SlideShare a Scribd company logo

Wsanacip tampres cluster meeting

F
fcleary
TechnologyBusiness
1 of 23
Download to read offline
Assessment Models to Improve the Usability of Security in Wireless Sensor Networks Steffen Peter IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011 - All rights reserved
Outline • Introduction WSAN4CIP, TAMPRES • Motivation • Model-based security assessment approach • Example for practical security model IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
WSAN4CIP • Protection of critical infrastructures • Potential threats – Natural disasters (floods, earthquake) – Terrorism, Vandalism, Crime (stealing Iron) • Providing monitoring capabilities for large scale infrastructure requires: – Low cost devices – No additional infrastructure – Robust, self-configuring systems – integration in SCADA infrastructures • WSNs protecting CIP become part of the CIP – need to be protected –Development and integration of mechanisms to protect the WSN IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
WSAN4CIP demonstration sides (1) IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
WSAN4CIP demonstration sides (2) Briesen (Mark) Rosengarten Jacobsdorf • Drinking water distribution network – Monitoring of a 20km pipeline in Germany – Reporting of operating state, alarm conditions and access control. –Integration in existing infrastructures • Nodes are exposed to physical attacks IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
TAMPRES • Development of novel protection means to ensure tamper resistance and improve trustworthiness for severely contrained devices • Enhancing the security of the Future Internet by improving the resistance of its weakest link, i.e. wireless sensor nodes against physical attacks • Highly technical project with the goal to implement a tamper resistant sensor node with cryptographic accelerators and side-channel resistance IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
General Problem • Gap between application level (users) and technological level (developers) • Complex trade-offs on technological level often not understood on application level • Particularly true for Wireless Sensor Networks –Energy, Memory , Security, Cost – Trade-offs –No one-fits-all solution IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
Overview: Model-based System Security Assessment Understood by Application Requirements users C1: Collecting of (soft) user security requirements and transforming them to the (hard) model that allows assessment Security- and C3: Does the system satisfies the requirements? Assessment Models Need for adequate models Inferring properties of the composed system Based on meta-information of the basis components System = composition of basis component (Automatic) selection of basis components Technological basis components services, and C2: Describing individual (security-) properties protocols with of the components as meta-information complex trade-offs IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
C1: Collection and Mapping of User Requirements • Full specification of the application mission –Relevant phenomena –Selection of sensors –Expected lifetime and reliability • Hide technical details –Users typically cannot express their security needs • Language easy to use for users – central catalogue – specific catalogues for specific domains IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
Two-Step Requirement Definition Process Transformation of requirements - Application type (health care, home, industrial) Attacker model and capabilities - Required security attributes (concealment, integrity, robustness) - Parameters IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
C2: Describing attributes components and system • Definition of a (Meta-) component model – Hardware and software components – Protocols, services • Security properties as part of the meta information of the components –Provided by the developers (they know what their components are doing) –Have to be observed by independent experts • Has to support composable security –sec (comp. A + comp. B) = f(sec(comp A), sec(comp B)) IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
Component Meta-Model IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
C3: Definition of Security Models • Should be able to decide whether a system is secure for the given requirements • Inputs are: –Technical requirements –Properties of the system • Output: –List of conflicts IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
Currently implemented Model Approach • Define requirements, environmental information, security properties, attacker properties as properties in one large graph –Connected via relations (formulas) defining how properties depend on and define each other • Security is expressed as views on specific aspects –System is secure is the attribute is free of conflicts on context of requirements, • Starting point is a holistic security model –Successive refinement to assess the aspects IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
Holistic Security Model (Ontology) IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
Focused Views on the Ontology System properties can be derived Attacker model and capabilities from the properties of the can be derived from the user requirements, used components and the application context IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
Example for an Attack-centric Security Model • Based on Attack Trees – A system is secure if all attacks: 1. can be prevented (property of the system), or 2. Do not apply (property of the system requirements) System Security propagation …Attacks… …Attacks… Require- ments/ System Attacker Properties modell IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
General Architecture IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
Envisioned WSN Design Process IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
Example for a Component Selection Tool: configKit -Selection of hardware -Selection of required functions -Definition of security properties -Each change of inputs immediately updates the result Fast and easy refinement process -Proposed software configuration -Including prediction of footprint IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
Example for a Component Selection Tool -Selection of hardware -Selection of required functions -Definition of security properties -Each change of inputs immediately updates the result Fast and easy refinement process -Proposed software configuration -Including prediction of footprint IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
Conclusions • Assessment models can help to validate the fulfillment of user requirements for a given system Proposed approach shows the general feasibility • Challenges remain: -How to elicit the requirements from the user and to transform them to objective properties -Find models for a-priori reasoning of security-related behavior and conflicts -How to describe properties of components so that they support composition of security IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
Thank You Questions? Web: www.wsan4cip.eu www.tampres.eu peter@ihp-microelectronics.com IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved

Recommended

Brochure triconex emergency_shutdownsystemssolutions_03-10
Brochure triconex emergency_shutdownsystemssolutions_03-10Brochure triconex emergency_shutdownsystemssolutions_03-10
Brochure triconex emergency_shutdownsystemssolutions_03-10
Risman BizNet
 
Connectivity challenges APC Europe by Alan Weber
Connectivity challenges APC Europe by Alan WeberConnectivity challenges APC Europe by Alan Weber
Connectivity challenges APC Europe by Alan Weber
Kimberly Daich
 
1 es introduction
1 es introduction1 es introduction
1 es introduction
chethana hs
 
Getting the most from the gem standard
Getting the most from the gem standardGetting the most from the gem standard
Getting the most from the gem standard
Kimberly Daich
 
Cybersecurity Applied to Embedded Systems, Fundamentals of Embedded Systems a...
Cybersecurity Applied to Embedded Systems, Fundamentals of Embedded Systems a...Cybersecurity Applied to Embedded Systems, Fundamentals of Embedded Systems a...
Cybersecurity Applied to Embedded Systems, Fundamentals of Embedded Systems a...
Tonex
 
Security technologies
Security technologiesSecurity technologies
Security technologies
Dhani Ahmad
 
3 Telecom+Network Part2
3 Telecom+Network Part23 Telecom+Network Part2
3 Telecom+Network Part2
Alfred Ouyang
 
A1 Octagram 1 4
A1 Octagram 1 4A1 Octagram 1 4
A1 Octagram 1 4
NikTat
 

Recommended

Brochure triconex emergency_shutdownsystemssolutions_03-10
Brochure triconex emergency_shutdownsystemssolutions_03-10Brochure triconex emergency_shutdownsystemssolutions_03-10
Brochure triconex emergency_shutdownsystemssolutions_03-10
Risman BizNet
 
Connectivity challenges APC Europe by Alan Weber
Connectivity challenges APC Europe by Alan WeberConnectivity challenges APC Europe by Alan Weber
Connectivity challenges APC Europe by Alan Weber
Kimberly Daich
 
1 es introduction
1 es introduction1 es introduction
1 es introduction
chethana hs
 
Getting the most from the gem standard
Getting the most from the gem standardGetting the most from the gem standard
Getting the most from the gem standard
Kimberly Daich
 
Cybersecurity Applied to Embedded Systems, Fundamentals of Embedded Systems a...
Cybersecurity Applied to Embedded Systems, Fundamentals of Embedded Systems a...Cybersecurity Applied to Embedded Systems, Fundamentals of Embedded Systems a...
Cybersecurity Applied to Embedded Systems, Fundamentals of Embedded Systems a...
Tonex
 
Security technologies
Security technologiesSecurity technologies
Security technologies
Dhani Ahmad
 
3 Telecom+Network Part2
3 Telecom+Network Part23 Telecom+Network Part2
3 Telecom+Network Part2
Alfred Ouyang
 
A1 Octagram 1 4
A1 Octagram 1 4A1 Octagram 1 4
A1 Octagram 1 4
NikTat
 
Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security
Malachi Jones
 
Evolution of protective systems in petro chem
Evolution of protective systems in petro chemEvolution of protective systems in petro chem
Evolution of protective systems in petro chem
Glen Alleman
 
Iec61508 guide
Iec61508 guideIec61508 guide
Iec61508 guide
ronnyalex2013
 
Principles and risk assessment of managing distributed ontologies hosted by e...
Principles and risk assessment of managing distributed ontologies hosted by e...Principles and risk assessment of managing distributed ontologies hosted by e...
Principles and risk assessment of managing distributed ontologies hosted by e...
FAST-Lab. Factory Automation Systems and Technologies Laboratory, Tampere University of Technology
 
It 443 lecture 1
It 443 lecture 1It 443 lecture 1
It 443 lecture 1
elisha25
 
DSDConference07
DSDConference07DSDConference07
DSDConference07
Adam Taylor CEng FIET
 
Demilitarized network to secure the data stored in industrial networks
Demilitarized network to secure the data stored in industrial networks Demilitarized network to secure the data stored in industrial networks
Demilitarized network to secure the data stored in industrial networks
IJECEIAES
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
amiable_indian
 
Security Risk Management- moeshesh
Security Risk Management- moesheshSecurity Risk Management- moeshesh
Security Risk Management- moeshesh
Mohamed Shishtawy
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models
7wounders
 
VigilantPlant | excellence in Safety & Availability
VigilantPlant | excellence in Safety & AvailabilityVigilantPlant | excellence in Safety & Availability
VigilantPlant | excellence in Safety & Availability
Yokogawa
 
CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013
Ian Sommerville
 
safety_critical_applications_and_customer_concerns
safety_critical_applications_and_customer_concernssafety_critical_applications_and_customer_concerns
safety_critical_applications_and_customer_concerns
Rufino Olay III
 
Embedded operating systems
Embedded operating systemsEmbedded operating systems
Embedded operating systems
Dinuka Wijesinghe
 
Enea OSE Datasheet
Enea OSE DatasheetEnea OSE Datasheet
Enea OSE Datasheet
Enea Software AB
 
Embedded os
Embedded osEmbedded os
Embedded os
chian417
 
Embedded Systems Portfolio: Guarantor of Technogenic Safety
Embedded Systems Portfolio: Guarantor of Technogenic Safety Embedded Systems Portfolio: Guarantor of Technogenic Safety
Embedded Systems Portfolio: Guarantor of Technogenic Safety
Edgewood Services
 
Introduction to Embedded Systems
Introduction to Embedded SystemsIntroduction to Embedded Systems
Introduction to Embedded Systems
Mohamed Tarek
 
Introduction to embedded systems
Introduction to embedded systemsIntroduction to embedded systems
Introduction to embedded systems
Amr Ali (ISTQB CTAL Full, CSM, ITIL Foundation)
 
Effectsplus july event report
Effectsplus july event report Effectsplus july event report
Effectsplus july event report
fcleary
 
Engineering for Connected Patients in the IoT Era
Engineering for Connected Patients in the IoT EraEngineering for Connected Patients in the IoT Era
Engineering for Connected Patients in the IoT Era
MongoDB
 
Comifin cluster meeting
Comifin cluster meetingComifin cluster meeting
Comifin cluster meeting
fcleary
 

More Related Content

What's hot

Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security
Malachi Jones
 
It 443 lecture 1
It 443 lecture 1It 443 lecture 1
It 443 lecture 1
elisha25
 
Demilitarized network to secure the data stored in industrial networks
Demilitarized network to secure the data stored in industrial networks Demilitarized network to secure the data stored in industrial networks
Demilitarized network to secure the data stored in industrial networks
IJECEIAES
 
Security Risk Management- moeshesh
Security Risk Management- moesheshSecurity Risk Management- moeshesh
Security Risk Management- moeshesh
Mohamed Shishtawy
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models
7wounders
 
CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013
Ian Sommerville
 
safety_critical_applications_and_customer_concerns
safety_critical_applications_and_customer_concernssafety_critical_applications_and_customer_concerns
safety_critical_applications_and_customer_concerns
Rufino Olay III
 
Embedded os
Embedded osEmbedded os
Embedded os
chian417
 

What's hot (19)

Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security
 
Evolution of protective systems in petro chem
Evolution of protective systems in petro chemEvolution of protective systems in petro chem
Evolution of protective systems in petro chem
 
Iec61508 guide
Iec61508 guideIec61508 guide
Iec61508 guide
 
Principles and risk assessment of managing distributed ontologies hosted by e...
Principles and risk assessment of managing distributed ontologies hosted by e...Principles and risk assessment of managing distributed ontologies hosted by e...
Principles and risk assessment of managing distributed ontologies hosted by e...
 
It 443 lecture 1
It 443 lecture 1It 443 lecture 1
It 443 lecture 1
 
DSDConference07
DSDConference07DSDConference07
DSDConference07
 
Demilitarized network to secure the data stored in industrial networks
Demilitarized network to secure the data stored in industrial networks Demilitarized network to secure the data stored in industrial networks
Demilitarized network to secure the data stored in industrial networks
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
 
Security Risk Management- moeshesh
Security Risk Management- moesheshSecurity Risk Management- moeshesh
Security Risk Management- moeshesh
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models
 
VigilantPlant | excellence in Safety & Availability
VigilantPlant | excellence in Safety & AvailabilityVigilantPlant | excellence in Safety & Availability
VigilantPlant | excellence in Safety & Availability
 
CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013
 
safety_critical_applications_and_customer_concerns
safety_critical_applications_and_customer_concernssafety_critical_applications_and_customer_concerns
safety_critical_applications_and_customer_concerns
 
Embedded operating systems
Embedded operating systemsEmbedded operating systems
Embedded operating systems
 
Enea OSE Datasheet
Enea OSE DatasheetEnea OSE Datasheet
Enea OSE Datasheet
 
Embedded os
Embedded osEmbedded os
Embedded os
 
Embedded Systems Portfolio: Guarantor of Technogenic Safety
Embedded Systems Portfolio: Guarantor of Technogenic Safety Embedded Systems Portfolio: Guarantor of Technogenic Safety
Embedded Systems Portfolio: Guarantor of Technogenic Safety
 
Introduction to Embedded Systems
Introduction to Embedded SystemsIntroduction to Embedded Systems
Introduction to Embedded Systems
 
Introduction to embedded systems
Introduction to embedded systemsIntroduction to embedded systems
Introduction to embedded systems
 

Viewers also liked

Effectsplus july event report
Effectsplus july event report Effectsplus july event report
Effectsplus july event report
fcleary
 
Comifin cluster meeting
Comifin cluster meetingComifin cluster meeting
Comifin cluster meeting
fcleary
 
Nessos cluster meeting
Nessos cluster meetingNessos cluster meeting
Nessos cluster meeting
fcleary
 
Bic effectplus ws
Bic effectplus wsBic effectplus ws
Bic effectplus ws
fcleary
 
Assert4soa 2nd cluster meeting
Assert4soa 2nd cluster meetingAssert4soa 2nd cluster meeting
Assert4soa 2nd cluster meeting
fcleary
 
DeMolay Conclave Opening
DeMolay Conclave Opening DeMolay Conclave Opening
DeMolay Conclave Opening
Regan Bright
 
NOTAS DEFINITIVAS HIDRAULICA APLICADA 1-2013
NOTAS DEFINITIVAS HIDRAULICA APLICADA 1-2013NOTAS DEFINITIVAS HIDRAULICA APLICADA 1-2013
NOTAS DEFINITIVAS HIDRAULICA APLICADA 1-2013
eduardopulidosanchez
 
Viking vi cisi
Viking vi cisiViking vi cisi
Viking vi cisi
fcleary
 
T&s roadmap slides ams
T&s roadmap slides amsT&s roadmap slides ams
T&s roadmap slides ams
fcleary
 
U trustit_cluster meeting
U trustit_cluster meetingU trustit_cluster meeting
U trustit_cluster meeting
fcleary
 
Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1
fcleary
 

Viewers also liked (20)

Effectsplus july event report
Effectsplus july event report Effectsplus july event report
Effectsplus july event report
 
Engineering for Connected Patients in the IoT Era
Engineering for Connected Patients in the IoT EraEngineering for Connected Patients in the IoT Era
Engineering for Connected Patients in the IoT Era
 
Comifin cluster meeting
Comifin cluster meetingComifin cluster meeting
Comifin cluster meeting
 
Parcial power point herram web 2.0 25 jul
Parcial power point herram web 2.0 25 jul Parcial power point herram web 2.0 25 jul
Parcial power point herram web 2.0 25 jul
 
Nessos cluster meeting
Nessos cluster meetingNessos cluster meeting
Nessos cluster meeting
 
HIPS Brochure
HIPS BrochureHIPS Brochure
HIPS Brochure
 
Bic effectplus ws
Bic effectplus wsBic effectplus ws
Bic effectplus ws
 
The french language
The french languageThe french language
The french language
 
Assert4soa 2nd cluster meeting
Assert4soa 2nd cluster meetingAssert4soa 2nd cluster meeting
Assert4soa 2nd cluster meeting
 
DeMolay Conclave Opening
DeMolay Conclave Opening DeMolay Conclave Opening
DeMolay Conclave Opening
 
Funcion renal
Funcion renalFuncion renal
Funcion renal
 
Yehyounewest2
Yehyounewest2Yehyounewest2
Yehyounewest2
 
NOTAS DEFINITIVAS HIDRAULICA APLICADA 1-2013
NOTAS DEFINITIVAS HIDRAULICA APLICADA 1-2013NOTAS DEFINITIVAS HIDRAULICA APLICADA 1-2013
NOTAS DEFINITIVAS HIDRAULICA APLICADA 1-2013
 
Viking vi cisi
Viking vi cisiViking vi cisi
Viking vi cisi
 
T&s roadmap slides ams
T&s roadmap slides amsT&s roadmap slides ams
T&s roadmap slides ams
 
U trustit_cluster meeting
U trustit_cluster meetingU trustit_cluster meeting
U trustit_cluster meeting
 
The super 6
The super 6The super 6
The super 6
 
Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1
 
Data Modelling and Knowledge Engineering for the Internet of Things
Data Modelling and Knowledge Engineering for the Internet of ThingsData Modelling and Knowledge Engineering for the Internet of Things
Data Modelling and Knowledge Engineering for the Internet of Things
 
Internet of Things- Research Directions
Internet of Things- Research DirectionsInternet of Things- Research Directions
Internet of Things- Research Directions
 

Similar to Wsanacip tampres cluster meeting

Foxboro Evo DCS - Εκδήλωση Explore Innovation - Αθήνα, Ιούνιος 2016
Foxboro Evo DCS - Εκδήλωση Explore Innovation - Αθήνα, Ιούνιος 2016Foxboro Evo DCS - Εκδήλωση Explore Innovation - Αθήνα, Ιούνιος 2016
Foxboro Evo DCS - Εκδήλωση Explore Innovation - Αθήνα, Ιούνιος 2016
Schneider Electric
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82
majolic
 
Applying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysApplying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter Gateways
Marcel Winandy
 
Secure Embedded Systems
Secure Embedded SystemsSecure Embedded Systems
Secure Embedded Systems
Informatik-Forum Stuttgart e.V.
 
A Behavior-based Approach to Secure and Resilient Industrial Control Systems
A Behavior-based Approach to Secure and Resilient Industrial Control SystemsA Behavior-based Approach to Secure and Resilient Industrial Control Systems
A Behavior-based Approach to Secure and Resilient Industrial Control Systems
Förderverein Technische Fakultät
 
Automotive communication systems: from dependability to security
Automotive communication systems: from dependability to securityAutomotive communication systems: from dependability to security
Automotive communication systems: from dependability to security
RealTime-at-Work (RTaW)
 

Similar to Wsanacip tampres cluster meeting (20)

Industrial networks safety & security - e+h june 2018 ben murphy
Industrial networks safety & security - e+h june 2018 ben murphyIndustrial networks safety & security - e+h june 2018 ben murphy
Industrial networks safety & security - e+h june 2018 ben murphy
 
IEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkIEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel Talk
 
Ensuring your plant is secure
Ensuring your plant is secureEnsuring your plant is secure
Ensuring your plant is secure
 
10. industrial networks safety and security tom hammond
10. industrial networks safety and security tom hammond10. industrial networks safety and security tom hammond
10. industrial networks safety and security tom hammond
 
Foxboro Evo DCS - Εκδήλωση Explore Innovation - Αθήνα, Ιούνιος 2016
Foxboro Evo DCS - Εκδήλωση Explore Innovation - Αθήνα, Ιούνιος 2016Foxboro Evo DCS - Εκδήλωση Explore Innovation - Αθήνα, Ιούνιος 2016
Foxboro Evo DCS - Εκδήλωση Explore Innovation - Αθήνα, Ιούνιος 2016
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82
 
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
 
Smarter Manufacturing through Equipment Data-Driven Application Design
Smarter Manufacturing through Equipment Data-Driven Application DesignSmarter Manufacturing through Equipment Data-Driven Application Design
Smarter Manufacturing through Equipment Data-Driven Application Design
 
btech embedded systems ppt ES UNIT-1.pptx
btech embedded systems ppt ES UNIT-1.pptxbtech embedded systems ppt ES UNIT-1.pptx
btech embedded systems ppt ES UNIT-1.pptx
 
Applying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysApplying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter Gateways
 
Reference Architecture for Electric Energy OT.pdf
Reference Architecture for Electric Energy OT.pdfReference Architecture for Electric Energy OT.pdf
Reference Architecture for Electric Energy OT.pdf
 
ICS case studies v2
ICS case studies v2ICS case studies v2
ICS case studies v2
 
IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security
 
Secure Embedded Systems
Secure Embedded SystemsSecure Embedded Systems
Secure Embedded Systems
 
Security testing in critical systems
Security testing in critical systemsSecurity testing in critical systems
Security testing in critical systems
 
Chapter 01
Chapter 01Chapter 01
Chapter 01
 
A Behavior-based Approach to Secure and Resilient Industrial Control Systems
A Behavior-based Approach to Secure and Resilient Industrial Control SystemsA Behavior-based Approach to Secure and Resilient Industrial Control Systems
A Behavior-based Approach to Secure and Resilient Industrial Control Systems
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+Design
 
Automotive communication systems: from dependability to security
Automotive communication systems: from dependability to securityAutomotive communication systems: from dependability to security
Automotive communication systems: from dependability to security
 
Automotive communication systems: from dependability to security
Automotive communication systems: from dependability to securityAutomotive communication systems: from dependability to security
Automotive communication systems: from dependability to security
 

More from fcleary

Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meeting
fcleary
 
Vis sense cluster meeting
Vis sense cluster meetingVis sense cluster meeting
Vis sense cluster meeting
fcleary
 
Endorse cluster meeting
Endorse cluster meetingEndorse cluster meeting
Endorse cluster meeting
fcleary
 
Posecco cluster meeting
Posecco cluster meetingPosecco cluster meeting
Posecco cluster meeting
fcleary
 
Assert4soa cluster meeting
Assert4soa cluster meetingAssert4soa cluster meeting
Assert4soa cluster meeting
fcleary
 
Nessos securechange cluster meeting
Nessos securechange cluster meetingNessos securechange cluster meeting
Nessos securechange cluster meeting
fcleary
 
Massif cluster meeting
Massif cluster meetingMassif cluster meeting
Massif cluster meeting
fcleary
 
VIKING cluster meeting 1
VIKING cluster meeting 1VIKING cluster meeting 1
VIKING cluster meeting 1
fcleary
 
Models Workshop Objectives
Models Workshop ObjectivesModels Workshop Objectives
Models Workshop Objectives
fcleary
 
Massif road mapping_20110704
Massif road mapping_20110704Massif road mapping_20110704
Massif road mapping_20110704
fcleary
 
Workshop summary software assurance and trust
Workshop summary software assurance and trustWorkshop summary software assurance and trust
Workshop summary software assurance and trust
fcleary
 
Aniketos 2nd cluster meeting
Aniketos 2nd cluster meetingAniketos 2nd cluster meeting
Aniketos 2nd cluster meeting
fcleary
 
Posecco clustering meeting
Posecco clustering meetingPosecco clustering meeting
Posecco clustering meeting
fcleary
 
Amsterdam logistics fcleary
Amsterdam logistics fclearyAmsterdam logistics fcleary
Amsterdam logistics fcleary
fcleary
 

More from fcleary (17)

Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meeting
 
Vis sense cluster meeting
Vis sense cluster meetingVis sense cluster meeting
Vis sense cluster meeting
 
Endorse cluster meeting
Endorse cluster meetingEndorse cluster meeting
Endorse cluster meeting
 
Posecco cluster meeting
Posecco cluster meetingPosecco cluster meeting
Posecco cluster meeting
 
Assert4soa cluster meeting
Assert4soa cluster meetingAssert4soa cluster meeting
Assert4soa cluster meeting
 
Nessos securechange cluster meeting
Nessos securechange cluster meetingNessos securechange cluster meeting
Nessos securechange cluster meeting
 
Massif cluster meeting
Massif cluster meetingMassif cluster meeting
Massif cluster meeting
 
VIKING cluster meeting 1
VIKING cluster meeting 1VIKING cluster meeting 1
VIKING cluster meeting 1
 
Models Workshop Objectives
Models Workshop ObjectivesModels Workshop Objectives
Models Workshop Objectives
 
Massif road mapping_20110704
Massif road mapping_20110704Massif road mapping_20110704
Massif road mapping_20110704
 
Syssec
SyssecSyssec
Syssec
 
Nessos
NessosNessos
Nessos
 
Tdl
TdlTdl
Tdl
 
Workshop summary software assurance and trust
Workshop summary software assurance and trustWorkshop summary software assurance and trust
Workshop summary software assurance and trust
 
Aniketos 2nd cluster meeting
Aniketos 2nd cluster meetingAniketos 2nd cluster meeting
Aniketos 2nd cluster meeting
 
Posecco clustering meeting
Posecco clustering meetingPosecco clustering meeting
Posecco clustering meeting
 
Amsterdam logistics fcleary
Amsterdam logistics fclearyAmsterdam logistics fcleary
Amsterdam logistics fcleary
 

Recently uploaded

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 

Recently uploaded (20)

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Wsanacip tampres cluster meeting

  • 1. Assessment Models to Improve the Usability of Security in Wireless Sensor Networks Steffen Peter IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011 - All rights reserved
  • 2. Outline • Introduction WSAN4CIP, TAMPRES • Motivation • Model-based security assessment approach • Example for practical security model IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  • 3. WSAN4CIP • Protection of critical infrastructures • Potential threats – Natural disasters (floods, earthquake) – Terrorism, Vandalism, Crime (stealing Iron) • Providing monitoring capabilities for large scale infrastructure requires: – Low cost devices – No additional infrastructure – Robust, self-configuring systems – integration in SCADA infrastructures • WSNs protecting CIP become part of the CIP – need to be protected –Development and integration of mechanisms to protect the WSN IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  • 4. WSAN4CIP demonstration sides (1) IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  • 5. WSAN4CIP demonstration sides (2) Briesen (Mark) Rosengarten Jacobsdorf • Drinking water distribution network – Monitoring of a 20km pipeline in Germany – Reporting of operating state, alarm conditions and access control. –Integration in existing infrastructures • Nodes are exposed to physical attacks IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  • 6. TAMPRES • Development of novel protection means to ensure tamper resistance and improve trustworthiness for severely contrained devices • Enhancing the security of the Future Internet by improving the resistance of its weakest link, i.e. wireless sensor nodes against physical attacks • Highly technical project with the goal to implement a tamper resistant sensor node with cryptographic accelerators and side-channel resistance IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  • 7. General Problem • Gap between application level (users) and technological level (developers) • Complex trade-offs on technological level often not understood on application level • Particularly true for Wireless Sensor Networks –Energy, Memory , Security, Cost – Trade-offs –No one-fits-all solution IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  • 8. Overview: Model-based System Security Assessment Understood by Application Requirements users C1: Collecting of (soft) user security requirements and transforming them to the (hard) model that allows assessment Security- and C3: Does the system satisfies the requirements? Assessment Models Need for adequate models Inferring properties of the composed system Based on meta-information of the basis components System = composition of basis component (Automatic) selection of basis components Technological basis components services, and C2: Describing individual (security-) properties protocols with of the components as meta-information complex trade-offs IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  • 9. C1: Collection and Mapping of User Requirements • Full specification of the application mission –Relevant phenomena –Selection of sensors –Expected lifetime and reliability • Hide technical details –Users typically cannot express their security needs • Language easy to use for users – central catalogue – specific catalogues for specific domains IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  • 10. Two-Step Requirement Definition Process Transformation of requirements - Application type (health care, home, industrial) Attacker model and capabilities - Required security attributes (concealment, integrity, robustness) - Parameters IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  • 11. C2: Describing attributes components and system • Definition of a (Meta-) component model – Hardware and software components – Protocols, services • Security properties as part of the meta information of the components –Provided by the developers (they know what their components are doing) –Have to be observed by independent experts • Has to support composable security –sec (comp. A + comp. B) = f(sec(comp A), sec(comp B)) IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  • 12. Component Meta-Model IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  • 13. C3: Definition of Security Models • Should be able to decide whether a system is secure for the given requirements • Inputs are: –Technical requirements –Properties of the system • Output: –List of conflicts IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  • 14. Currently implemented Model Approach • Define requirements, environmental information, security properties, attacker properties as properties in one large graph –Connected via relations (formulas) defining how properties depend on and define each other • Security is expressed as views on specific aspects –System is secure is the attribute is free of conflicts on context of requirements, • Starting point is a holistic security model –Successive refinement to assess the aspects IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  • 15. Holistic Security Model (Ontology) IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  • 16. Focused Views on the Ontology System properties can be derived Attacker model and capabilities from the properties of the can be derived from the user requirements, used components and the application context IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  • 17. Example for an Attack-centric Security Model • Based on Attack Trees – A system is secure if all attacks: 1. can be prevented (property of the system), or 2. Do not apply (property of the system requirements) System Security propagation …Attacks… …Attacks… Require- ments/ System Attacker Properties modell IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  • 18. General Architecture IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  • 19. Envisioned WSN Design Process IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  • 20. Example for a Component Selection Tool: configKit -Selection of hardware -Selection of required functions -Definition of security properties -Each change of inputs immediately updates the result Fast and easy refinement process -Proposed software configuration -Including prediction of footprint IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  • 21. Example for a Component Selection Tool -Selection of hardware -Selection of required functions -Definition of security properties -Each change of inputs immediately updates the result Fast and easy refinement process -Proposed software configuration -Including prediction of footprint IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  • 22. Conclusions • Assessment models can help to validate the fulfillment of user requirements for a given system Proposed approach shows the general feasibility • Challenges remain: -How to elicit the requirements from the user and to transform them to objective properties -Find models for a-priori reasoning of security-related behavior and conflicts -How to describe properties of components so that they support composition of security IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  • 23. Thank You Questions? Web: www.wsan4cip.eu www.tampres.eu peter@ihp-microelectronics.com IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved