Abstract
The existing modeling and verification methods for embedded software are insufficient towards the increasingly prominent security requirements. In this paper, aiming at high security requirements of embedded software, a security modeling and verification framework of embedded software based on semi-formal and formal methods is proposed. An extensible security model ZMsec (Z-MARTE security model), which extends Z with elements of MARTE (Modeling and Analysis of Real-Time and Embedded systems) and FSA (Finite State Automata), is presented to describe three dimensions of software: security usecases, static structures and dynamic behaviors. Further on, this paper designs ZMsecTL (ZMsecTemporal Logic) formulas to describe security properties, and proposes ZMCA (ZMsec Model Checking Algorithm), a security model checking algorithm on ZMsec model, to verify security properties in ZMsecTL formulas. In order to provide an intuitive state transition diagram for model checking, a depth-first ZMsecSD (ZMsecState Diagram) generation algorithm is designed. Drawing on the abstract framework, this paper develops a prototype implementation of ZMV (ZMsec Modeling and Verification tool), a tool for ZMsec integrated with modeling and verification phases. We finally discuss an embedded software example with ZMV, which illustrates and validates the security modeling and verification method proposed in this paper.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
