Paper Info
Title
A formal model and risk assessment method for security-critical real-time embedded systems.
Abstract
Risk assessment at the early stage of software development can effectively reduce potential security flaws in the software, thus reduce the cost of testing and maintenance. However, there are very few standardized risk assessment methods toward the design models of security-critical RTESs (real-time embedded systems). This paper defines a formal model called OMR (Object-Message-Role) using Z notation for the security-critical RTESs. Comparing with the existing models for RTESs, OMR is able to specify both the functional and security aspects of the system as an integrated model, which directly provides the input for risk assessment. A risk assessment method RAMES (risk assessment method for embedded systems) based on OMR is then proposed. RAMES is complianced with the risk management process standardized by ISO 31000. To perform the risk analysis in RAMES, an algorithm RAOMR is designed based on the analysis of the message flows and security constraints in OMR. The illustration of a case study shows that RAMES is able to evaluate the risk level of the system model, and locate the high-risky objects and messages.
Year
DOI
Venue
2016
10.1016/j.cose.2016.01.005
Computers & Security
Keywords
Field
DocType
Risk assessment,Security,Real-time embedded systems,Formal method,Z notation
Z notation,Computer security,Risk analysis (business),Computer science,Risk assessment,ISO 31000,Risk management,Formal methods,System model,Software development,Embedded system
Journal
Volume
Issue
ISSN
58
C
0167-4048
Citations 
PageRank 
References 
2
0.41
22
Authors
4
Name
Order
Citations
PageRank
Siru Ni1492.87
Yi Zhuang2325.08
Jingjing Gu3170.96
Ying Huo4483.19