SPIE 2015 Abstracts

Full Papers

Paper Nr:	1
Title:	Towards a Model-driven based Security Framework
Authors:	Rouwaida Abdallah, Nataliya Yakymets and Agnes Lanusse
Abstract:	In this paper, we propose a model-driven framework for security analysis. We present a security analysis process that begins from the design phase of the system architecture then allows performing several security analysis methods. Our approach presents mainly two advantages: First, it allows the traceability of the security analysis methods with the system architecture. Second, this framework can include several security analysis methods. Moreover it allows information reuse which is complicated when we use separate methods dedicated tools. Thus, we can have more consistent and accurate security analysis results for a system. We chose to implement two methods: A qualitative method named EBIOS which is simple and helps to identify areas of focus within the system. Then, to get more accurate results, we implement a quantitative method, the Attack trees. Attack trees can be automatically generated from the Ebios analysis phase and can be completed later on to get more specific results.
Download

Paper Nr:	2
Title:	Building a Privacy Accountable Surveillance System
Authors:	Francisco Jaime, Antonio Maña, Zhendong Ma, Christian Wagner, Daniel Hovie and Mathias Bossuet
Abstract:	This paper presents a sample surveillance use-case based on a video archive search scenario. Privacy and accountability concerns related to video surveillance systems are identified and described here, thus assessing the impact on privacy of this type of systems. Then, after a description of the scenario, we produce the design for this particular context using the SALT methodology developed by the PARIS project. This methodology follows the privacy-by-design approach and ensures that privacy and accountability concerns are properly taken into account for the system under development. This kind of development entails a series of advantages, not only from the point of view of the subject under surveillance, but also for the other system stakeholders.
Download

Paper Nr:	3
Title:	SysML-Sec - A Model Driven Approach for Designing Safe and Secure Systems
Authors:	Yves Roudier and Ludovic Apvrille
Abstract:	Security flaws are open doors to attack embedded systems and must be carefully assessed in order to determine threats to safety and security. Subsequently securing a system, that is, integrating security mechanisms into the system’s architecture can itself impact the system’s safety, for instance deadlines could be missed due to an increase in computations and communications latencies. SysML-Sec addresses these issues with a model-driven approach that promotes the collaboration between system designers and security experts at all design and development stages, e.g., requirements, attacks, partitioning, design, and validation. A central point of SysML-Sec is its partitioning stage during which safety-related and security-related functions are explored jointly and iteratively with regards to requirements and attacks. Once partitioned, the system is designed in terms of system’s functions and security mechanisms, and formally verified from both the safety and the security perspectives. Our paper illustrates the whole methodology with the evaluation of a security mechanism added to an existing automotive system.
Download

Paper Nr:	4
Title:	SALT Frameworks to Tackle Surveillance and Privacy Concerns
Authors:	Antonio Kung, Christophe Jouvray and Fanny Coudert
Abstract:	This paper elaborates on the need to take into account the different views of the stakeholders involved in the development of surveillance systems and civil society, during the design process. It first provides an overview on privacy-by-design approaches. It then identifies three principles essential to integrate privacy concerns into the design of surveillance systems. It consequently proposes a design process based on social-contextual, ethical, legal and technical frameworks (SALT) and the challenges for its creation and use. It finally provides a specification of a resulting SALT framework management tool based on modelling techniques.
Download

Paper Nr:	5
Title:	Model-based Security Analysis and Applications to Security Economics
Authors:	Jan Jürjens and Amir Shayan Ahmadian
Abstract:	In this invited presentation, we give an overview on a soundly based approach to Secure Software Engineering based on the UML extension UMLsec. More specifically, one main current focus is the automated, formally based analysis of software artefacts against security requirements. This is motivated by the observation that the current state of security engineering in practice is far from satisfactory. The goal is thus to start with the actual industrial engineering methods of security-critical software-based systems, to identify problems which are practically amenable to tool-supported, formally sound analysis methods, and to try to solve these problems using these methods. An important objective is to ensure that these analysis methods can actually be used in practice by keeping the additional overhead in using them bounded: First, they take as input artefacts which are already available in current industrial software development (such as UML models and program source code) and do not have to be constructed just to perform the analysis. Second, the tools should be reasonably easy to use and have a strong emphasis on automation. We also present results from some recent work on applying model-based security analysis to the analysis of economic aspects of securing critical infrastructures.