve better secured systems.

Deliverable 2.4: Show case prototype from User Trial “Secure ad- hoc wireless mesh communication for crisis management”

This document describes the demonstrator of the use case “secure ad-hoc wireless mesh communication for crisis management”. The document summarises the essential system features and security goals, describes the developed device, compares it against its model and summarises its test results. The document is completed with feedback about the suitability of the SecFutur engineering process and model to challenging embedded systems and security engineering.

As a summary, based on the development of the secure mesh network demonstrator we see the following important aspects and feedback for the SecFutur model and engineering process. The SecFutur model enables the formal specification and modelling of security properties, solutions, threats, attacks and features. It is very helpful for solving the security requirements found when analysing the use case and documenting them in a concise manner. The SecFutur Process Tool (SPT) helps developers and engineers in creating and using the models in an easy and intuitive way. Additionally, the SecFutur model and engineering process provides guidelines on how to ensure the completeness of a system model. The developer is assisted in order to determine if all the relevant security threats of the system model are fulfilled and correctly described considering the design of the system. The SecFutur model and process also includes assistance for the integration of multiple security building blocks into a complete system and for determining platform and implementation specific dependencies, as the choice of implementation can introduce new security vulnerabilities which were probably not considered by the modelling. In order to get security building blocks successfully accepted by the developer community it is necessary to actively work on improving and creating multiple implementation types and provide regular releases. The feedback of the end users is very important for this task as they provide real world requirements and necessities.

Deliverable 2.5: Show case prototype from User Trial “Metering devices with legal calibration requirements”

This document contains the description of the final demonstrator of the use case “Metering device with legal requirements” by Mixed Mode GmbH. The main purpose of this Deliverable is to show how the SecFutur Engineering process was deployed during the demonstrator implementation. Since the development of the SecFutur Engineering process was still in progress when the work on the prototype began, some implementations had to be adapted to this process afterwards. The demonstrator was developed in all conscience by Mixed Mode GmbH and with support of SecFutur partners. As a basis the detailed use case description of the metering use case in Deliverable 2.1 was used to build the demonstrator.

During the demonstrator development several hardware and software components were to be deployed and will be described in this document. As an example two security solutions of the demonstrator are shown in detail and later how these solutions were modelled in the SecFutur Engineering Process. Further some testing results of the demonstrator are highlighted. Unfortunately most of the testing is still in progress, but its results will be published in the Deliverable 5.3. The last chapter is reflecting the experiences of the SecFutur Engineering Process while developing the demonstrator.

The developed use case models resulted out of the accomplishments of work packages 3 “Security building blocks” and 4 “Security engineering process”. These models were developed to the best knowledge. However Mixed Mode shall take no liability for the completeness, correctness or fitness for the provided security solutions in this document.

Deliverable 2.6: Documentation on improved quality in embedded systems development

This Deliverable D2.6 “Documentation on improved quality in embedded systems developments” finalizes the Task 2.5 “Providing evidence of improved embedded system development” where the developed SecFutur Engineering Process is being evaluated by the project use case partners. This evaluation shows how the process could be adapted into existing approaches and how well it could be deployed by the use case partners participating in the WP2. The evaluation was defined in the Deliverable 2.1 “Documentation of use cases, requirements and success factor indicators” in Chapter 3. This third chapter contains the evaluation guidelines and the questionnaire that must be used to fully evaluate the SecFutur Engineering Process.

A preliminary evaluation was executed in the Deliverable 2.2 “Feedback report and Cross-cutting issues” during the second project year. While D2.2 showed how the use cases could be applied by the project partners and the good progresses of the SecFutur Engineering Process, its developments and further gave some direction to improve the approach, this deliverable concentrates on the evaluation of the SecFutur tasks and their results. The final process is being evaluated by the three use case partners: Ruag, the University of Malaga, Technicolor and Mixed Mode. Additionally to this some further improvements will be named to further help to make the SecFutur Engineering Process superior to other approaches that do not focus in development of secure embedded systems.

The preliminary evaluation of the D2.2 showed that most of the tasks could not be properly evaluated because of the early status of the results in the second project year and the fact that these task results were still under development. The evaluation in this deliverable however presents the evaluation of the final task results. Most of the results could be evaluated in this document but however not all of the results. These reasons are included in the deliverable.

Deliverable 3.1: Abstract model for embedded systems

In this deliverable we describe the preliminary version of a model that has emerged as a result of detailed analysis of the case studies presented in WP2 (at the state available in month 6 of the project) and the knowledge from the forthcoming SecFutur engineering process (WP4) as conceived in month 9 of the project.
The proposed abstract model is intended to be used for representing reusable security components, referred to as security building blocks, in systems built from embedded devices. It was formed after studying the UML-based approaches to domain specific languages and definition of profiles. In particular, the earlier OMG profiles for real-time and embedded systems (MARTE) and system modelling (SysML) were studied so that the WP3 abstract model fits well in the context of existing scientific work in embedded systems. More precisely, we have chosen to be compatible with MARTE and SysML when aspects that relate to resource-constraints are dealt with in our model.

Abstract models of security building blocks have two essential roles: to be used in the process of developing the building blocks, and to represent an existing building block so that a system integrator is able to select and configure them for use in a system. In either case the model should be abstract enough to cover a range of applications in which the building block is appropriate for and detailed enough to enable selection via matching with the intended security requirements stated as specific properties.

The abstract model consists of six elements organised into two main components: the Security System Interface (SSI) which defines the conceptual relation of the building block to the system into which it may integrate, and the Security Building Block (SBB) which defines what is needed to either implement or select a building block for integration into a system.

Deliverable 3.2: First set of security building blocks and Simula- tion Tool Prototype

Security building blocks constitute one main element towards realising the Secfutur objectives. Security mechanisms or security solutions shall be provided in terms of security building blocks to make them available to security engineering. In the final version of this deliverable, it will contain the descriptive parts of a set of security building blocks, such that these description interface the models based on the SecFutur security meta model.

The topic of security building blocks was approached from two sides. WP3.1 has started with the model-oriented look on secuirty building blocks. In parallel, work has started with a bottom-up view from implementations towards descriptions. The current draft version of this deliverable provides a list of security building blocks that are currently available as prototypical implementations. Most of them are developments based on existing results.

One particular result is the availibility of first versions of a hardware security anchor, the trusted platform module TPM suitable for embedded devices. Most of the current security building blocks rely on this TPM version and realise more-or-less complex security solutions using the TPM. Implementations of security building blocks are first simulated in a virtualised environment using software emulators of hardware security solutions and then tested in an existing test-bed for trusted computing.



Deliverable 3.3: Final set of security building blocks and configuration tool

This report on the “Final Set of Security Building Blocks and Configuration Tool” provides the results of the SecFutur tasks T3.3 “Implementation of Security Building Blocks” and T3.4 “Configuration Model and Tool for Embedded Systems”. It advances the first results which had been presented in the second version of deliverable 3.2 “First set of security building blocks and Simulation Tool Prototype” [1], and represents the concluding results of work package 3 “Security Building Blocks”.

The main intended audience of this document are engineers who want to understand not only how Security Building Blocks help to design secure embedded systems for future applications, but also how these building blocks are modeled and how SecFutur Process Tool and Configuration Tool can help engineers without extensive security knowledge to design secure systems.

The document is structured as follows:

  • Section 1 provides a short introduction
  • Section 2 first presents an overview of all Security Building Blocks (SBBs) developed in SecFutur. Then, the most relevant SBBs for SecFutur scenarios are explained in detail.
  • Section 3 elaborates all aspects related to the modelling of SBBs, especially in combination with the SecFutur Process Tool (SPT).
  • Section 4 explains how to use the Configuration Tool developed in SecFutur.



Deliverable  4.1: SecFutur Development Process V1 and Modelling Framework

This document describes the SecFutur engineering model process defined in WP4. This process aims to support the embedded systems developer in integrating the security building blocks into the overall engineering process. In particular, the process will provide means to identify and manage security properties and requirements. The document structure is as follows: first, we will describe the state of the art of the security in systems with embedded components, then we will justify the necessity of a dedicated SecFutur process in order to improve the treatment of security in this type of systems and finally we will present the goals SecFutur aims to achieve.

Section 2 focuses in the current design approaches. More precisely, we summarize the state of the art in modeling languages for systems with embedded components; the current general design and modeling tools used; the state of the art in capturing security requirements for embedded systems and finally, the analysis of the weaknesses and strengths of the current approaches. This section acts as an introduction for the modeling languages and tools, in order to facilitate the descriptions and functionality of the next sections.

Section 3 describes the SecFutur process. It begins justifying the use of the underlying formalisms (UML) as the base language and the concepts of metamodels as the core tool for developing our own modeling framework. Next, we show a general high-level view of the engineering process for SecFutur including all processes, from the analysis of use cases to the testing of the system of embedded components. Finally, we describe the complete SecFutur process from the specification of the general model to the specification of security properties and requirements and its implementation as building blocks.

Section 4 presents and describes the SecFutur Modeling Framework. Here we introduce our four-layer model architecture with an in-depth description of each layer. We then describe the SecFutur UML life cycle, describing the whole process from the definition of domain-model specific metamodels to the use of them by the end-users in their systems. Additionally, we include an in-depth description of each element of the SecFutur Metamodel of Security Aspects and examples of Domain-Specific Metamodels.

Finally, Section 5 presents the Deliverable conclusions and future work. In this section we describe the knowledge and experience we have obtained in the development of the SecFutur Model Process and Methodology and the next steps to achieve for the V2.

Deliverable 4.2: SecFutur development process V2 and code de- velopment and tool-suite V1

Deliverable 4.2 describes the evolution of the security engineering process from the first year and the description of the tools developed for this purpose. First, it describes the previous work in Deliverable 4.1 and some of the changes performed. Following it describes the updated SecFutur security engineering process and artefacts, the general one and another one for existing systems. Next it presents the tools developed in the project for the modelling and use of the security artefacts using as example a use case of the project. The Sections have images and diagrams that aim to help readers to understand the various processes, objects, methodologies, etc.

We have added an annex with some of the figures and diagrams showed in the document in a better size in order to improve the quality and to help its explication or analysis.



Deliverable 4.3: SecFutur code development and tool-suite V2

This document presents the final versions of the security engineering process developed in WP4 within the SecFutur project. This process supports creating design artefacts (i.e., models) of a high quality, thus supporting code development. However, the evolution of those artefacts into actual code is outside the scope of this deliverable and the project.

First, Section 1 presents the final versions of the security engineering processes for the creation of security-enhanced systems composed of embedded components. Besides, this section outlines the updates of the processes compared with the previous versions presented in Deliverable 4.2. Thereafter, Section 2 presents the tool-sets developed in the project that supports the mentioned processes. We illustrate the use of these tools through the use cases provided by the industrial partners of the project. Section 3 briefly summarises the deliverable. The deliverable ends with an annex that contains the list of used figures and diagrams in a larger size and better quality than the ones showed in the deliverable.

Deliverable 5.1: Design of security evaluation framework

This document is the first in the series of Work Package 5 deliverables in the SecFutur project. WP5 targets creating a security evaluation framework capable of performing testing on embedded systems in a semi-automated manner. Some background – i.e. pre-existing work in the consortium – is available, and therefore during the design we focus on creating a framework that can be integrated with, and make use of existing features of SEARCH-LAB’s Flinder software.

As a first step we created a preliminary design of the security evaluation framework. This design takes into consideration all constraints that are practical to enforce at this point, while leaving the system as expansible as possible.

After an introduction we describe the collected requirements and evaluate some options for architectural design. We only go into detailed design up to a level of detail which is enough for creating the prototype, an initial version that can already be evaluated on the case studies at the end of the second project phase. In upcoming deliverables an iteration of specification, design and implementation will be documented based on feedback from the case studies.

The aim of this document is twofold. For one, we report the progress of work in WP5, but we also document to fellow project participants the state of design and prototyping of the evaluation framework. Thus, the targeted audience should have a basic understanding of the aims of SecFutur and embedded system security issues, but to this point no deep knowledge of embedded system design or of the other deliverables is assumed.

This document is the first in the series of Work Package 5 deliverables in the SecFutur project. WP5 targets creating a security evaluation framework capable of performing testing on embedded systems in a semi-automated manner. Some background – i.e. pre-existing work in the consortium – is available, and therefore during the design we focus on creating a framework that can be integrated with, and make use of existing features of SEARCH-LAB’s Flinder software.

As a first step we created a preliminary design of the security evaluation framework. This design takes into consideration all constraints that are practical to enforce at this point, while leaving the system as expansible as possible.

After an introduction we describe the collected requirements and evaluate some options for architectural design. We only go into detailed design up to a level of detail which is enough for creating the prototype, an initial version that can already be evaluated on the case studies at the end of the second project phase. In upcoming deliverables an iteration of specification, design and implementation will be documented based on feedback from the case studies.

The aim of this document is twofold. For one, we report the progress of work in WP5, but we also document to fellow project participants the state of design and prototyping of the evaluation framework. Thus, the targeted audience should have a basic understanding of the aims of SecFutur and embedded system security issues, but to this point no deep knowledge of embedded system design or of the other deliverables is assumed.


Deliverable 5.2: Automated security evaluation framework

This document is the second in the series of Work Package 5 deliverables in the SecFutur project. WP5 targets creating a security evaluation framework capable of performing testing on embedded systems in a semi-automated manner: test setups need to be created by an expert, including electrical connections to an Embedded Device, and then the security evaluation framework carries out test cases automatically, resulting in a test report.

In the first year of the project we created a preliminary design of the security evaluation framework. In the second project phase we continued with implementing the designed system and integrating it with our pre-existing testing frameworks.

Parallel we worked on integration of information flow analysis techniques in testing frameworks. The main task of information flow analysis was to examine the various pathways via which data may flow through a device or system in order to determine whether or not this potential information flow may pose a security threat. As part of this work we developed an approach for flow analysis using the Secure Information Flow Analyser (SIFA) tool and other Model Checking methods. Combined with a recently-developed C code to SIFA Converter (C2SIFA) it became possible to automatically trace information flow all the way through a device

The aim of this document is twofold. For one, we report the progress of work in WP5, but we also document to fellow project participants the state of design and prototyping of the evaluation framework. Thus, the targeted audience should have a good understanding of the aims of SecFutur and embedded system security issues.

In the first chapter of the document we describe the status and document the development of the security evaluation framework. The second chapter describes how the developed hardware and software drivers were integrated with the existing automation tools to form a semi-automated testing and reporting framework. The third chapter describes Information flow analysis of a selected use case of the SecFutur project, and two other use cases demonstrating the potential of our tools. Analyis of the remaining SecFutur use cases will follow in the third project phase. After a short summary of the work performed in the second project year the references are enumerated and the wiring schematics of the electrical circuits presented.



Deliverable 5.3: Test Report on show cases

This document is the third in the series of Work Package 5 deliverables in the SecFutur project. WP5 targeted three areas: (i) creating a security evaluation framework capable of performing testing on embedded systems in a semi-automated manner, (ii) enhancing information flow analysis techniques to be used in the security verification of embedded devices and (iii) connecting the SecFutur process with testing and verification in order to derive verification and test cases from the intermediate documents of the design process for the security aspects of the product.

In the first year of the project we created a preliminary design of the security evaluation framework. In the second project phase we implemented the designed system and integrated it with our pre-existing testing frameworks. The resulting testing framework – software control centre and hardware interfaces for connecting embedded hardware – was demonstrated at the second project review meeting.

Parallel we worked on integration of information flow analysis techniques in testing frameworks. The main task of information flow analysis was to examine the various pathways via which data may flow through a device or system in order to determine whether or not this potential information flow may pose a security threat. As part of this work we developed an approach for flow analysis using the Secure Information Flow Analyser (SIFA) tool and other Model Checking methods. Combined with a recently-developed C code to SIFA Converter (C2SIFA) it became possible to automatically trace information flow all the way through a device.

In the third year we continued deriving test cases from the description of the show cases and documenting all the information of their security designs using the SecFutur Security Engineering Process (defined in WP4) and of the Security Building Blocks (defined in WP3). Based on the above we performed security evaluations on the three demonstrators designed, implemented and integrated in the project (defined in WP2).

This document presents the results of the security evaluations and information flow verifications carried out in the third project year.



Deliverable 6.5: Report on publications over the lifecycle of the project and final liaison documentation

This deliverable presents the list of publications, workshop and other events done in the SecFutur project.

We present first a list of all the publications and workshops done in the three years of the project by the partners of the project. We have included links to all the publications of the project so the lector can have easy access to them.

Following we present the future plans for dissemination and exploitation of the results of the project.



Deliverable 6.9: Report on Advisory Board Activities

This deliverable covers Deliverable 6.6, Deliverable 6.7, Deliverable 6.8 and Deliverable 6.9. The general Advisory Board meetings that were planned at the beginning of the project were changed for individual meetings of each partner with different expertise groups and their feedback has been compiled in this deliverable.

Each partner has had individual meetings with different groups of advisory board that were specialized in specific topics related to the results of each one. Some of them had meetings with companies, people specialized in the domains of work of the use cases, security experts (trusted computing, security patterns, etc.), workshops where they explained the results and work developed in the project, etc.

Following we present the meetings each partner has had and the results of it.

Scientific publications:

 

Simin Nadjm-Tehrani. SecFutur: Security Engineering Process for Networked Embedded Devices. Proceedings of the 12th Biennial Baltic Electronic Conference (BEC2010), 2010, IEEE

Antonio Maña, Antonio Muñoz and Pablo Antón. In the track of the Agent Protection: A solution based on cryptographic hardware. International Conference “Mathematical Methods, Models and Architectures for Computer Network Security”, 2010

Sigrid Gürgens, Carsten Rudolph, Antonio Mana and Simin Nadjm-Tehrani. Security engineering for embedded systems – the SecFutur vision. International Workshop on Security and Dependability for Resource Constrained Embedded Systems, 2010

Simin Nadjm-Tehrani and Maria Vasilevskaya. Towards a Security Domain Model for Embedded Systems.  13th IEEE International High Assurance Systems Engineering Symposium, 2011, IEEE (poster presentation)

Antonio Maña and Jose Fran. Ruiz. A Security Modelling Framework for Systems of Embedded Components. 13th IEEE International High Assurance Systems Engineering Symposium, 2011, IEEE

Jose Fran. Ruiz, Rajesh Harjani and Antonio Maña. A Security-focused Engineering Process for Systems of Embedded Components. International Workshop on Security and Dependability for Resource Constrained Embedded Systems, 2011, ACM

Nicolai Kuntze and Carsten Rudolph. Secure digital chains of evidence. Sixth International Workshop on Systematic Approaches to Digital Forensic Engineering, 2011, IEEE

Vasily Desnitsky. Configuring embedded and mobile devices on the basis of solving an optimization problem. Proceedings of SPIIRAS. 2011

Vasily Desnitsky, Igor Kotenko and Andrey Chechulin. An abstract model for embedded systems and intruders. 19th Euromicro International Conference on Parallel, Distributed and network-based Processing, 2011, IEEE

Antonio Maña and Gimena Pujol. Verification of Security Policy of Service Oriented Systems. 16th International Conference on Distributed Multimedia Systems, 2010

Vasily Desnitsky and Andrey Chechulin. Model of the process for secure embedded systems development. High availability systems, 2011, 2


Igor Kotenko, Vasily Desnitsky and Andrey Chechulin. Investigation of technologies for secure embedded systems design in European Union project SecFutur, 2011,Information Security. Inside, 3

Vasily Desnitsky. Configuring embedded and mobile devices based on optimality problem solving. Proceedings of SPIIRAS, 2011, 4

Vasily Desnitsky, Igor Kotenko and Andrey Chechulin. Constructing and testing secure embedded systems. Selected Proceedings of XII Saint-Petersburg International Conference "Regional informatics-2010", 2011

Vasily Desnitsky and Andrey Chechulin. Models of development of secure embedded systems. High availability systems. 2011

Andre Rein. Development and Evaluation of a Trusted Mobile Ad-hoc Network. Master's thesis, April 2012.

Jose Fran. Ruiz, Vasily Desnitsky, Igor Kotenko, Antonio Maña and Andrey Chechulin. Design of telecommunication systems with embedded devices. 14th Conference "RusCrypto" on Cryptology, Steganography, Digital Signature and Security Systems, 2012

Vasily Desnitsky, Andrey Chechulin and Igor Kotenko. Configuration model for systems with embedded and mobile devices. Information security problems, 2012, 2

Maria Vasilevskaya, Linda Ariani Gunawan, Simin Nadjm-Tehrani and Peter Herrmann. Security Asset Elicitation for Collaborative Models. Model-Driven Security Workshop (MDSec) in conjunction with MoDELS. ACM Digital Library. 2012

Massimiliano Raciti and Simin Nadjm-Tehrani. Embedded Cyber-Physical Anomaly Detection in Smart Meters. In Proceedings of the 7th International Conference on Critical Information Infrastructures Security (CRITIS'12). 2012

Vasily Desnitsky and Igor Kotenko. A model for configuring protected and energy-efficient embedded systems. In Instrument Making. 55/11. 2012

Andrey Chechulin, Igor Kotenko and Vasily Desnitsky. Information flow analysis for development of secure systems with embedded devices. In High availability systems. 2012, 2

Andrey Chechulin, Igor Kotenko and Vasily Desnitsky. An Approach for Network Information Flow Analysis for Systems of Embedded Components. In Lecture Notes in Computer Science, Springer-Verlag. The Sixth International Conference "Mathematical Methods, Models and Architectures for Computer Networks Security". Springer, 2012

Vasily Desnitsky, Igor Kotenko and Andrey Chechulin. Configuration-based approach to embedded device security. In Lecture Notes in Computer Science, Springer-Verlag. The Sixth International Conference "Mathematical Methods, Models and Architectures for Computer Networks Security". Springer, 2012

Vasily Desnitsky and Igor Kotenko. Model of Configurating of Secure and Energy-Efficient Embedded Systems. In Instrument Making. 2012

Andrey Chechulin, Igor Kotenko and Vasily Desnitsky. Information flow analysis techniques for development of secure systems which includes embedded systems. In High availability systems. 2012

Andre Rein, Carsten Rudolph, Jose Fran. Ruiz and Marcos Arjona. Introducing Security Building Block Models. RISE'12, Workshop on Redefining and Integrating Security Engineering at ASE/IEEE International Conference on Cyber Security 12. 2012

Jose Fran. Ruiz, Andre Rein, Marcos Arjona, Antonio Maña, Antonie Monsifrot and Michel Morvan. Security Engineering and Modelling of Set-top Boxes. RISE'12, Workshop on Redefining and Integrating Security Engineering at ASE/IEEE International Conference on Cyber Security 12. 2012

Laurent Delosières and Simin Nadjm-Tehrani. BATMAN Store-and-Forward: the Best of the Two Worlds. 2nd International Workshop on Pervasive Networks for Emergency Management, 2012,IEEE

Jose Fran. Ruiz, Vasily Desnitsky, Rajesh Harjani, Antonio Mañna, Igor Kotenko and Andrey Chechulin. A Methodology for the Analysis and Modeling of Security Threats and Attacks for Systems of Embedded Components. 20th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing, 2012, IEEE

Carsten Rudolph. Security Engineering and Modelling of Set-top Boxes. RISE'12, Workshop on Redefining and Integrating Security Engineering at ASE/IEEE International Conference on Cyber Security 12. 2012

Antonio Maña. Towards an Integrated Security Engineering and Software Engineering Discipline: The SecFutur Approach. Third International Workshop on Information Systems Security Engineering – WISSE’13. 2013

Maria Vasilevskaya, Linda Ariani Gunawan, Simin Nadjm-Tehrani and Peter Herrman. Integrating Security Mechanisms into Embedded Systems by Domain-specific Modelling. Journal of Security and Communication Networks. 2013

Jose Fran. Ruiz, Marcos Arjona, Niklas Carstens and Antonio Maña. Secure Engineering and Modelling of a Metering Devices System. Secure Software Engineering (SecSE'13). 2013

Jose Fran. Ruiz, Marcos Arjona, Janne Paatero and Antonio Maña. Emergency Systems Modelling using a Security Engineering Process. Simultech'13. 2013

Alexander Oberle, Andre Rein, Nicolai Kuntze, Carsten Rudolph, Janne Paatero, Andrew Lunn and Peter Racz. Integrating Trust Establishment into Routing Protocols of today's MANETs. IEEE Wireless Communications and Networking Conference (WCNC 2013). 2013

Peter Racz, Andrew Lunn and Janne Paatero. A Security Extension for Ad-hoc Routing Protocols. 7th Workshop on Wireless and Mobile Ad-Hoc Networks (WMAN 2013). 2013

Nicolai Kuntze, Carsten Rudolph, Janne Paatero and Peter Racz. Establishing Trust between Nodes in Mobile Ad-Hoc Networks. 4th International Conference on Trusted Systems (InTrust 2012). 2012

Andre Rein, Carsten Rudolph and Jose Fran. Ruiz. Building Secure Systems Using a Security Engineering Process and Security Building Blocks. Zertifizierung und modellgetriebene Entwicklung sicherer Software (ZeMoSS-Workshop). 2013

Jose Fran. Ruiz, Antonio Maña, Carsten Rudolph, Janne Paatero and Marcos Arjona. A Security Engineering Process for Secure Modelling of Systems. NATO Symposium on Architecture Definition & Evaluation. 2013