Secure Engineering and Modelling of a Metering Devices System

Abstract

This paper presents a security engineering process for the modelling of security-sensitive systems using a real use case of metering devices. The process provides a security framework that can be used with other existing processes (such as the agile ones). It helps to develop and model systems bearing in mind their heterogeneity, real-time and dynamic behaviors. Besides, due to the critical nature of some of these systems (nuclear, emergency systems, military, etc.) it provides tools for identifying, working and solving security threats by using the knowledge of domain experts. This is very important because threats, properties, solutions, etc. that are valid or relevant in a given domain, are not applicable to other domains and are subject to constant changes. The security requirements of the systems are fulfilled by means of domain-specific security knowledge. These artefacts contain the specific information of a domain (security properties, elements, assumptions, threats, tests, etc.). The solutions are presented as Security Patterns. Each one describes an implementation solution by using one or several Security Building Blocks (SBBs). The security engineering process presented here describes how to model a security-enhanced system model using a library of domain security knowledge. The process has been developed along with a Magic Draw plugin that covers all the possible functionalities, making the work with the models and the security elements very simple and easy for the user.