Security engineering methodology for embedded systems in metering

Security is one of the major challenges for the development of modern cyber-physical systems. An emerging domain for the deployment of such networked embedded systems is the energy domain with the smart grid and its heterogeneous smart metering systems. Security expert knowledge for the development of such systems is strongly required and the need has dramatically increased during the last years, especially since the German government issued a Common Criteria Protection Profile for the gateway of smart metering systems. A solution to encounter this need is the definition of security engineering methodology applicable to embedded systems in the metering domain. The developed security engineering methodology unites important key concept elements to introduce the security by design principle to smart metering systems development. Among the key concept elements are specially tailored security design patterns in combination with model-driven engineering techniques and an adapted development process with Common Criteria elements as well as a security pattern repository with respective access and transformation tools. As a proof of concept, the methodology is applied to the development of a smart meter gateway demonstrator.