Publication


Formal Security Analysis of Electronic Software Distribution Systems

The 27th International Conference on Computer Safety, Reliability and Security (SAFECOMP 2008)


Author(s): Monika Maidl, David von Oheimb, Peter Hartmann, Richard Robinson
Year: 2008
Publisher: Springer LNCS
Editors: Michael Harrison and Mark-Alexander Sujan
Keywords:loadable software, infrastructure, information issurance, safety, system architecture, software engineering, safety, security, certification, formal methods
Abstract: Software distribution to target devices like factory controllers, medical instruments, vehicles or airplanes is increasingly performed electronically over insecure networks. Such software often implements vital functionality, and so the software distribution process can be highly critical, both from the safety and the security perspective. In this paper, we introduce a novel software distribution system architecture with a generic core component, such that the overall software transport from the supplier to the target device is an interaction of several instances of this core component communicating over insecure networks. The main advantage of this architecture is reduction of development and certification costs. The second contribution of this paper describes the validation and verification of the proposed system. We use a mix of formal methods, more precisely the AVISPA tool, and the Common Criteria (CC) methodology, to achieve high confidence in the security of the software distribution system at moderate costs.


Copyright © 2008 Boeing, Siemens, and FH Landshut
Preprint
Slides

BibTeX entry:

@inproceedings{SAFECOMP08-Siemens-FHLandshut-Boeing, author = {Monika Maidl and Oheimb, David von and Peter Hartmann and Richard Robinson}, title = {Formal Security Analysis of Electronic Software Distribution Systems}, booktitle = {Proc. of the 27th International Conference on Computer Safety, Reliability and Security (SAFECOMP)}, editor = {Michael Harrison and Mark-Alexander Sujan}, publisher = {Springer}, series = {LNCS}, volume = 5219, pages = {415--428}, year = 2008, note = {\url{http://ddvo.net/papers/SAFECOMP08.html}}, abstract = { Software distribution to target devices like factory controllers, medical instruments, vehicles or airplanes is increasingly performed electronically over insecure networks. Such software often implements vital functionality, and so the software distribution process can be highly critical, both from the safety and the security perspective. In this paper, we introduce a novel software distribution system architecture with a generic core component, such that the overall software transport from the supplier to the target device is an interaction of several instances of this core component communicating over insecure networks. The main advantage of this architecture is reduction of development and certification costs. The second contribution of this paper describes the validation and verification of the proposed system. We use a mix of formal methods, more precisely the AVISPA tool, and the Common Criteria (CC) methodology, to achieve high confidence in the security of the software distribution system at moderate costs. } }