The Fuzzy Integrated Evaluation of Embedded System Security

Abstract

Today, the embedded systems field is growing rapidly, ranging from low-end systems such as cellular phones, PDAs, smart cards to high-end systems such as gateways, firewalls, storage servers, and web server. Security of embedded system becomes a paramount issue in embedded system design. Compared to an embedded system's functionality and other design metric (e.g., area, performance, power), security is currently specified by system architects in a vague and imprecise manner. This paper proposes a fuzzy integrated security evaluation method based on man-computer combined data collection and fuzzy expert evaluation in Delphi method. The method could reduce the subjectivity of expert evaluation and alleviate the difficulty of data collection and makes possible a better combination of qualitative and quantitative evaluations. Firstly, the hierarchy structure model of embedded system security is constructed. Secondly, according to data collected and the evaluation comment of each expert, the subjection degree matrix is constructed. Finally, a new concept of ldquodegree of assurancerdquo is presented for the quantificational evaluation of embedded system security. In this paper a study of a wireless biometric authentication device is also shown. The case illustrates that the method can be easily used and its results conform to the actual situation.