Managing Timing Implications of Security Aspects in Model-Driven Development of Real-Time Embedded Systems

Considering security as an afterthought and addingsecurity aspects to a system late in the development processhas now been realized to be an inefficient and bad approach tosecurity. The trend is to bring security considerations as earlyas possible in the design of systems. This is especially criticalin certain domains such as real-time embedded systems. Due todifferent constraints and resource limitations that these systemshave, the costs and implications of security features should becarefully evaluated in order to find appropriate ones whichrespect the constraints of the system. Model-Driven Development(MDD) and Component-Based Development (CBD) are twosoftware engineering disciplines which help to cope with theincreasing complexity of real-time embedded systems. WhileCBD enables the reuse of functionality and analysis results bybuilding systems out of already existing components, MDD helpsto increase the abstraction level, perform analysis at earlierphases of development, and also promotes automatic codegeneration. By using these approaches and including securityaspects in the design models, it becomes possible to considersecurity from early phases of development and also identifythe implications of security features. Timing issues are one ofthe most important factors for successful design of real-timeembedded systems. In this paper, we provide an approach usingMDD and CBD methods to make it easier for system designersto include security aspects in the design of systems and identifyand manage their timing implications and costs. Among differentsecurity mechanisms to satisfy security requirements, our focusin this paper is mainly on using encryption and decryptionalgorithms and consideration of their timing costs to designsecure systems.