On Generating Security Implementations from Models of Embedded Systems

Abstract

Designing secure embedded systems is a challenging task. Many of the challenges unique to embedded systems in this regard are due to the constraints that these systems have and thus impacts that security features will have on other properties of the system. Therefore, security decisions should be considered from early phases of development and together with other requirements. In model-driven methods, this means including security features in the design models. On the other hand, code generation from models is one of the promises of model-driven approaches. In this paper, by discussing the impacts of security design decisions on timing properties, we present the idea of automatic security code generation. We identify what issues a model for an embedded system should be able to answer and cover so that the security implementations that are later generated from it, will be consistent with the timing constraints and specifications of the system.