Identification and verification of security relevant functions in embedded systems based on source code annotations and assertions

Authors:
Johannes Loinig;Christian Steger;Reinhold Weiss;Ernst Haselsteiner
Affiliations:
Institute for Technical Informatics, Graz University of Technology, Graz, Austria;Institute for Technical Informatics, Graz University of Technology, Graz, Austria;Institute for Technical Informatics, Graz University of Technology, Graz, Austria;NXP Semiconductors Austria GmbH, Gratkorn, Austria
Venue:
WISTP'10 Proceedings of the 4th IFIP WG 11.2 international conference on Information Security Theory and Practices: security and Privacy of Pervasive Systems and Smart Devices
Year:
2010

Citing 8
Cited 0

DESIGN: How .NET's Custom Attributes Affect Design

IEEE Software
Domain-Specific Codesign for Embedded Security

Computer
Smart Card Handbook

Smart Card Handbook
Security as a new dimension in embedded system design

Proceedings of the 41st annual Design Automation Conference
Static Analysis for Security

IEEE Security and Privacy
Automatic detection of fault attack and countermeasures

WESS '09 Proceedings of the 4th Workshop on Embedded Systems Security
A comparative analysis of common threats, vulnerabilities, attacks and countermeasures within smart card and wireless sensor network node technologies

WISTP'07 Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systems
Designing security requirements models through planning

CAiSE'06 Proceedings of the 18th international conference on Advanced Information Systems Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

Most modern embedded systems include an operating system. Not all functions in the operating systems have to fulfill the same security requirements. In this work we propose a mechanism to identify and maintain functions that have to meet strict security needs. This mechanism is based on annotations representing security constrains and assertions to check these security annotations during the verification phase of the system under development.