Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Towards Automated Security Hardening Using Timed Path Conditions in Shared Bus Systems

  • Conference paper
  • First Online:
Leveraging Applications of Formal Methods, Verification and Validation. Software Engineering Methodologies (ISoLA 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 15222))

Included in the following conference series:

  • 105 Accesses

Abstract

Traditionally, many embedded systems are considered to be safety-critical, as they are used in cars, airplanes, or power plants. As embedded systems are more and more connected to the internet, they are becoming increasingly security-critical as well. At the same time, many applications, including in-vehicle networks, internally use shared bus systems that connect many components with varying security levels. While this provides very efficient means for internal communication, it also comes with the risk that confidential information is leaked to components that communicate over the internet and thus might be the target of malicious attacks, or that such components gain access to safety-critical functionality. In this paper, we present initial ideas on how to use timed path conditions for automatic security hardening with regards to violations of information flow security, i.e. confidentiality or integrity of information, in shared bus systems. We propose to enrich ordinary path conditions, obtained from an information flow analysis, with timing information. Then, we use these conditions to find and automatically correct timing errors that may result in illegal information flow. To illustrate our approach, we conduct this method on an example system where concurrently executed components communicate over a time-shared bus, modeled in the system level description language SystemC.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Bensalem, S., Peled, D.A., Qu, H., Tripakis, S.: Automatic generation of path conditions for concurrent timed systems. Theor. Comput. Sci. 404(3), 275–292 (2008). https://doi.org/10.1016/J.TCS.2008.03.012

    Article  MathSciNet  Google Scholar 

  2. Goguen, J.A., Meseguer, J.: Security policies and security models. In: 1982 IEEE Symposium on Security and Privacy, Oakland, CA, USA, 26–28 April 1982, pp. 11–20. IEEE Computer Society (1982).https://doi.org/10.1109/SP.1982.10014

  3. Goli, M., Drechsler, R.: ATLaS: automatic detection of timing-based information leakage flows for systemC HLS designs. In: ASPDAC 2021: 26th Asia and South Pacific Design Automation Conference, Tokyo, Japan, 18–21 January 2021, pp. 67–72. ACM (2021). https://doi.org/10.1145/3394885.3431591

  4. Goli, M., Drechsler, R.: VIP-VP: early validation of SoCs information flow policies using systemC-based virtual prototypes. In: 24th Forum on specification & Design Languages, FDL 2021, Antibes, France, 8–10 September 2021, pp. 1–8. IEEE (2021). https://doi.org/10.1109/FDL53530.2021.9568377

  5. Horwitz, S., Reps, T.W., Binkley, D.W.: Interprocedural slicing using dependence graphs. ACM Trans. Program. Lang. Syst. 12(1), 26–60 (1990)

    Article  Google Scholar 

  6. Hsieh, C.S., Unger, E.A., Mata-Toledo, R.A.: Using program dependence graphs for information flow control. J. Syst. Softw. 17(3), 227–232 (1992)

    Article  Google Scholar 

  7. IEEE Standards Association: IEEE Std. 1666–2011, Open SystemC Language Reference Manual. IEEE Press (2011)

    Google Scholar 

  8. Jürjens, J.: Automated security hardening for evolving UML models. In: Taylor, R.N., Gall, H.C., Medvidovic, N. (eds.) Proceedings of the 33rd International Conference on Software Engineering, ICSE 2011, Waikiki, Honolulu , HI, USA, 21–28 May 2011, pp. 986–988. ACM (2011). https://doi.org/10.1145/1985793.1985968

  9. Kim, W.S., Kim, H.A., Ahn, J.H., Moon, B.: System-level development and verification of the flexray communication controller model based on systemC. In: 2008 Second International Conference on Future Generation Communication and Networking, vol. 2, pp. 124–127. IEEE (2008). https://doi.org/10.1109/FGCN.2008.149

  10. King, J.C.: Symbolic execution and program testing. Commun. ACM 19(7), 385–394 (1976)

    Article  MathSciNet  Google Scholar 

  11. Krinke, J.: Context-sensitive slicing of concurrent programs. In: Paakki, J., Inverardi, P. (eds.) Proceedings of the 11th ACM SIGSOFT Symposium on Foundations of Software Engineering 2003 held jointly with 9th European Software Engineering Conference, ESEC/FSE 2003, Helsinki, Finland, 1–5 September 2003, pp. 178–187. ACM (2003)

    Google Scholar 

  12. Lochbihler, A., Snelting, G.: On temporal path conditions in dependence graphs. Autom. Softw. Eng. 16(2), 263–290 (2009). https://doi.org/10.1007/S10515-009-0050-3

    Article  Google Scholar 

  13. Mantel, H., Starostin, A.: Transforming out timing leaks, more or less. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015, Part I. LNCS, vol. 9326, pp. 447–467. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24174-6_23

    Chapter  Google Scholar 

  14. Mantel, H., Sudbrock, H.: Types vs. PDGs in information flow analysis. In: Albert, E. (ed.) LOPSTR 2012. LNCS, vol. 7844, pp. 106–121. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38197-3_8

    Chapter  Google Scholar 

  15. Mikulcak, M., Herber, P., Göthel, T., Glesner, S.: Information flow analysis of combined simulink/stateflow models. In: Sliman, L., Rodriguez, I.B., Yoshida, K. (eds.) 27th IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises, WETICE 2018, Paris, France, 27–29 June 2018, pp. 223–228. IEEE Computer Society (2018)

    Google Scholar 

  16. Nguyen-Tuong, A., Guarnieri, S., Greene, D., Shirley, J., Evans, D.: Automatically hardening web applications using precise tainting. In: Sasaki, R., Qing, S., Okamoto, E., Yoshiura, H. (eds.) SEC 2005. IAICT, vol. 181, pp. 295–307. Springer, Boston (2005). https://doi.org/10.1007/0-387-25660-1_20

    Chapter  Google Scholar 

  17. Pieper, P., Herdt, V., Große, D., Drechsler, R.: Dynamic information flow tracking for embedded binaries using systemC-based virtual prototypes. In: 57th ACM/IEEE Design Automation Conference, DAC 2020, San Francisco, CA, USA, 20–24 July 2020, pp. 1–6. IEEE (2020). https://doi.org/10.1109/DAC18072.2020.9218494

  18. Snelting, G.: Combining slicing and constraint solving for validation of measurement software. In: Cousot, R., Schmidt, D.A. (eds.) SAS 1996. LNCS, vol. 1145, pp. 332–348. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-61739-6_51

    Chapter  Google Scholar 

  19. Süßkraut, M.: Automatic hardening against dependability and security software bugs. Ph.D. thesis, Dresden University of Technology (2010). https://nbn-resolving.org/urn:nbn:de:bsz:14-qucosa-38342

  20. Volpano, D., Irvine, C., Smith, G.: A sound type system for secure flow analysis. J. Comput. Secur. 4(2–3), 167–187 (1996)

    Article  Google Scholar 

  21. Wang, S., Zhang, Z., Kadobayashi, Y.: Exploring attack graph for cost-benefit security hardening: a probabilistic approach. Comput. Secur. 32, 158–169 (2013). https://doi.org/10.1016/J.COSE.2012.09.013

  22. Weiser, M.D.: Program slicing. IEEE Trans. Software Eng. 10(4), 352–357 (1984)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, University of Münster, Einsteinstr. 62, 48149, Münster, Germany

    Jonas Becker-Kupczok & Paula Herber

Authors
  1. Jonas Becker-Kupczok
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Paula Herber
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jonas Becker-Kupczok .

Editor information

Editors and Affiliations

  1. University of Limerick, CSIS and Lero, Limerick, Ireland

    Tiziana Margaria

  2. TU Dortmund University, Dortmund, Germany

    Bernhard Steffen

Rights and permissions

Reprints and permissions

Copyright information

© 2025 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Becker-Kupczok, J., Herber, P. (2025). Towards Automated Security Hardening Using Timed Path Conditions in Shared Bus Systems. In: Margaria, T., Steffen, B. (eds) Leveraging Applications of Formal Methods, Verification and Validation. Software Engineering Methodologies. ISoLA 2024. Lecture Notes in Computer Science, vol 15222. Springer, Cham. https://doi.org/10.1007/978-3-031-75387-9_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-75387-9_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-75386-2

  • Online ISBN: 978-3-031-75387-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation