Emergency Systems Modelling using a Security Engineering Process

Jose Fran. Ruiz, Antonio Maña, Marcos Arjona, Janne Paatero

Abstract

The engineering and development of complex security-sensitive systems is becoming increasingly difficult due to the need to address aspects like heterogeneity (of application domains, requirements, regulations, solutions, etc.), dynamism and runtime adaptation necessities, and the high demands for security and privacy of the users and agencies involved in scenarios where these systems work (natural disasters, accidents, terrorism, etc.). Moreover, security knowledge is highly domain-dependent and dynamic. These characteristics make the development of those systems hard because the amount of security knowledge required to dealing with such a huge variety of situations, which becomes way too large for a human. We propose in this paper a security-oriented engineering process that is especially useful for these systems. It makes security fit naturally in the systems by interleaving security into the initial architecture and system description. In particular, the proposed process provides means to identify and manage security properties in a consistent and intuitive manner. To illustrate our experience we use a real-world emergency response scenario. More concretely, we focus on the establishment of a secure ad-hoc wireless mesh communication, which is a key component in the domain of spontaneous broadband communication among crisis management vehicles.

References

  1. Basin, D., Doser, J., and Lodderstedt, T. (2003). Model driven security for process-oriented systems. In SACMAT 7803: Proceedings of the eighth ACM symposium on Access control models and technologies. ACM Press.
  2. Castro, J., Kolp, M., and Mylopoulos, J. (2001). A requirements-driven development methodology. In Proc. of the 13th Int. Conf. On Advanced Information Systems Engineering (CAiSE).
  3. Dimitrakos, T., Ritchie, B., Raptis, D., and Stølen, K. (2002). Model based security risk analysis for web applications: the coras approach. In Proceedings of the 2002 international conference on EuroWeb.
  4. Grawrock, D. (2009). Dynamics of a Trusted Platform: A Building Block Approach. Intel Press (2009).
  5. Jose Fran. Ruiz, R. H. and Man˜a, A. (2011). A securityfocused engineering process for systems of embedded components. SD4RCES 2011.
  6. Jürjens, J. (2001). Towards development of secure systems using umlsec.
  7. Mouratidis, H., Giorgini, P., and Manson, G. (2003). Integrating security and systems engineering: Towards the modelling of secure information systems. In Proceedings of the 15th Conference On Advanced Information Systems Engineering (CAiSE). Springer-Verlag.
  8. NoMagic (1995). Magicdraw uml tool.
  9. Pearson, S. (2002). Trusted computing platforms, the next security solution. Technical report, Trusted Systems Lab, HP Laboratories.
  10. Peter Herrmann, G. H. (2006). Security-oriented refinement of business processes. springer-verlag. Electronic Commerce Research Journal, 6.
  11. SecFutur Consortium (2010). Design of secure and energyefficient embedded systems for future internet applications (secfutur), ist-25668. fp7.
Download


Paper Citation


in Harvard Style

Ruiz J., Maña A., Arjona M. and Paatero J. (2013). Emergency Systems Modelling using a Security Engineering Process . In Proceedings of the 3rd International Conference on Simulation and Modeling Methodologies, Technologies and Applications - Volume 1: SIMULTECH, ISBN 978-989-8565-69-3, pages 117-124. DOI: 10.5220/0004480201170124


in Bibtex Style

@conference{simultech13,
author={Jose Fran. Ruiz and Antonio Maña and Marcos Arjona and Janne Paatero},
title={Emergency Systems Modelling using a Security Engineering Process},
booktitle={Proceedings of the 3rd International Conference on Simulation and Modeling Methodologies, Technologies and Applications - Volume 1: SIMULTECH,},
year={2013},
pages={117-124},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004480201170124},
isbn={978-989-8565-69-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Conference on Simulation and Modeling Methodologies, Technologies and Applications - Volume 1: SIMULTECH,
TI - Emergency Systems Modelling using a Security Engineering Process
SN - 978-989-8565-69-3
AU - Ruiz J.
AU - Maña A.
AU - Arjona M.
AU - Paatero J.
PY - 2013
SP - 117
EP - 124
DO - 10.5220/0004480201170124