panel safety critical high assurance
play

Panel: Safety-Critical, High-Assurance Software Systems Ken Birman, - PowerPoint PPT Presentation

Nov 28, 2023 •102 likes •210 views

Engin Kirda, Northeastern University Panel: Safety-Critical, High-Assurance Software Systems Ken Birman, Cornell Assaf Kfoury, Boston University Rami Melhem, University of Pittsburgh Overview of Panel This panel is on safety-critical,

  1. Engin Kirda, Northeastern University Panel: Safety-Critical, High-Assurance Software Systems Ken Birman, Cornell Assaf Kfoury, Boston University Rami Melhem, University of Pittsburgh

  2. Overview of Panel • This panel is on safety-critical, high-assurance systems – I am a systems security person – hence, this is not necessarily my main area of research ;) – However, the security of critical systems is increasingly gaining focus and attention – There have been documented, high-profile attacks against critical systems (e.g., Stuxnet) • This panel aims to discuss – Promising research directions – Current research challenges – How we can foster more collaboration Safety-Critical, High-Assurance Systems

  3. Background: Critical Systems • Critical systems control public resources such as electricity, water, telecommunications, banks, etc. • The consequences of any disruption of service are severe and may result in loss of human life • Such systems must often consider different types of constraints compared with regular computer systems (e.g., real time) • Interdependencies between subsystems may lead to cascading effects that are difficult to foresee • There is an emphasis on safety and less understanding of computer security in this domain (and vice versa) Safety-Critical, High-Assurance Systems

  4. Examples of Critical Systems • ”Traditional” critical infrastructures – electricity, water, telecommunications, etc. • SCADA systems – Used in almost all critical infrastructures – Efforts are already ongoing to protect such systems • Financial systems are critical infrastructures – Many access points – Availability to many and diverse users Safety-Critical, High-Assurance Systems

  5. “Emerging” Critical Systems • Data centers are becoming common and these can be seen as CIs in that they provide data necessary for more traditional CIs • In-vehicle automation with remote diagnostics and software updates for vehicles – Embedded (automobile) systems connected to open networks. – Some of the problems related to any embedded system are also valid for the connected car Safety-Critical, High-Assurance Systems

  6. Safety takes priority over security • Problem: In the domain of critical systems, both safety and security are important, but in certain scenarios, safety takes priority • If the underlying process is about to become critical, security should not block or delay appropriate remedies or counteractions • We need an integrated view on safety and security, since a breach in security could provoke a breach in safety Safety-Critical, High-Assurance Systems

  7. Unforeseen cascading effects • Problem: Interconnected systems are difficult to model properly, and interdependencies between the subsystems, can lead to cascading effects that are difficult to foresee • We need to develop appropriate models for the domain, and an overall better architecture with a security baseline Safety-Critical, High-Assurance Systems

  8. Use of new technology • Problem: Critical systems also use new types of technology to add functionality • e.g., wireless communication for remote sites and internal enterprise communication. Critical control communication will be wireless within 10 years • There is a tradeoff between the advantages gained with a technology versus the security risk • This trade-off must be carefully modeled and analyzed Safety-Critical, High-Assurance Systems

  9. The Human Factor • Problem: The human is probably the weakest point in a critical system – The roles include operators in control rooms, engineers taking technical decisions, managers and decision-makers for future strategy development Adversarial problem : Insiders with experience of and knowledge about the system • Important issues: – Education and training, raising awareness of security risks; sound and evolving security policy; modeling the user (“cognitive modeling”) and user-interface properties. Effective strategies for discovering an “insider” is an open research question. Safety-Critical, High-Assurance Systems

  10. The Next Challenge: Cyberwar • Stuxnet, Duqu, Flame – Government-sponsored malware attacks against other nations – How can we secure existing critical systems?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Practically Formal Development and Assurance of Complex Software-Intensive Safety-Critical

Practically Formal Development and Assurance of Complex Software-Intensive Safety-Critical

Practically Formal Development and Assurance of Complex Software-Intensive Safety-Critical Systems Alan Wassyng work with Zinovy Diskin, Nicholas Annable, and Mark Lawford CyPhyAssure, 20 March 2019 GSN-like Assurance Cases Pros

720 views • 33 slides
Assurance For Increasingly Autonomous (IA) Safety Critical Systems John Rushby Computer Science

Assurance For Increasingly Autonomous (IA) Safety Critical Systems John Rushby Computer Science

Assurance For Increasingly Autonomous (IA) Safety Critical Systems John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SR I Assurance For Safety Critical IA Systems 1 Introduction Increasing

557 views • 18 slides
Risk Management, Safety Assurance and the Importance of Lifecycle Maintenance Context of ALARP

Risk Management, Safety Assurance and the Importance of Lifecycle Maintenance Context of ALARP

Risk Management, Safety Assurance and the Importance of Lifecycle Maintenance Context of ALARP Compressed Breathing Air and Commercial Diving Automation Who we are Global Leaders in the Provision of Safety Critical Risk Management Solutions

212 views • 18 slides
Compliance vs. Due Diligence: SFAIRP and its Interaction with Systems Safety and Assurance

Compliance vs. Due Diligence: SFAIRP and its Interaction with Systems Safety and Assurance

Compliance vs. Due Diligence: SFAIRP and its Interaction with Systems Safety and Assurance Approaches Tim Procter Tel: Mob: Email: International Railway Safety Council Conference October 2019 Context System Safety and Assurance

647 views • 40 slides
FEBRUARY 2016 WEBINAR Quality Assurance Visit Information Critical Elements 1-3 Re-Accreditation

FEBRUARY 2016 WEBINAR Quality Assurance Visit Information Critical Elements 1-3 Re-Accreditation

FEBRUARY 2016 WEBINAR Quality Assurance Visit Information Critical Elements 1-3 Re-Accreditation Planning Danielle Morago HFO QA/TA Specialist 2016 Quality Assurance Visits Self-Study Reminders Critical Element 1 AGENDA Critical

535 views • 16 slides
Communication of bicyclists with car drivers and safety critical events Christine

Communication of bicyclists with car drivers and safety critical events Christine

Communication of bicyclists with car drivers and safety critical events Christine Chaloupka-Risser ICTCT, Elisabeth Fssl extra- ordinary workshop, Beijing April 2016 Bicyclists face a high accident risk Safety: 138,400

586 views • 14 slides
CAN CLOUD COMPUTING SYSTEMS OFFER HIGH ASSURANCE WITHOUT LOSING KEY CLOUD PROPERTIES? CS6410

CAN CLOUD COMPUTING SYSTEMS OFFER HIGH ASSURANCE WITHOUT LOSING KEY CLOUD PROPERTIES? CS6410

1 CAN CLOUD COMPUTING SYSTEMS OFFER HIGH ASSURANCE WITHOUT LOSING KEY CLOUD PROPERTIES? CS6410 Ken Birman, Cornell University High Assurance in Cloud Settings 2 A wave of applications that need high assurance is fast approaching

672 views • 40 slides
Assurance Challenges for New & In-service Submarines. Roger Coles May 2019 Introduction

Assurance Challenges for New & In-service Submarines. Roger Coles May 2019 Introduction

Safety Assurance Challenges for New & In-service Submarines. Roger Coles May 2019 Introduction High value assets in a hostile environments Acceptable Risk Level Design Build In-Service Assurance Owners Responsibility

400 views • 23 slides
Critical Friends Panel Graham Edwards, Chief Executive 1 Business performance update outputs

Critical Friends Panel Graham Edwards, Chief Executive 1 Business performance update outputs

July 2017 Critical Friends Panel Graham Edwards, Chief Executive 1 Business performance update outputs 2016/17 Social Customer Safety Reliability Environmental obligations Service Met our 1 in 20 Met both our key

844 views • 65 slides
Data Assurance in Opaque Computations High Assurance Systems Engineering Guy Haworth

Data Assurance in Opaque Computations High Assurance Systems Engineering Guy Haworth

Data Assurance in Opaque Computations High Assurance Systems Engineering Guy Haworth guy.haworth@bnc.oxon.org 1 Data Assurance - ACG12, 2009-05-11 Topics Motivation Systems Engineering Cycle Definition: the Problem Domain and the

824 views • 27 slides
Xenon: High-Assurance Xen John McDermott John.McDermott@NRL.Navy.Mil Naval Research Laboratory

Xenon: High-Assurance Xen John McDermott John.McDermott@NRL.Navy.Mil Naval Research Laboratory

Xenon: High-Assurance Xen John McDermott John.McDermott@NRL.Navy.Mil Naval Research Laboratory Center for High-Assurance Computer Systems http:/ / chacs.nrl.navy.mil Xenon Xen Beyond Buffer Overflows high-assurance Policy flaws Use the

565 views • 24 slides
Cybersecurity Assurance for Critical Infrastructure Jason Jaskolka Collaborator: John Villasenor

Cybersecurity Assurance for Critical Infrastructure Jason Jaskolka Collaborator: John Villasenor

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Cybersecurity Assurance for Critical Infrastructure Jason Jaskolka Collaborator: John Villasenor Center for International Security and Cooperation

457 views • 44 slides
Objectives To introduce the concept of safety-critical software To describe the

Objectives To introduce the concept of safety-critical software To describe the

Chapter 21 Chapter 21 Safety-Critical Software Learning Objective . Developing software which should never compromise the overall safety of a system. Frederick T Sheldon Assistant Professor of Computer Science Washington State University CS

327 views • 15 slides
1 The High Value High Risk, or HVHR, assessments were critical inputs to government decisions for

1 The High Value High Risk, or HVHR, assessments were critical inputs to government decisions for

The Auditor-General provides assurance to Parliament on the accountability and performance of the Victorian Public Sector. The Auditor-General conducts financial audits and performance audits, and reports on the results of these audits to

239 views • 13 slides
Completing the jigsaw system and safety assurance, and asset management Richard Adams,

Completing the jigsaw system and safety assurance, and asset management Richard Adams,

Completing the jigsaw system and safety assurance, and asset management Richard Adams, Manager Safety & Risk Assurance Asset Standards Authority Asset Standards Authority RISSB Rail Safety 2015 Conference | 1 RISSB Rail Safety 2015

270 views • 24 slides
Safety-critical systems design: the TASTE tool-chain Julien Delange

Safety-critical systems design: the TASTE tool-chain Julien Delange

Safety-critical systems design: the TASTE tool-chain Julien Delange <julien.delange@esa.int> Maxime Perrotin <maxime.perrotin@esa.int> 1 High-integrity software constraints Real-Time determinism Safety & security

692 views • 22 slides
Bringing IoT to Production Digital Shadows Task-specific Digital Shadow for wide-

Bringing IoT to Production Digital Shadows Task-specific Digital Shadow for wide-

Bringing IoT to Production Digital Shadows Task-specific Digital Shadow for wide- Task-specific Digital Shadow for mid- Task-specific Digital Shadow for in- range analyses (exemplary application: range analyses (exemplary application: depth

549 views • 3 slides
Welcome! INFOGR Lecture 2 Graphics Fundamentals 2 Synchronize

Welcome! INFOGR Lecture 2 Graphics Fundamentals 2 Synchronize

INFOGR Computer Graphics Jacco Bikker - April-July 2016 - Lecture 2: Graphics Fundamentals Welcome! INFOGR Lecture 2 Graphics Fundamentals 2 Synchronize http://www.cs.uu.nl/docs/vakken/gr Todays Agenda: The Raster

681 views • 53 slides
TraMineR: A toolbox for exploring and rendering sequences Gilbert Ritschard Institute for

TraMineR: A toolbox for exploring and rendering sequences Gilbert Ritschard Institute for

Exploring Sequential Data TraMineR: A toolbox for exploring and rendering sequences Gilbert Ritschard Institute for Demographic and Life Course Studies, University of Geneva and NCCR LIVES: Overcoming vulnerability, life course perspectives

1.03k views • 71 slides
R markdown tutorial at useR! 2015 Aalborg, Denmark Gergely Daroczi @daroczig 2015-06-30

R markdown tutorial at useR! 2015 Aalborg, Denmark Gergely Daroczi @daroczig 2015-06-30

R markdown tutorial at useR! 2015 Aalborg, Denmark Gergely Daroczi @daroczig 2015-06-30 Yes, Ive created this with markdown It looks like L A T EX, or to be more precise, its a Beamer presentation, but this slide was created like:

1.42k views • 125 slides
RLUK. #CM4lib Gifts loved and hated in equal measure? Jo Aitkins Why should we love gifts?

RLUK. #CM4lib Gifts loved and hated in equal measure? Jo Aitkins Why should we love gifts?

Collection Management: Share the experience@ Bristol. An event sponsored by JISC and RLUK. #CM4lib Gifts loved and hated in equal measure? Jo Aitkins Why should we love gifts? They are given with affection Good will and

728 views • 13 slides
Introduction to Layouts Interactive Data Visualization with Bokeh Arranging multiple plots

Introduction to Layouts Interactive Data Visualization with Bokeh Arranging multiple plots

INTERACTIVE DATA VISUALIZATION WITH BOKEH Introduction to Layouts Interactive Data Visualization with Bokeh Arranging multiple plots Arrange plots (and controls) visually on a page: rows, columns grid arrangements tabbed

670 views • 21 slides
Computational Photography Si Lu Spring 2018 http://web.cecs.pdx.edu/~lusi/CS510/CS510_Computati

Computational Photography Si Lu Spring 2018 http://web.cecs.pdx.edu/~lusi/CS510/CS510_Computati

Computational Photography Si Lu Spring 2018 http://web.cecs.pdx.edu/~lusi/CS510/CS510_Computati onal_Photography.htm 04/26/2018 Last Time o Panorama n Overview n Feature detection n Feature matching With slides by Prof. C. Dyer and K. Grauman

858 views • 67 slides
Panorama Due November 4 th Goal Find key features in images and correspondences between

Panorama Due November 4 th Goal Find key features in images and correspondences between

COS 429 PS3: Stitching a Panorama Due November 4 th Goal Find key features in images and correspondences between images Use RANSAC to find the best correspondences Map one image plane to another to create a panoramic image Problem

498 views • 12 slides

More recommend