Using AADL to Assess Architectural Concerns for Cyber
We describe how we apply the SAE AS 5506 Architecture and Analysis Design
Language (AADL)  to reason about
contextual and architectural concerns for cyber security. A system’s cyber
security certification requires verification that the system’s cyber security
mechanisms are correct, non-bypassable, and tamper-resistant. We can verify
correctness by examining the mechanism itself, but verifying the other qualities
requires us to examine the context in which that mechanism resides.
Understanding that context and validating the system’s evolving design against
that context is an objective for the Architecture Centric Virtual Integration
Process (ACVIP), an AADL-based approach to model and detect system design
defects before they become too costly to fix. We describe our work to apply AADL
to assess non-bypassability and tamper-resistance. The results of our research -
tool plugins for cyber security architectural validation - support system
developers today in their ACVIP activities.