Panel: Safety-Critical, High-Assurance Software Systems Ken Birman, - - PowerPoint PPT Presentation

▶

Nov 28, 2023 102 likes •211 views

Engin Kirda, Northeastern University Panel: Safety-Critical, High-Assurance Software Systems Ken Birman, Cornell Assaf Kfoury, Boston University Rami Melhem, University of Pittsburgh Overview of Panel This panel is on safety-critical,

SLIDE 1

Panel: Safety-Critical, High-Assurance Software Systems

Ken Birman, Cornell Assaf Kfoury, Boston University Engin Kirda, Northeastern University Rami Melhem, University of Pittsburgh

SLIDE 2

Overview of Panel

This panel is on safety-critical, high-assurance

systems

– I am a systems security person – hence, this is not necessarily my main area of research ;) – However, the security of critical systems is increasingly gaining focus and attention – There have been documented, high-profile attacks against critical systems (e.g., Stuxnet)

This panel aims to discuss

– Promising research directions – Current research challenges – How we can foster more collaboration

Safety-Critical, High-Assurance Systems

SLIDE 3

Critical systems control public resources such as electricity,

water, telecommunications, banks, etc.

The consequences of any disruption of service are severe and

may result in loss of human life

Such systems must often consider different types of

constraints compared with regular computer systems (e.g., real time)

Interdependencies between subsystems may lead to cascading

effects that are difficult to foresee

There is an emphasis on safety and less understanding of

computer security in this domain (and vice versa)

Background: Critical Systems

Safety-Critical, High-Assurance Systems

SLIDE 4

Examples of Critical Systems

”Traditional” critical infrastructures

– electricity, water, telecommunications, etc.

SCADA systems

– Used in almost all critical infrastructures – Efforts are already ongoing to protect such systems

Financial systems are critical infrastructures

– Many access points – Availability to many and diverse users

Safety-Critical, High-Assurance Systems

SLIDE 5

Data centers are becoming common and

these can be seen as CIs in that they provide data necessary for more traditional CIs

In-vehicle automation with remote

diagnostics and software updates for vehicles

– Embedded (automobile) systems connected to open networks. – Some of the problems related to any embedded system are also valid for the connected car

“Emerging” Critical Systems

Safety-Critical, High-Assurance Systems

SLIDE 6

Safety takes priority over security

Problem: In the domain of critical systems, both

safety and security are important, but in certain scenarios, safety takes priority

If the underlying process is about to become critical,

security should not block or delay appropriate remedies

r counteractions
We need an integrated view on safety and security,

since a breach in security could provoke a breach in safety

Safety-Critical, High-Assurance Systems

SLIDE 7

Problem: Interconnected systems are difficult to

model properly, and interdependencies between the subsystems, can lead to cascading effects that are difficult to foresee

We need to develop appropriate models for the

domain, and an overall better architecture with a security baseline

Unforeseen cascading effects

Safety-Critical, High-Assurance Systems

SLIDE 8

Problem: Critical systems also use new types of

technology to add functionality

e.g., wireless communication for remote sites and

internal enterprise communication. Critical control communication will be wireless within 10 years

There is a tradeoff between the advantages gained

with a technology versus the security risk

This trade-off must be carefully modeled and analyzed

Use of new technology

Safety-Critical, High-Assurance Systems

SLIDE 9

The Human Factor

Problem: The human is probably the weakest point

in a critical system

– The roles include operators in control rooms, engineers taking technical decisions, managers and decision-makers for future strategy development Adversarial problem: Insiders with experience of and knowledge about the system

Important issues:

– Education and training, raising awareness of security risks; sound and evolving security policy; modeling the user (“cognitive modeling”) and user-interface properties. Effective strategies for discovering an “insider” is an open research question.

Safety-Critical, High-Assurance Systems

SLIDE 10

The Next Challenge: Cyberwar

Stuxnet, Duqu, Flame

– Government-sponsored malware attacks against

ther nations

Panel: Safety-Critical, High-Assurance Software Systems

Ken Birman, Cornell Assaf Kfoury, Boston University Engin Kirda, Northeastern University Rami Melhem, University of Pittsburgh

Overview of Panel

systems

– I am a systems security person – hence, this is not necessarily my main area of research ;) – However, the security of critical systems is increasingly gaining focus and attention – There have been documented, high-profile attacks against critical systems (e.g., Stuxnet)

– Promising research directions – Current research challenges – How we can foster more collaboration

water, telecommunications, banks, etc.

may result in loss of human life

constraints compared with regular computer systems (e.g., real time)

effects that are difficult to foresee

computer security in this domain (and vice versa)

Background: Critical Systems

Examples of Critical Systems

– electricity, water, telecommunications, etc.

– Used in almost all critical infrastructures – Efforts are already ongoing to protect such systems

– Many access points – Availability to many and diverse users

these can be seen as CIs in that they provide data necessary for more traditional CIs

diagnostics and software updates for vehicles

– Embedded (automobile) systems connected to open networks. – Some of the problems related to any embedded system are also valid for the connected car

“Emerging” Critical Systems

Safety takes priority over security

safety and security are important, but in certain scenarios, safety takes priority

security should not block or delay appropriate remedies

since a breach in security could provoke a breach in safety

model properly, and interdependencies between the subsystems, can lead to cascading effects that are difficult to foresee

domain, and an overall better architecture with a security baseline

Unforeseen cascading effects

technology to add functionality

internal enterprise communication. Critical control communication will be wireless within 10 years

with a technology versus the security risk

Use of new technology

The Human Factor

in a critical system

– The roles include operators in control rooms, engineers taking technical decisions, managers and decision-makers for future strategy development Adversarial problem: Insiders with experience of and knowledge about the system

– Education and training, raising awareness of security risks; sound and evolving security policy; modeling the user (“cognitive modeling”) and user-interface properties. Effective strategies for discovering an “insider” is an open research question.

The Next Challenge: Cyberwar

– Government-sponsored malware attacks against

– How can we secure existing critical systems?