• No results found

Web-based Modules for Cyberphysical Systems Security

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Web-based Modules for Cyberphysical Systems Security"

Copied!
24
0
0

Loading.... (view fulltext now)

Download now ( 24 Page )

Full text

(1)

Janusz Zalewski, Florida Gulf Coast University Nary Subramanian, University of Texas at Tyler

Andew Kornecki, Embry-Riddle Aeronautical University Bogdan Czejdo, Fayetteville State University

Fernando Gonzalez, Florida Gulf Coast University Dawid Trawczynski, Advanced Micro Devices

Web-based Modules for

(2)

Talk Outline

Introduction

Security Curriculum Development

Security Modules Development

Cybersecurity Concentration Program

Conclusion and Future Work

(3)

Introduction

Project Objective:

Develop a systematic approach to cyberphysical systems security curriculum.

Systematic approach is based on:

- global view of security as a system property - strict definitions of security terms

- distinction between theory, experiments and simulations.

(4)

Introduction

A cyberphysical system is an embedded computer system with Internet connectivity.

Plant Disturbances Command signal Controlled (measured) variable Network User interface Database Controller comm GUI D B M C

(5)

Introduction

A cyberphysical system is an embedded computer system with Internet connectivity.

Security violations can be viewed as disturbances to the operation and functioning of its interfaces.

Its security surface has four major interfaces:

- Process Interface - User Interface

- Database Interface - Network Interface.

(6)

Security Curriculum Development

T. Stapko, Practical Embedded Security, 2008

 Computer Security: Inroduction and Review

 Network Comm. Protocols and Built-in Security  Security Protocols and Algorithms

 Data Protection Protocols for Embedded Systems  Embedded Security and Wireless

 Application Layer and Client/Server Protocols

 Crypto. Algorithms for resource-Constrained Systems  Hardware-based Security

 Misc. Security Issues and Future of Emb. Syst. Security  Case Studies (PIC and Rabbot)

(7)

Security Curriculum Development

C.H. Gebotys, Security in Embed. Syst., 2010

 Where Security Began

 Intro to Secure Embedded Systems  The Key and Using Keys

 Elliptic Curve Protocols

 Symmertic Key Protocols Including Cyphers  Data Integrity and Message Authentication  Side Channel Attacks on Embedded Systems  Countermeasures

 Reliable Testable Secre Systems

(8)

Security Curriculum Development

D. & M. Kleidermacher

Embedded Systems Security, 2012

 Intro to Embedded Systems Security  Systems Software Considerations

 Secure Embedded Software Development

 Data Protection Protocols for Embedded Systems  Emerging Applications

(9)

The approach is based on the following criteria:

 Systematic view of security

 Contents of professional books available  Practical timeframe limitations

The following topic groups have been selected:

 General education modules:

Intro to Computer Security; Elements of Cryptography

 Security of specific technologies:

FPGA Security; RFID Security; SCADA Security

 Software aspects of security:

Java Security; Threat Modeling.

(10)

Security Modules Development

Pedagogy Consistent with ABET Requiements:

 Learning Outcomes  Learning Objectives  Learning Activities

 Assessment of Progress

Each Module is structured as follows:

 Module Objectives  Module Introduction  Student Activities:

Suggested Readings & Hands-on Exercise

(11)

Security Modules

 Module #1 General Introduction to Computer Security

 Definition of security as a system property

security. In computing, the degree to which information is protected from unauthorized access, given that authorized access is not denied.

 Relationship between security, safety, reliability, dependability.  Major question

What are the vulnerabilities of a computer (including computer network) and how to prevent the attackers from exploiting them?

(12)

Security Modules

Module #2 Introduction to Cryptography

 Major question

What are the principles of encrypting information, so only designated parties could read it?

 Principles and major

algorithms of encryption: AES, RSA, and others

(13)

Security Modules

Module #3 Embedded Systems Security

 Major question: What is specific about embedded

systems that makes them different regarding security?

 Specific aspects: - Confidentiality of a User Interface - Integrity of sensors and actuators - Availability of the database interface

(14)

Security Modules

Module #4 FPGA Security

 Major question: What are the typical vulnerabilities of

FPGA circuits?

 Specific aspects:

(chances that circuit can be compromised)

- Design

- Manufacturing - Assembly

(15)

Security Modules

Module #5 RFID Security

 Major question: What are the typical vulnerabilities of

RFID systems?  Specific aspects: - Spoofing Identity - Data Tempering - Repudiation - Info Disclosure - Denial of Service - Elevation of Privilege

(16)

Security Modules

Module #6 SCADA Security

 Major aspect: Typical Vulnerabilities.  Specific aspects: - Spoofing - Encryption attacks - Signature attacks - Protocol attacks - Replay of messages - Data tempering - Eavesdropping.

(17)

Security Modules

Module #7Java Security

 Major question: How to secure Java applications so

that messages sent between Java programs cannot be compromised?  Some solutions: - Use SSL - Data Encryption - Authentication - Authorization.

(18)

Security Modules

Module #8 Threat Modeling

 Major question: How to capture vulnerabilities for

embedded system security analysis using modeling?

 Typical approach: - Understand the Adversary’s View - Create a Model - Determine and Investigate Threats - Mitigate Threats - Validate Mitigations

(19)

Cybersecurity Concentration

 State of Florida is eager to become the Cyber State:

http://www.usf.edu/pdfs/final-cybersecurity-report.pdf

 FGCU has submitted a grant proposal to the State to

establish a Cybersecurity Concentration:

 Students may complete the first 2 years at the State College and the next 2 years at FGCU

 Two concentration paths can be pursued at FGCU: - Software Engineering, or

- Computer Information Systems

(20)

Concentration in Cybersecurity includes:

Cyber Security I and II

Secure Software Development

Information Assurance

Cryptography and Data Security

Senior Design in Software Security

All in the context of the Software Engineering

program.

Courtesy Dr. Dahai Guo, FGCU

(21)

Other highlights:

The curriculum includes certifications

Resources for students to pursue

certifications

Support for faculty to pursue certifications

The concentration can prepare students for

entering graduate schools.

Courtesy Dr. Dahai Guo, FGCU

(22)

Conclusion and Future Work

Eight modules developed

Availability via the web:

http://satnet.fgcu.edu/CEN3213/

Offered in two courses:

CEN 3213 Embedded Systems Programming

CNT 4104 Senior Project in Computer

Networks

(23)

Conclusion and Future Work

New Modules under Development

Operating System Security

Security Protocols for Cyberphysical Systems

Tools for Security Analysis

Security Measurement

(24)

Acknowledgments

Major funding was provided by the National

Science Foundation Award No. 1129437

Supplemental activities:

 U.S. Air Force Summer Fellowship Program

(Subramanian and Zalewski)

 Software Engineering Institute/Carnegie Mellon

(Kornecki)

References

Download now ( PDF - 24 Page - 614.62 KB )

Related documents

NICE guideline Published: 2 September 2015 nice.org.uk/guidance/ng20

1.6.3 A healthcare professional with a specialist knowledge of coeliac disease should tell people with a confirmed diagnosis of coeliac disease (and their family members or

Controlling illegal logging in domestic and international markets by harnessing multi-level governance opportunities

Some measures to fight illegal logging can impact both sectors (international and domestic), like the Forest Law Enforcement Governance and Trade action plan, but they have to

THE GOSPEL of ST. JOHN Study Questions Property of Live God Loud Ministries. Tuesday Quiz Material (Chapters 1-7) CHAPTER ONE

QUESTION: What did Jesus do when He knew the Pharisees had heard He baptized more disciples than John.. ANSWER: He left Judea and went to Galilee

Windows Embedded Security and Surveillance Solutions

Windows Server 2008 R2 for Embedded Systems is the newest version of Windows Embedded Server and provides the security and surveillance industry with a platform that enables

The Challenge of the Nitrate Directive to Acceding Countries: A Comparative Analysis of Poland, Lithuania and Slovakia

based on the intentions of the Nitrate Directive, the Polish legal regula- tions – including especially the Act of Fertilizers and Fertilization (2000), the Act on

Subject: BlueCross BlueShield of North Carolina Lumbar Spine Fusion Surgery Notification

The American Association of Neurological Surgeons (AANS), the American Association of Orthopaedic Surgeons (AAOS), the Congress of Neurological Surgeons (CNS), the AANS/CNS

Anishinaabeg women’s stories of wellbeing: Physical activity, restoring wellbeing, and dismantling the settler colonial deficit analysis

The Anishinaabeg women’s stories of wellbeing shared in this paper, inform our understanding of how physical activity that fosters gwesayjitodoon indo bimaadiziiwin challenges

Embedded Web Server Security

When configuring security templates, select one or more of these groups, and then apply a security template to each device function to control access to that function.