Abstract
Systems (devices) with embedded components operate in a potentially hostile environment and have strong recourse limitations. The development of security-enhanced embedded components is a complicated task owning to different types of threats and attacks that may affect the device, and because the security in embedded devices is commonly provided as an additional feature at the final stages of the development process, or even neglected. In the paper we consider an approach to analysis of network information flows in systems containing embedded components. This approach helps to the system engineer to evaluate the embedded system from security point of view and to correct the architecture of future system on early stages of the development.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Desnitsky, V., Kotenko, I., Chechulin, A.: An Abstract Model for Embedded Systems and Intruders. In: Proceedings of the Work in Progress Session Held in Connection with the 19th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP 2011), pp. 25–26. SEA-Publications, SEA-SR-29 (2011)
Desnitsky, V., Chechulin, A.: Model of the Process for Secure Embedded Systems Development. High Availability Systems (2), 97–101 (2011) (in Russian)
Kotenko, I., Desnitsky, V., Chechulin, A.: Investigation of Technologies for Secure Embedded Systems Design in European Union Project SecFutur. Information Security Inside (3), 68–75 (2011) (in Russian)
Desnitsky, V., Kotenko, I., Chechulin, A.: Constructing and Testing Secure Embedded Systems. In: Selected Proceedings of XII Saint-Petersburg International Conference “Regional informatics-2010” (“RI-2010”), pp. 115–121. St. Petersburg (2011) (in Russian)
Rushby, J.: Noninterference, Transitivity, and Channel-control Security Policies, SRI International. Tech. Rep. CSL-92-02 (1992)
von Oheimb, D.: Information Flow Control Revisited: Noninfluence = Noninterference + Nonleakage. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 225–243. Springer, Heidelberg (2004)
Lampson, B.: A note on the confinement problem. Communications of ACM 16(10), 613–615 (1973)
Pistoia, M., Chandra, S., Fink, S., Yahav, E.: A Survey of Static Analysis Methods For Identifying Security Vulnerabilities in Software Systems. IBM Systems Journal 46(2), 265–288 (2007)
Hedin, D., Sabelfeld, A.: A Perspective on Information-Flow. Summer school Control Tools for Analysis and Verification of Software Safety and Security, Marktoberdorf, Germany (2011)
Sabelfeld, A., Myers, A.C.: Language-based Information-flow Security. IEEE Journal on Selected Areas in Communications 21(1), 5–19 (2003)
SecFutur project website, http://secfutur.eu
Ahlswede, R., Cai, N., Li, S.-Y.R., Yeung, R.W.: Network Information Flow. IEEE Transactions on Information Theory IT-46(4), 1204–1216 (2000)
Sprintson, A., El Rouayheb, S., Georghiades, C.: A New Construction Method for Networks from Matroids. In: Proceedings of the 2009 IEEE International Conference on Symposium on Information Theory (ISIT 2009), Seoul (2009)
Agaskar, A., He, T., Tong, L.: Distributed Detection of Multi-hop Information Flows with Fusion Capacity Constraints. IEEE Transactions on Signal Processing 58(6), 3373–3383 (2010)
Rae, A., Fidge, C.: Information Flow Analysis for Fail-Secure Devices. The Computer Journal 48(1), 17–26 (2005)
Cabuk, S., Brodley, C.E., Shields, C.: IP Covert Channel Detection. ACM Transactions on Information and System Security (2008)
Berk, V., Giani, A., Cybenko, G.: Detection of Covert Channel Encoding in Network Packet Delays. Technical Report TR536 (2005)
Shnayder, V.: Opportunities for Language Based Information Flow Security in Sensor Networks (2004)
Gruska, D.P.: Network Information Flow. Fundamentae Informaticae 72(1-3), 167–180 (2006)
Gruska, D.P., Maggiolo-Schettini, A.: Process Algebra for Network Communication. Fundamenta Informaticae 45(4), 359–378 (2001)
Al-Shaer, E., Hamed, H., Boutaba, R., Hasan, M.: Conflict Classification and Analysis of Distributed Firewall Policies. IEEE Journal on Selected Areas in Communications (JSAC) 23(10) (2005)
Al-Shaer, E., El-Atawy, A., Samak, T.: Automated Pseudo-live Testing of Firewall Configuration Enforcement. IEEE Journal on Selected Areas in Communications 27(3), 302–314 (2009)
Feamster, N., Balakrishnan, H.: Detecting BGP Configuration Faults with Static Analysis. NSDI (2005)
Bush, R., Griffin, T.: Integrity for virtual private routed networks. IEEE INFOCOM 2003 2, 1467–1476 (2003)
Al-Shaer, E., Marrero, W., El-Atawy, A., El-Badawi, K.: Network Configuration in A Box: Towards End-to-End Verification of Network Reachability and Security. In: 17th IEEE International Conference on Network Protocols (ICNP 2009), pp. 123–132 (2009)
Emerson, E.A.: Temporal and Modal Logic. In: Handbook of Theoretical Computer Science, ch. 16, vol. B, pp. 995–1072. MIT Press (1990)
Bryant, R.: Graph-based Algorithms for Boolean Function Manipulation. IEEE Transactions on Computers C-35(8), 677–691 (1986)
ConfigChecker, http://www.arc.cdm.depaul.edu/projects/ConfigChecker
McComb, T., Wildman, L.: User guide for SIFA v.1.0. Technical report (2006)
Baier, C., Katoen, J.-P.: Principles of Model Checking. The MIT Press (2008)
Kotenko, I., Polubelova, O.: Verification of Security Policy Filtering Rules by Model Checking. In: Proceedings of IEEE Fourth International Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS 2011), pp. 706–710 (2011)
Holzmann, G.: The Spin Model Checker Primer and Reference Manual. Addison-Wesley (2003)
McMillan, K.: The SMV System, http://www.cs.cmu.edu/_modelcheck/smv.html
Alur, R., Anand, H., Grosu, R., Ivancic, F., et al.: Mocha User Manual. Jmocha Version 2.0, http://embedded.eecs.berkeley.edu/research/mocha/doc/j-doc/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chechulin, A., Kotenko, I., Desnitsky, V. (2012). An Approach for Network Information Flow Analysis for Systems of Embedded Components. In: Kotenko, I., Skormin, V. (eds) Computer Network Security. MMM-ACNS 2012. Lecture Notes in Computer Science, vol 7531. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33704-8_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-33704-8_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33703-1
Online ISBN: 978-3-642-33704-8
eBook Packages: Computer ScienceComputer Science (R0)