Modeling the trade-off between security and performance to support the product life cycle
Identifikátory výsledku
Kód výsledku v IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26220%2F19%3APU133373" target="_blank" >RIV/00216305:26220/19:PU133373 - isvavai.cz</a>
Výsledek na webu
<a href="https://ieeexplore.ieee.org/document/8760043" target="_blank" >https://ieeexplore.ieee.org/document/8760043</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1109/MECO.2019.8760043" target="_blank" >10.1109/MECO.2019.8760043</a>
Alternativní jazyky
Jazyk výsledku
angličtina
Název v původním jazyce
Modeling the trade-off between security and performance to support the product life cycle
Popis výsledku v původním jazyce
Nowadays, the development of products for modern cyber-physical systems consists of many stages defined by the product life cycle (PLC). However, many manufacturers are not paying full attention - if any at all - to each PLC stage. This, among others, is causing growth of development costs. Therefore, the first stage of PLC becomes crucial. Moreover, a significant part of the development costs might be saved via testing the required parameters in this early stage, e.g., via modeling tools, simulation tools or emulators. Considering among others the current cyber-warfare and everyday growing number of threats, security is becoming one of the most critical topics in PLC. However, the security aspects come with significant trade-offs with performance. This paper focuses on methodology for dealing with these trade-offs via simulation in the early stage of PLC, where basic requirements are settled. To establish security requirements, an extensive Secure Software Development Life Cycle catalog is used together with an advanced modeling framework TTool based on UML/SysML-Sec for performance trade-off analysis. This combination creates a powerful approach for establishing the balance between security and performance requirements. As an example, a particular security requirement is selected. Namely, confidentiality, fulfilled by the encryption algorithm AES. This introduces the methodology and approach to the co-engineering issue in the PLC stages, where two different development teams with also different goals (security, performance) are dealing together with the single combined issue. Our results should help to understand the importance of the early PLC stage and show one possible approach on how to deal with these issues.
Název v anglickém jazyce
Modeling the trade-off between security and performance to support the product life cycle
Popis výsledku anglicky
Nowadays, the development of products for modern cyber-physical systems consists of many stages defined by the product life cycle (PLC). However, many manufacturers are not paying full attention - if any at all - to each PLC stage. This, among others, is causing growth of development costs. Therefore, the first stage of PLC becomes crucial. Moreover, a significant part of the development costs might be saved via testing the required parameters in this early stage, e.g., via modeling tools, simulation tools or emulators. Considering among others the current cyber-warfare and everyday growing number of threats, security is becoming one of the most critical topics in PLC. However, the security aspects come with significant trade-offs with performance. This paper focuses on methodology for dealing with these trade-offs via simulation in the early stage of PLC, where basic requirements are settled. To establish security requirements, an extensive Secure Software Development Life Cycle catalog is used together with an advanced modeling framework TTool based on UML/SysML-Sec for performance trade-off analysis. This combination creates a powerful approach for establishing the balance between security and performance requirements. As an example, a particular security requirement is selected. Namely, confidentiality, fulfilled by the encryption algorithm AES. This introduces the methodology and approach to the co-engineering issue in the PLC stages, where two different development teams with also different goals (security, performance) are dealing together with the single combined issue. Our results should help to understand the importance of the early PLC stage and show one possible approach on how to deal with these issues.
Klasifikace
Druh
D - Stať ve sborníku
CEP obor
—
OECD FORD obor
10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Návaznosti výsledku
Projekt
<a href="/cs/project/LO1401" target="_blank" >LO1401: Interdisciplinární výzkum bezdrátových technologií</a><br>
Návaznosti
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach
Ostatní
Rok uplatnění
2019
Kód důvěrnosti údajů
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Údaje specifické pro druh výsledku
Název statě ve sborníku
2019 8th Mediterranean Conference on Embedded Computing (MECO)
ISBN
978-1-7281-1740-9
ISSN
—
e-ISSN
—
Počet stran výsledku
6
Strana od-do
92-97
Název nakladatele
Neuveden
Místo vydání
Neuveden
Místo konání akce
Budva
Datum konání akce
10. 6. 2019
Typ akce podle státní příslušnosti
WRD - Celosvětová akce
Kód UT WoS článku
000492146100031