SysML models and model transformation for security

Abstract

The security flaws of embedded systems have become very valuable targets for cyber criminals. SysML-Sec has been introduced to target the security of these systems during their development stages. However, assessing resistance to attacks during these stages requires efficiently capturing the system's behavior and formally proving security properties from those behaviors. This paper thus proposes (i) novel SysML block and state machine diagrams enhanced to better capture security features, and (ii) a model-to-Proverif transformation. ProVerif is a toolkit first released for the formal analysis of security protocol, but it can be used more generally to assess confidentiality and authenticity properties. This paper demonstrates the soundness of our approach using a complex asymmetric key distribution protocol.