Security Engineering for Lifelong Evolvable Systems

Case study scenarios

The project will use the following scenarios provided by the industrial partners to gather requirements and later validate the project results.

1. Portable Objects Proved to be Safe

Stakeholders: Mobile operators, governments and citizens

Scenario: In the telecom scenario SIMs are enhanced after their issuance. The user wants always more and more new services and features on his SIM so that renewal has become a key part of every mobile operator's strategy. The difficulty is that such must be secure.

Software development of digital identity cards starts from generic specifications (e.g. ICAO, IAS) that could evolve in time. The generic platform is developed, secured, tested, verified, etc. Then each government sets its requirements which could be restrictions or extensions, both supposed to respect the main original security properties. The product development process cycle is a long spiral where security requirements could be re-checked, updated, etc.

Business impact: For the telecom scenario, the business impact is mainly the deployment of such solutions that guarantee a high level of security for the operators and for their clients.

A major impact in the e-passports software market is the potential shortening of time-to-market of the product while still accounting for security certifications.


2. Digital homes

Stakeholders: Telecom operators and digital home service providers and clients

Scenario: The core of digital home services is the residential gateway, which contains the client-side software needed to deliver and manage the whole set of digital home services. It has a high cost and its replacement can be very expensive for the service provider. Thus, its design must ensure they are and will continue being secure and dependable during the whole life time of the service.

The case study will be focused on the security and dependability properties of the software installed on the home gateway and on the service provider platform and it will deal with threats that can exploit development bugs or design errors to affect its integrity or its proper working. E. g.:

  • Malicious code execution
  • Malicious actions related  to service management
  • Denial of services

Other threats such as physical attacks will not be considered.

Business impact: The potential of digital home services is limitless: data, voice, multimedia, demotic services, etc. However, this potential can be quickly broken or misused unless appropriate security and dependability levels are provided because these new possibilities open many security risks.


3. Air traffic management

Stakeholders: Air Traffic Service Providers, Flight Regulation Authorities

Scenario: The Control Work Position (CWP) is the device used by the air traffic controller The CWP is a long lasting device that must be able to accommodate for changes in the controlled process, such as improved aircraft performances, to host new controller supporting tools, and be compatible with possible new control procedures and rules applied by the controllers. For example, CWPs should be able to face new and unexpected security problems that may arise from the evolution (e.g. possible intrusions to identify aircraft positions facilitated by the new procedures).

Air traffic management

Business impact: ATM is a domain where security problems may have significant implications. The security of data about aircraft position and the robustness against un-intentional or malicious data corruption are key elements to guarantee efficient, safe and reliable air traffic services and to keep the confidence of the general public on air transportation.