Framework for Design Exploration Using Security Risk Analysis

As the development and deployment of secure systems continue to grow at scale, there is a pressing need to evaluate these systems for vulnerabilities and other potential se- curity problems. These issues are further augmented with the ubiquitous deployment of embedded systems within the Internet of Things, smart device networks, and even with their inclusion in medical devices. However, the process of evaluating these de- signs is complicated and mainly proprietary to the group performing the evaluation. In current practice, one follows the generic risk equation of probability and impact. A system designer should also be examining the costs related to the adversary as well as to the defender of a system. Without accounting for all of these different aspects, one cannot expect to properly assess the security of a system model or design. To help address these concerns, this dissertation provides a framework by which secu- rity can be baked into the initial design of a system and can help identify areas of particular risk. Furthermore, the framework leverages the Architecture Analysis & Design Language (AADL) modeling language with a low barrier to entry for allowing broader adaption within the security community.