TY - CHAP
T1 - A model-driven and generative approach to holistic security
AU - Gossen, Frederik
AU - Margaria, Tiziana
AU - Neubauer, Johannes
AU - Steffen, Bernhard
N1 - Publisher Copyright:
© Springer International Publishing AG, part of Springer Nature 2019.
PY - 2019
Y1 - 2019
N2 - Functional and technical cyber-resilience gain increasing relevance for the health and integrity of connected and interoperating systems. In this chapter we demonstrate the power and flexibility of extreme model-driven design to provide holistic security to security-agnostic applications. Using C-IME, our integrated modelling environment for C/C++, we show how easily a modelled application can be enhanced with hardware security features fully automatically during code generation. We illustrate how to use this approach and design environment to make any modelled application ready to securely store its data in potentially insecure environments. The same approach can be used to secure communication over potentially insecure channels. In fact, our approach does not require any changes of the application model. Rather, our integrated modelling environment provides a dedicated modelling language for code generators which resorts to a Domain Specific Language for security. It is realized as a palette of security primitives whose implementation is based on underlying hardware security technology. The code generator injects security appropriately into the models of the applications under development. We illustrate the use of this security-injecting code generator on the case study of a to-do list management application. The code generator is generic and can be used to secure the file handling of any application modelled in the C-IME.
AB - Functional and technical cyber-resilience gain increasing relevance for the health and integrity of connected and interoperating systems. In this chapter we demonstrate the power and flexibility of extreme model-driven design to provide holistic security to security-agnostic applications. Using C-IME, our integrated modelling environment for C/C++, we show how easily a modelled application can be enhanced with hardware security features fully automatically during code generation. We illustrate how to use this approach and design environment to make any modelled application ready to securely store its data in potentially insecure environments. The same approach can be used to secure communication over potentially insecure channels. In fact, our approach does not require any changes of the application model. Rather, our integrated modelling environment provides a dedicated modelling language for code generators which resorts to a Domain Specific Language for security. It is realized as a palette of security primitives whose implementation is based on underlying hardware security technology. The code generator injects security appropriately into the models of the applications under development. We illustrate the use of this security-injecting code generator on the case study of a to-do list management application. The code generator is generic and can be used to secure the file handling of any application modelled in the C-IME.
UR - http://www.scopus.com/inward/record.url?scp=85075894186&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-95597-1_6
DO - 10.1007/978-3-319-95597-1_6
M3 - Chapter
AN - SCOPUS:85075894186
T3 - Advanced Sciences and Technologies for Security Applications
SP - 123
EP - 147
BT - Advanced Sciences and Technologies for Security Applications
PB - Springer
ER -