Skip to Main Content
Critical embedded systems - e.g., automotive systems - are now commonly distributed, thus exposing their communication links to attackers. The design of those systems shall therefore handle new security threats whilst maintaining a high level of safety. To address that issue, the paper introduces a SysML-based environment named AVATAR. AVATAR can capture both safety and security related elements in the same SysML model. TTool , an open-source UML toolkit, provides AVATAR editing capabilities, and offers a press-button approach for property proof. Indeed, after having modeled an abstract representation of the system and given a description of the safety and security properties, the designer may formally and directly verify those properties with the well established UPPAAL and ProVerif toolkits, respectively. The applicability of our approach is highlighted with a realistic embedded automotive system taken from an ongoing joint project of academia and industry called EVITA .