Adequate support for embedded system developers to make informed security design decisions in the development process of embedded systems. As embedded systems will be more-and-more interconnected and become parts of the different ICT networks, higher security for embedded systems also means increased trust in embedded areas of Future Internet technology.
The envisioned security engineering process will support the exploration of the security design space with respect to particular security requirements of embedded systems, based on characteristics and restrictions of available hardware and software. Users will be supported in realizing trustworthiness of a system throughout its life cycle by creation of meaningful and contextual interactions, tailor-made to the embedded services through the SecFutur development process and tools. This also has to include increased support for fulfillment of legal requirements e.g. for calibration and gauging of measurement devices.
Embedded systems development in most cases cannot rely on expensive taylor-made hardware and software in order to achieve high security. Therefore, a security engineering process needs to enable efficientclient development of secure embedded systems on the basis of existing hardware and software.
This will be achieved by providing security building blocks for embedded systems, each implementing a specific complex non-functional property using proven ecient methods. A similar approach was already used in the FP7 project SERENITY for secure and dependable AmI systems.
Security always needs to be seen relative to particular security requirements. Therefore, it is essential to provide application-driven security engineering of embedded systems.
In order to aim at the application view of security, security engineering process will consider all stages of the development of embedded systems, and will demonstrate how application-specific requirements are captured by combinations of security building blocks at different phases of the development process.
Security engineering can only be useful if applying the process indeed significantly increases the security and thus the overall quality of future designed embedded systems.
This will be achieved by exact specification of security requirements and then using validated or verified security building blocks made available through the security engineering process. Furthermore, the engineering itself needs to be complemented by tools for security validation and testing.