identification of authenticity requirements in systems of
play

Identification of Authenticity Requirements in Systems of Systems by - PowerPoint PPT Presentation

Jul 31, 2023 •268 likes •465 views

Identification of Authenticity Requirements in Systems of Systems by Functional Security Analysis Andreas Fuchs and Roland Rieke {andreas.fuchs,roland.rieke}@sit.fraunhofer.de Fraunhofer Institute for Secure Information Technology SIT,

  1. Identification of Authenticity Requirements in Systems of Systems by Functional Security Analysis Andreas Fuchs and Roland Rieke {andreas.fuchs,roland.rieke}@sit.fraunhofer.de Fraunhofer Institute for Secure Information Technology SIT, Darmstadt, Germany Jun 2009 Roland Rieke (Fraunhofer SIT) SoS - Functional Security Analysis Jun 2009 1 / 16

  2. Overview Motivation 1 Scenario - cooperative reasoning in vehicular ad hoc communication Dependence of safety critical decisions raises security concerns Objectives 2 Systematic security requirements elicitation for novel architectures Avoid premature architecture constraints Functional Security Analysis 3 4 Results and Outlook Roland Rieke (Fraunhofer SIT) SoS - Functional Security Analysis Jun 2009 2 / 16

  3. Why think about new vehicular Architecture using SoS reasoning overall goal reduce number and impact of accidents in Europe difficulties to improve safety measures in vehicles � improve infrastructure cooperative approach ⇒ warning ⇒ vehicular communication systems can be more effective in avoiding accidents and traffic congestion than current technologies where each vehicle tries to solve these problems individually Roland Rieke (Fraunhofer SIT) SoS - Functional Security Analysis Jun 2009 3 / 16

  4. Use case: send danger warning sense(ESP,SlipperyWheels) receive(CU,danger(position,type)) positioning(GPS,position) positioning(GPS,position) → send(CU,danger(position,type)) show(HMI,D,warn(relative-position)) ESP - Electronic Stability Protection HMI - Human Machine Interface GPS - Global Positioning System D - Driver CU - CommunicationUnit Roland Rieke (Fraunhofer SIT) SoS - Functional Security Analysis Jun 2009 4 / 16

  5. Security is an enabling Technology for novel SoS Applications Exposing vehicles to the Internet makes them vulnerable Attacks on safety Manipulate traffic flow ◮ Unauthorized brake ◮ Simulate traffic jam for target ◮ Attack active brake function vehicle ◮ Tamper with warning message ◮ Force green lights ahead of attacker − → ◮ Attacking E-Call ◮ Manipulate speed limits ◮ On-Board Diagnostics (OBD) ◮ Prevent driver from passing flashing attack toll gate ◮ Engine refuses to start Attacks on privacy Increase/Reduce driver’s toll bill ◮ Trace vehicle movement ◮ Compromise driver privacy Roland Rieke (Fraunhofer SIT) SoS - Functional Security Analysis Jun 2009 5 / 16

  6. Security Requirements Engineering Process the identification of the target of evaluation and the principal security goals and the elicitation of artifacts (e.g. use case and threat scenarios) as well as risk assessment the actual security requirements elicitation process a requirements categorisation and prioritisation, followed by requirements inspection Further steps in Security Engineering security requirements (structural) refinement mapping of security requirements to security mechanisms Roland Rieke (Fraunhofer SIT) SoS - Functional Security Analysis Jun 2009 6 / 16

  7. Methods to elicit security requirements misuse cases (attack analysis), anti-goals derived from negated security goals, use Jackson‘s problem diagrams, actor dependency analysis ( i ∗ approach) Why yet another approach ? Completeness Avoid premature architecture constraints protocols SSL/TLS/VPN/IPv6 trust anchor TPM infrastructure PKI, PDP/PEP end-to-end/hop-by-hop Roland Rieke (Fraunhofer SIT) SoS - Functional Security Analysis Jun 2009 7 / 16

  8. Functional Component Model ⇒ ⇒ Vehicle-Component send(CU,danger(pos,type)) sense(ESP,SlipWheels) positioning(GPS,pos) show(HMI,D,warn(relpos)) rec(CU,danger(pos,type)) forward(CU,danger(pos,type)) Security goal of the system at stake: Whenever a certain output action happens, the input action that presumably led to it must actually have happened. Roland Rieke (Fraunhofer SIT) SoS - Functional Security Analysis Jun 2009 8 / 16

  9. Functional Component Model ⇒ ⇒ Vehicle-Component send(CU,danger(pos,type)) sense(ESP,SlipWheels) positioning(GPS,pos) show(HMI,D,warn(relpos)) rec(CU,danger(pos,type)) forward(CU,danger(pos,type)) Security goal of the system at stake: Whenever a certain output action happens, the input action that presumably led to it must actually have happened. Roland Rieke (Fraunhofer SIT) SoS - Functional Security Analysis Jun 2009 8 / 16

  10. Functional security requirement identification Vehicle 0 Vehicle w send(CU,danger(pos,type)) send(CU,danger(pos,type)) sense(ESP,SlipWheels) sense(ESP,SlipWheels) positioning(GPS,pos) positioning(GPS,pos) show(HMI,D,warn(relpos)) show(HMI,D,warn(relpos)) forward(CU,danger(pos,type)) rec(CU,danger(pos,type)) rec(CU,danger(pos,type)) forward(CU,danger(pos,type)) Formally, the functional flow among actions can be interpreted as an ordering relation ζ i on the set of actions Σ i in a certain system instance i . ζ 1 = { ( positioning ( GPS w , pos ) , show ( HMI w , D w , warn ( relpos ))) , ( rec ( CU w , danger ( pos , type )) , show ( HMI w , D w , warn ( relpos ))) , ( send ( CU 0 , danger ( pos , type )) , rec ( CU w , danger ( pos , type ))) , ( sense ( ESP 0 , SlipWheels ) , send ( CU 0 , danger ( pos , type ))) , ( positioning ( GPS 0 , pos ) , send ( CU 0 , danger ( pos , type ))) } Roland Rieke (Fraunhofer SIT) SoS - Functional Security Analysis Jun 2009 9 / 16

  11. Functional security requirement identification Vehicle 0 Vehicle w send(CU,danger(pos,type)) send(CU,danger(pos,type)) sense(ESP,SlipWheels) sense(ESP,SlipWheels) positioning(GPS,pos) positioning(GPS,pos) show(HMI,D,warn(relpos)) show(HMI,D,warn(relpos)) rec(CU,danger(pos,type)) forward(CU,danger(pos,type)) forward(CU,danger(pos,type)) rec(CU,danger(pos,type)) Restrict ζ ∗ i to outgoing ( max i ) and incoming boundary actions ( min i ). χ i = { ( x , y ) ∈ Σ i × Σ i | ( x , y ) ∈ ζ ∗ i ∧ x ∈ min i ∧ y ∈ max i } χ 1 = { ( sense ( ESP 0 , SlipWheels ) , show ( HMI w , D w , warn ( relpos ))) , ( positioning ( GPS 0 , pos ) , show ( HMI w , D w , warn ( relpos ))) , ( positioning ( GPS w , pos ) , show ( HMI w , D w , warn ( relpos ))) } For all x , y ∈ Σ i with ( x , y ) ∈ χ i : auth ( x , y , stakeholder ( y )) is a requirement. Roland Rieke (Fraunhofer SIT) SoS - Functional Security Analysis Jun 2009 9 / 16

  12. Resulting Authenticity Requirements For all possible SoS instances for the action show ( HMI w , D w , warn ( relpos )) it must be authentic for the driver that: auth ( positioning ( GPS w , pos ) , show ( HMI w , D w , warn ( relpos )) , D w ) 1 the relative position of the danger she is warned about is based on correct position information of her vehicle auth ( positioning ( GPS 0 , pos ) , show ( HMI w , D w , warn ( relpos )) , D w ) 2 the position of the danger she is warned about is based on correct position information of the vehicle issuing the warning auth ( sense ( ESP 0 , SlipWheels ) , show ( HMI w , D w , warn ( relpos )) , D w ) 3 the danger she is warned about is based on correct sensor data Roland Rieke (Fraunhofer SIT) SoS - Functional Security Analysis Jun 2009 10 / 16

  13. System of Systems Instances Vehicle 0 Vehicle w send(CU,danger(pos,type)) send(CU,danger(pos,type)) sense(ESP,SlipWheels) sense(ESP,SlipWheels) positioning(GPS,pos) positioning(GPS,pos) show(HMI,D,warn(relpos)) show(HMI,D,warn(relpos)) rec(CU,danger(pos,type)) forward(CU,danger(pos,type)) rec(CU,danger(pos,type)) forward(CU,danger(pos,type)) Vehicle 1 Vehicle 2 send(CU,danger(pos,type)) sense(ESP,SlipWheels) send(CU,danger(pos,type)) sense(ESP,SlipWheels) positioning(GPS,pos) positioning(GPS,pos) show(HMI,D,warn(relpos)) show(HMI,D,warn(relpos)) forward(CU,danger(pos,type)) forward(CU,danger(pos,type)) rec(CU,danger(pos,type)) rec(CU,danger(pos,type)) An analysis for the second instance will result in: χ 2 = χ 1 ∪{ ( positioning ( GPS 1 , pos ) , show ( HMI w , D w , warn ( relpos ))) } And the third system of systems instance will result in: χ 3 = χ 2 ∪{ ( positioning ( GPS 2 , pos ) , show ( HMI w , D w , warn ( relpos ))) } χ i = χ i − 1 ∪{ ( positioning ( GPS i − 1 , pos ) , show ( HMI w , D w , warn ( relpos ))) } Roland Rieke (Fraunhofer SIT) SoS - Functional Security Analysis Jun 2009 11 / 16

  14. Resulting Authenticity Requirements For all possible SoS instances for the action show ( HMI w , D w , warn ( relpos )) it must be authentic for the driver that: auth ( positioning ( GPS w , pos ) , show ( HMI w , D w , warn ( relpos )) , D w ) 1 the relative position of the danger she is warned about is based on correct position information of her vehicle auth ( positioning ( GPS 0 , pos ) , show ( HMI w , D w , warn ( relpos )) , D w ) 2 the position of the danger she is warned about is based on correct position information of the vehicle issuing the warning auth ( sense ( ESP 0 , SlipWheels ) , show ( HMI w , D w , warn ( relpos )) , D w ) 3 the danger she is warned about is based on correct sensor data ∀ V x ∈ V forward : 4 auth ( positioning ( GPS x , pos ) , show ( HMI w , D w , warn ( relpos )) , D w ) position of forwarding vehicles is authentic ◮ Breaking (4) would result in a smaller or larger broadcasting area. ◮ This cannot cause the warning of a driver that should not be warned. ◮ So it is NOT a safety related authenticity requirement. Roland Rieke (Fraunhofer SIT) SoS - Functional Security Analysis Jun 2009 12 / 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Applications & Usage A Brief Insight Scenario :: Identification, Authentication & Non-

Applications & Usage A Brief Insight Scenario :: Identification, Authentication & Non-

Public Key Applications & Usage A Brief Insight Scenario :: Identification, Authentication & Non- :: Authenticity, e-business transaction Repudiation requirements for electronic :: Confidentiality and Integrity requirements ::

252 views • 11 slides
Identification and Specification of Identification and Specification of NGN Service and Control

Identification and Specification of Identification and Specification of NGN Service and Control

I nternational Telecom m unication Union ITU-T Identification and Specification of Identification and Specification of NGN Service and Control NGN Service and Control Requirements Requirements Tobey Trygar Telcordia Technologies I TU-T W

703 views • 21 slides
NORTH CAROLINA DMV Identification Requirements and erification of Lawful Status in the U.S.

NORTH CAROLINA DMV Identification Requirements and erification of Lawful Status in the U.S.

NORTH CAROLINA DMV Identification Requirements and erification of Lawful Status in the U.S. Wednesday, January 25, 2012 Step 1 Documents Required as Proof of Identification to receive a DL/ID Driver License or State Issued

743 views • 27 slides
Deliverable 2.3 Identification of user requirements concerning the definition of variables to be

Deliverable 2.3 Identification of user requirements concerning the definition of variables to be

Deliverable 2.3 Identification of user requirements concerning the definition of variables to be measured by the METPEX tool Publishable summary Coordinator: Author: Professor Andree Woodcock, Coventry University Dr, Yusak O. Susilo, KTH

510 views • 20 slides
Identification of Hybrid Systems Identification of Hybrid Systems Therefore, a model must be

Identification of Hybrid Systems Identification of Hybrid Systems Therefore, a model must be

Goal Goal Sometimes a hybrid model of the process (or of a part of it) cannot be derived manually from available knowledge. Identification of Hybrid Systems Identification of Hybrid Systems Therefore, a model must be either

151 views • 12 slides
AUTHENTICITY UNLEASH YOUR SECRET SUPER POWER 29 August 2019 Image courtesy BP Australia a Gold

AUTHENTICITY UNLEASH YOUR SECRET SUPER POWER 29 August 2019 Image courtesy BP Australia a Gold

AUTHENTICITY UNLEASH YOUR SECRET SUPER POWER 29 August 2019 Image courtesy BP Australia a Gold NAWO Corporate Member Welcome Harry Venner HR Manager SA/WA/NT SAFETY Janie Zimmerman NAWO OFFICE SECURITY REQUIREMENTS Agenda Quick Bite

389 views • 22 slides
Outward presentation: executive presence meets authenticity Out & Equal October 7, 2016

Outward presentation: executive presence meets authenticity Out & Equal October 7, 2016

Outward presentation: executive presence meets authenticity Out & Equal October 7, 2016 Agenda Introductions Who we are Executive presence and authenticity LGBTA interactions Why executive presence and authenticity matter

537 views • 25 slides
Authenticity in Educational Instruction a conversation with Ben Rottman and Tim Nokes-Malach

Authenticity in Educational Instruction a conversation with Ben Rottman and Tim Nokes-Malach

Authenticity in Educational Instruction a conversation with Ben Rottman and Tim Nokes-Malach Outline 10 minutes: intro to the topic Ben: inspiration for a discussion Tim: one proposal for a framework of authenticity 15 minutes:

712 views • 10 slides
Incremental Identification of Reaction Systems Minimal Number of Measurements J. Billeter, S.

Incremental Identification of Reaction Systems Minimal Number of Measurements J. Billeter, S.

Incremental Identification of Reaction Systems Minimal Number of Measurements J. Billeter, S. Srinivasan and D. Bonvin Laboratoire dAutomatique EPFL, Lausanne, Switzerland AIChE Annual Meeting 2012, Pittsburgh, PA Incremental identification

477 views • 20 slides
So Far ... AUTHENTICATED ENCRYPTION We have looked at methods to provide privacy and authenticity

So Far ... AUTHENTICATED ENCRYPTION We have looked at methods to provide privacy and authenticity

So Far ... AUTHENTICATED ENCRYPTION We have looked at methods to provide privacy and authenticity separately: Goal Primitive Security notion Data privacy symmetric encryption IND-CPA Data authenticity MAC UF-CMA Mihir Bellare UCSD 1

105 views • 9 slides
An MPEC Formulation for Parameter Identification of Complementarity Systems S. Berard J.C.

An MPEC Formulation for Parameter Identification of Complementarity Systems S. Berard J.C.

An MPEC Formulation for Parameter Identification of Complementarity Systems An MPEC Formulation for Parameter Identification of Complementarity Systems S. Berard J.C. Trinkle Department of Computer Science Rensselaer Polytechnic Institute May

500 views • 36 slides
Medicines Directive What pharmacy teams need to do Overview Explain the FMD requirements

Medicines Directive What pharmacy teams need to do Overview Explain the FMD requirements

The Falsified Medicines Directive What pharmacy teams need to do Overview Explain the FMD requirements How the authenticity of products will be checked The implications of Brexit The responsibilities of pharmacies and how it

490 views • 24 slides
Why a standard in this area? Why standardize terms and definitions? Food authenticity area is

Why a standard in this area? Why standardize terms and definitions? Food authenticity area is

Why a standard in this area? Why standardize terms and definitions? Food authenticity area is growing in importance The number of projects and initiatives is growing Food authenticity is multi-disciplinary in nature, and words have

565 views • 8 slides
MESSAGE AUTHENTICATION 1 / 103 Integrity and authenticity The goal is to ensure that M

MESSAGE AUTHENTICATION 1 / 103 Integrity and authenticity The goal is to ensure that M

MESSAGE AUTHENTICATION 1 / 103 Integrity and authenticity The goal is to ensure that M really originates with Alice and not someone else M has not been modified in transit 2 / 103 Integrity and authenticity example Bob Alice (Bank)

1.31k views • 112 slides
Multiple outputs operational modal identification of time-varying systems Mathieu BERTHA

Multiple outputs operational modal identification of time-varying systems Mathieu BERTHA

Multiple outputs operational modal identification of time-varying systems Mathieu BERTHA University of Lige (Belgium) Friday, February 23, 2018 The global framework of this research is the modal identification of structures It is a pretty

1.09k views • 76 slides
Identification of Nonlinear Mechanical Systems: State of the Art and Recent Trends Gatan

Identification of Nonlinear Mechanical Systems: State of the Art and Recent Trends Gatan

Identification of Nonlinear Mechanical Systems: State of the Art and Recent Trends Gatan Kerschen Space Structures and Systems Laboratory Aerospace and Mechanical Eng. Dept. University of Lige Colleagues and Collaborators: J.P. Nol, J.

694 views • 55 slides
Geography and CS Where am I? Localization Problem 2 How do I get there?

Geography and CS Where am I? Localization Problem 2 How do I get there?

Maps Problem 1 Geography and CS Where am I? Localization Problem 2 How do I get there? Philip Chan Navigation Localization--Where am I? Cell phone Localization GPSGlobal Positioning System Problem

488 views • 12 slides
Weighted Quasi-optimal and Recursive Quasi-optimal Satellite Selection Techniques for GNSS V.

Weighted Quasi-optimal and Recursive Quasi-optimal Satellite Selection Techniques for GNSS V.

Weighted Quasi-optimal and Recursive Quasi-optimal Satellite Selection Techniques for GNSS V. Satya Srinivas 1 , A.D. Sarma 2 and A. Supraja Reddy 2 1 Geethanj ali College of Engineering and Technology, Cheeryal (V), Telangana 501301 India 2

466 views • 35 slides
COMMUNICATE BETTER KARL PFEIFFER, CT Lead German Linguist karl.pfeiffer@argosmultilingual.com

COMMUNICATE BETTER KARL PFEIFFER, CT Lead German Linguist karl.pfeiffer@argosmultilingual.com

HELPING YOU COMMUNICATE BETTER KARL PFEIFFER, CT Lead German Linguist karl.pfeiffer@argosmultilingual.com www.argosmultilingual.com Beyond Navigation Established and Emerging Satellite Applications www.argosmultilingual.com OVERVIEW

786 views • 55 slides
Geocaching-inspired Resilient Path Planning for Drone Swarms Michel Barbeau 1 , Joaquin

Geocaching-inspired Resilient Path Planning for Drone Swarms Michel Barbeau 1 , Joaquin

Geocaching-inspired Resilient Path Planning for Drone Swarms Michel Barbeau 1 , Joaquin Garcia-Alfaro 2 , and Evangelos Kranakis 1 1 Carleton University, Ottawa, Canada 2 Institut Polytechnique de Paris, Telecom SudParis, France IEEE MiSARN April

372 views • 19 slides
A Two-Layer Approach for Energy Efficiency in Mobile Location Sensing Applications Ling-Jyh Chen

A Two-Layer Approach for Energy Efficiency in Mobile Location Sensing Applications Ling-Jyh Chen

A Two-Layer Approach for Energy Efficiency in Mobile Location Sensing Applications Ling-Jyh Chen (Academia Sinica, Taiwan) Introduction Mobile location sensing applications (MLSAs) Exploit Global Positioning System (GPS) technology to

426 views • 30 slides
Lane Detection for Intelligent Cars Daniel Ahlers University of Hamburg Faculty of Mathematics,

Lane Detection for Intelligent Cars Daniel Ahlers University of Hamburg Faculty of Mathematics,

MIN Faculty Department of Informatics Lane Detection for Intelligent Cars Daniel Ahlers University of Hamburg Faculty of Mathematics, Informatics and Natural Sciences Department of Informatics Technical Aspects of Multimodal Systems 05.

302 views • 29 slides
Air Force Space & Missile Systems Center (SMC) y ( ) SMC OVERVIEW As of 30 June 2010

Air Force Space & Missile Systems Center (SMC) y ( ) SMC OVERVIEW As of 30 June 2010

DRAFT Air Force Space & Missile Systems Center (SMC) y ( ) SMC OVERVIEW As of 30 June 2010 General Observations Emotional commitment to a new frontier: 1950s and 60s Little or no Motivation Inspiration for new scientific

293 views • 13 slides
Geographic Centroid Routing for Vehicular Networks Effects of GPS Error on Geographic Routing

Geographic Centroid Routing for Vehicular Networks Effects of GPS Error on Geographic Routing

Geographic Centroid Routing for Vehicular Networks Effects of GPS Error on Geographic Routing Dr. Justin P. Rohrer jprohrer@nps.edu Naval Postgraduate School TaNCAD Lab ( https://tancad.net ) VEHICULAR June 25, 2018 Abstract Geographic

924 views • 48 slides

More recommend