Automated design, verification and testing of secure systems with embedded devices based on elicitation of expert knowledge

Abstract

The rising significance and widening of embedded systems stipulate the importance of the security means against a great deal of computer security threats. Such systems involving a diversity of an-hoc embedded and mobile electronic devices functioning with the use of a broadband Internet access and even cloud technologies, are referenced conventionally as Internet of Things systems (IoT). Due to specificity of IoT systems the application of the combined security mechanisms requires their efficient energy and computing resource consumption, identification of potential conflicts and incompatibilities, control of information flows, monitoring anomalies of data in the system and other issues. At that an increased design complexity of IoT systems is determined by a low structuring and formalization of security knowledge in the field. We proposed an approach to identification of embedded security expert knowledge for its subsequent use in automated design, verification and testing tools for secure IoT systems. The paper encompasses the core elements of the proposed technique, namely security component configuring, revelation of implicit conflicts, verification of network information flows and abnormal data from sensors. The domain specific analysis of the field of embedded security is described. We also present the revealed expert knowledge used for configuration, verification and testing of embedded devices. Issues of software implementation and discussion are covered.