convergence of safety and security
play

Convergence of Safety and Security Sebastian Fischmeister Dept. of - PowerPoint PPT Presentation

Dec 10, 2022 •300 likes •696 views

1 Convergence of Safety and Security Sebastian Fischmeister Dept. of Electrical and Comp. Engineering University of Waterloo esg.uwaterloo.ca 2 Research area: Safety and security of software- intensive embedded safety- critical systems 3

  1. 1 Convergence of Safety and Security Sebastian Fischmeister Dept. of Electrical and Comp. Engineering University of Waterloo esg.uwaterloo.ca

  2. 2 Research area: Safety and security of software- intensive embedded safety- critical systems

  3. 3 Prof. Fischmeister 1. Security of mobile code systems (1999-2001) 2. Embedded and safety-critical systems (2002-now) • Static analysis and instrumentation 3. Data extraction • Dynamic binary instrumentation (2008-now) • Side-channel analysis • Runtime verification, monitoring 4. Data analysis • Anomaly detection, intrusion detection (2011-now) • Reverse engineering Applied to: Safety-critical systems • Exec. Director WatCAR • Consulting for ISO 26262 • Member of SCC TC56

  4. 4 Observation: Modern systems are beyond deep comprehension of human minds

  5. 5 Systems Are Complex Picture of car

  6. 6 Code Complexity is Increasing

  7. 7 We Cannot Comprehend Digital Systems System size and Nobody would try building that bridge; complexity are the unless it was software only! challenge! => Humans are bad at judging logical complexity Illustrating one example: Bridge from Tokyo to Vancouver

  8. 9 Observation: Safety deals with the universe Security deals with people

  9. 10 Safety: Security: The sun flips bits by chance. Attacker flips bits on purpose.

  10. 11 Safe but not secure Millions of people are driving this vehicle …

  11. 12 Secure but not safe … but nobody would drive this car. (except Colin Furze)

  12. 13 Observation: Safety is static Security is dynamic

  13. 14 Safety Following ISO 26262 Recommended lifecycle leading to a safe product.

  14. 15 Once a Safe Product … Always Safe*

  15. 16 More Vulnerabilities Every Year 137,729 (Dec ‘18) In last 10 years: • 206 per week • 1.2 per hour (!)

  16. 17 Once a Secure Product … Not Secure Tomorrow!

  17. 18 News of the Day

  18. 19 Observation: Security operates at a different speed than product development

  19. 20 Passenger aircraft 10 years 5 years Vehicle 1 year Smart phone Flashy IoT thingy 1 week 137,729+ CVE entries? (206 per week)

  20. 21 RELATION TO DEFENCE SYSTEMS

  21. Weapon Systems Spending $1.66 Trillion $25.5 Billion

  22. 23 Cyber attacks have the potential to take control of or shutdown any of these systems that are dependent on software. Ref. US Government Accountability Office – Report t U.S. Senate, Weapons Systems Cybersecurity - 9 October 2018

  23. “This … herald[s] the coming rise of strategic cyberwarfare as a means of striking in very costly, disruptive ways at an adversary without a prior need to defeat opposing military forces in the field, at sea, or in the air.” John Arquilla, The Rise of Strategic Cyberwar, U.S. Naval Postgraduate School

  24. 25 An estimated 15% of spare and replacement parts for DoD equipment are counterfeit. Toohey , Brian. “Counterfeit Semiconductors – A Clear and Present Threat.” Testimony Before Senate Committee on Armed Services, Counterfeit Electronic Parts in the U.S. Military Supply Chain, November 8, 2011.

  25. 26 CHALLENGES: AN INCOMPLETE, BIASED SELECTION

  26. 27 Challenge: How to assist engineers to understand modern systems?

  27. 28 Challenge: How to provide effective protection of cyberphysical systems?

  28. 29 Challenge: How to maintain 30-year old systems?

  29. 30 Challenge: How to holistically address safety and security? +100% more AI inside now

  30. 31 EXAMPLE RESULTS OF COLLABORATING WITH THE UNIVERSITY OF WATERLOO

  31. Palisade: Cyberphysical Mission Assurance Attack Detector – Detect crafted attacks Attack Capture – Capture&store adversary attacks Attack Counter – React to detected attacks Multiplicative security controls – Heterogeneous design to maximize resilience A scalable, retrofittable solution for surviving crafted cyberphysical attacks

  32. Palisade Test: Hexacopter Drone Detected control disruption, denial-of-service, reverse engineering attacks Public test

  33. Palisade Test: Vehicle Body Control Module Detected buffer overflow, arc injection attacks Public test

  34. Palisade Test: Autonomous Driving AI Detected GPS spoofing, steering hijack, man-in-the-middle attacks Public test

  35. Palisade Test: Autonomous Vehicles Detected gear-shift & control state irregularities Public test

  36. Palisade Test: Military Platform Detected gear-shift & control state Detected various attacks and irregularities induced anomalies Released photos Public test

  37. Conclusions • Systems are becoming too complex for humans to comprehend • Computerization of systems will continue to happen • We need to identify methods and technology for building safe and secure systems • Be prepared as change can come practically over night!

  38. 39 Contact info: Sebastian Fischmeister sfischme@uwaterloo.ca Dept. of Electrical and Computer Eng. University of Waterloo 200 University Ave West Waterloo, ON N2L 3G1

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Safety and Security Certification Program Safety and Security Certification A process to

Safety and Security Certification Program Safety and Security Certification A process to

Safety and Security Certification Program Safety and Security Certification A process to assure that safety & security concerns, vulnerabilities, and hazards are adequately addressed prior to the initiation of service. Safety and

97 views • 9 slides
CAC Safety Report 2018-19 John Heiderscheidt Director of Safety and Culture Safety and Security

CAC Safety Report 2018-19 John Heiderscheidt Director of Safety and Culture Safety and Security

CAC Safety Report 2018-19 John Heiderscheidt Director of Safety and Culture Safety and Security Technology What has been done to address safety and security? Using Safety Technology BASCO - Building Access Security Control Office

445 views • 26 slides
SECURITY & SAFETY AWARENESS TRAINING Purpose of Security & Safety Plan To inform

SECURITY & SAFETY AWARENESS TRAINING Purpose of Security & Safety Plan To inform

SECURITY & SAFETY AWARENESS TRAINING Purpose of Security & Safety Plan To inform employee of risk and threats To inform employee of companys safety & security plans for: Company Terminals Customer To make

465 views • 15 slides
Come Together, Right Now Convergence and Collaboration in Cloud Computing, Data Security &

Come Together, Right Now Convergence and Collaboration in Cloud Computing, Data Security &

bu.edu/hic Boston University Slideshow Title Goes Here Come Together, Right Now Convergence and Collaboration in Cloud Computing, Data Security & Artificial Intelligence September 30, 2020 Eric Kolaczyk | Orran Krieger | Kate Saenko |

821 views • 48 slides
Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety Sensitive Information Not for public or media release F.S. 119.071. Required by law, rule and regulation: Homeland Security Directive 5 and 8.

393 views • 11 slides
Public Safety and Public Safety and Homeland Security Homeland Security Bureau Bureau 2008

Public Safety and Public Safety and Homeland Security Homeland Security Bureau Bureau 2008

Public Safety and Public Safety and Homeland Security Homeland Security Bureau Bureau 2008 Hurricane Summit Background Advance statutory mandate for the purpose of promoting safety of life and property through the use of

480 views • 11 slides
The Global Nuclear Safety and Security Network Yassine Chaari Office of Safety and Security

The Global Nuclear Safety and Security Network Yassine Chaari Office of Safety and Security

The Global Nuclear Safety and Security Network Yassine Chaari Office of Safety and Security Coordination Department of Nuclear Safety and Security What is GNSSN? GNSSN human network operating at global, regional and national levels,

355 views • 24 slides
Some Thoughts on MC Convergence first, would like to define what I mean two kinds of

Some Thoughts on MC Convergence first, would like to define what I mean two kinds of

Some Thoughts on MC Convergence first, would like to define what I mean two kinds of convergence - convergence = experiments all working towards using same MC generator (common basis for comparison) - convergence =

239 views • 11 slides
4/20/18 Safety & Security in Chesterfield School Board Safety Task Force - April 24, 2018

4/20/18 Safety & Security in Chesterfield School Board Safety Task Force - April 24, 2018

4/20/18 Safety & Security in Chesterfield School Board Safety Task Force - April 24, 2018 Donald R. Green, CPP Safety & Security Manager Schools are Safe School mass violence attacks are very rare: Extremely Low Probability -

517 views • 4 slides
Safety & Security 2019-2020 School Year Comprehensive School Safety Plan Chief of f Staff

Safety & Security 2019-2020 School Year Comprehensive School Safety Plan Chief of f Staff

Safety & Security 2019-2020 School Year Comprehensive School Safety Plan Chief of f Staff Chris Smith Director of Safety & Security Ian Lopez Security Manager Eaglecrest HS Feeders Eaglecrest High School Thunder Ridge Middle

615 views • 28 slides
Safety & Security Presented by: Chandra Ravada FAST ACT Safety & Security Increase

Safety & Security Presented by: Chandra Ravada FAST ACT Safety & Security Increase

DMATS LRTP 2045 Safety & Security Presented by: Chandra Ravada FAST ACT Safety & Security Increase the safety of the transportation system for motorized and non-motorized users Increase the security of the transportation system

544 views • 15 slides
DEPARTMENT OF SAFETY & SECURITY OVERVIEW Embracing A New Direction JANUARY 2013 March

DEPARTMENT OF SAFETY & SECURITY OVERVIEW Embracing A New Direction JANUARY 2013 March

DEPARTMENT OF SAFETY & SECURITY OVERVIEW Embracing A New Direction JANUARY 2013 March 25, 2010 DEPARTMENT OF SAFETY & SECURITY WORKFLOW Public Safety Technical Security Cooperative Partnerships Emergency Management 2

335 views • 15 slides
Safety and Security Update Department / District Supports Police & Security School

Safety and Security Update Department / District Supports Police & Security School

Safety and Security Update Department / District Supports Police & Security School Leadership Social & Emotional Learning Psychological Services Operations & School Safety 2 Police & Security Staffing FY 19-20 Position

516 views • 14 slides
Europe and Central Asia Background, Status and Next Challenges Safety and Security Coordination

Europe and Central Asia Background, Status and Next Challenges Safety and Security Coordination

Development of Safety Network in Europe and Central Asia Background, Status and Next Challenges Safety and Security Coordination Section Department of Nuclear Safety & Security Content 1. IAEA, Nuclear Safety and the GNSSN 2. Regional

592 views • 24 slides
An Garda Sochna Holiday Security/Personal Safety Community Policing HOLIDAY SECURITY This

An Garda Sochna Holiday Security/Personal Safety Community Policing HOLIDAY SECURITY This

An Garda Sochna Holiday Security/Personal Safety Community Policing HOLIDAY SECURITY This presentation addresses three key areas relating to your holiday security as follows - Preparation plans and securing your property Safety when

397 views • 20 slides
FMC (Fixed Mobile Convergence) Wh t Ab What About Security? t S it ? Vancouver June 2008

FMC (Fixed Mobile Convergence) Wh t Ab What About Security? t S it ? Vancouver June 2008

FMC (Fixed Mobile Convergence) Wh t Ab What About Security? t S it ? Vancouver June 2008 Vancouver June 2008 Franck Veysset, Orange Labs Firstname.lastname at orange-ftgroup dot com research & development Agenda Introduction

463 views • 30 slides
Crawford & Company Crawford Cyber Solution Restoring and enhancing lives, businesses and

Crawford & Company Crawford Cyber Solution Restoring and enhancing lives, businesses and

Cyber Event Claims Management Crawford & Company Crawford Cyber Solution Restoring and enhancing lives, businesses and communities Crawford & Company Worlds largest publicly listed independent provider of claims management solutions

352 views • 21 slides
Security Assessment Technique for SDN greenkim@konkuk.ac.kr Contents 1.

Security Assessment Technique for SDN greenkim@konkuk.ac.kr Contents 1.

Security Assessment Technique for SDN greenkim@konkuk.ac.kr Contents 1. Introduction 2. Security Analyses of SDN 3. Security Assessment Technique for SDN 3.1 Taxonomy of issues 3.2 Assessment technique 4. Case study of IMECA

223 views • 19 slides
VoIP Hacking Lars Strand PhD student Norwegian Defence Research Establishment (FFI) Jely,

VoIP Hacking Lars Strand PhD student Norwegian Defence Research Establishment (FFI) Jely,

VoIP Hacking Lars Strand PhD student Norwegian Defence Research Establishment (FFI) Jely, 15.-16. January 2009 VoIP? PSTN: 100 year old technology, 99.999% uptime, call anyone anytime can VoIP offer that today? VoIP next

479 views • 15 slides
David Argles School of Electronics & Computer Science University of Southampton

David Argles School of Electronics & Computer Science University of Southampton

Syamantak Mukhopadhyay & David Argles School of Electronics & Computer Science University of Southampton Introduction Internet & Web 2.0 User-centric services Services available Online. Most services require

281 views • 16 slides
Manual Online Reporting Purpose: This guide will provide step-by-step instructions on how to

Manual Online Reporting Purpose: This guide will provide step-by-step instructions on how to

Manual Online Reporting Purpose: This guide will provide step-by-step instructions on how to utilize the Manual Online Reporting system to electronically file your Texas unclaimed property report. Manual Online Reporting system 1. Visit

405 views • 17 slides
Handing in your Kaltura Capture video in Pitch2Peer Once the Kaltura Capture recording has been

Handing in your Kaltura Capture video in Pitch2Peer Once the Kaltura Capture recording has been

Presentation Master project (as of 06-04-2020) Manual for students Institute of Education and Child Studies As a result of the Corona measures the organisation of the presentations of the Master projects has been adjusted until further notice.

661 views • 3 slides
UCTP ORIENTATION FOR TENURE AND PROMOTION CANDIDATES April 30, 2019 Audrey Korsgaard, Chair

UCTP ORIENTATION FOR TENURE AND PROMOTION CANDIDATES April 30, 2019 Audrey Korsgaard, Chair

~ ~ UCTP ORIENTATION FOR TENURE AND PROMOTION CANDIDATES April 30, 2019 Audrey Korsgaard, Chair rttfl?httL UNIVERSITY OF South Carolina PRESENTATION OVERVIEW UCTP Composition and Aims Timeline and Process Importance of

240 views • 12 slides
AIRAH Speakers Manual & Policy Thank you for accepting the invitation to present at an AIRAH

AIRAH Speakers Manual & Policy Thank you for accepting the invitation to present at an AIRAH

AIRAH Speakers Manual & Policy Thank you for accepting the invitation to present at an AIRAH event. We trust that you will enjoy the event and the opportunity to meet and network with AIRAH members and the HVAC&R industry. AIRAH

189 views • 7 slides

More recommend