Review of External Security Models Michael McCool Intel Osaka, W3C - PowerPoint PPT Presentation

Apr 16, 2023 •7 likes •87 views

Review of External Security Models Michael McCool Intel Osaka, W3C Web of Things F2F, 17 May 2017 Purpose WoT charter: The scope of the Working Group is restricted to APIs and security frameworks that are applicable across platforms. We will

Review of External Security Models Michael McCool Intel Osaka, W3C Web of Things F2F, 17 May 2017
Purpose WoT charter: The scope of the Working Group is restricted to APIs and security frameworks that are applicable across platforms. We will not define new security mechanisms but will use existing mechanisms and best practices. 1. Determine how to gather requirements for external security models and standards 2. Determine how to represent information in a common format  THEN b egin to review external security models and standards… 2/37
Outline  List of external sources  External standards  Security models of important external IoT ecosystems WoT should interoperate with  Anything missing we should add?  Template for Threat model  Other templates to consider  Standards to review:  IIC Security Framework  IETF ACE Model 3/37
Sources  See: https://github.com/w3c/wot/pull/319  Please create issues to suggest new references  External References:  Industrial Internet Consortium Security Framework: http://www.iiconsortium.org/IISF.htm  IETF ACE (Authentication and Authorization for Constrained Environments): https://tools.ietf.org/wg/ace/  IETF RFC 7252 (CoAP) Security model: https://tools.ietf.org/html/rfc7252  STRIDE Threat Model  OWASP IoT Attack Vectors  Liaison References:  OCF 1.0 Security Specification (Draft): https://openconnectivity.org/draftspecs/OCF_Security_Specification_v1.0.0.pdf  Will discuss this during OCF Review on May 17  oneM2M Security Solutions, TS-0003: http://www.onem2m.org/images/files/deliverables/Release2/TS-0003_Security_Solutions- v2_4_1.pdf 4/37
Template for Threat Model  Stakeholders  Description, Role, Business-driven security goals, Interesting edge cases  Assets  Description, Who should have access (Trust Model), Attack Points  Adversaries  Persona, Motivation, Attacker type  Attack surfaces  System Element, Compromise Type(s), Assets exposed, Attack Method  Threats  Name, Adversary, Asset, Attack method and pre-conditions, priority  Security Objectives and Non-Objectives  Threats, Mitigation (if an objective), Reasoning (if not) 5/37
Other Templates?  Protocol security frameworks and link  Configuration management security  Lifecycle management  TLS, DTLS, etc.  Logging and monitoring  Encryption standards  AES, RSA, etc.  Privacy frameworks  Identity, Authentication, and  Integrity protection Authorization  OAuth, etc. 6/37
IIC Security Framework  See 7/37
IETF ACE  See 8/37

Download Presentation

Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Staff has concerns over the setbacks of the second floor patio and will be conditioning that the

From: Liska, Andrew <Andrew.Liska@minneapolismn.gov> Sent: Wednesday, August 19, 2020 2:34 PM To: Michael Subject: RE: [EXTERNAL] RE: [EXTERNAL] RE: [EXTERNAL] RE: [EXTERNAL] RE: [EXTERNAL] RE: [EXTERNAL] 1219 31st W Joyce Church Hi,

366 views • 3 slides

SPF, DKIM and DMARC SPF stands for Sender Policy Framework, a record on the DNS which

4/30/2019 (515) 229-5674 kkothari@sgcsecure.com Cheap Solutions to Cybersecurity Kaushal Kothari Audit Secure Guard Consulting Internal Security Assessment (515) 229-5674 External Security Assessment and External Penetration Testing

62 views • 3 slides

Certification Program External Review Certification Program Advisory Committee Harrisburg, PA

11/5/2015 Certification Program External Review Certification Program Advisory Committee Harrisburg, PA November 5, 2015 Tom Wolf, Governor John Quigley, Secretary External Review Timeline March 11 Identify priority elements May

383 views • 10 slides

Security models Bj orn Victor Security models p.1/14 Harrison-Ruzzo-Ullman (HRU)

Information Technology Security models Bj orn Victor Security models p.1/14 Harrison-Ruzzo-Ullman (HRU) Information Technology Subjects S , objects O , access matrix M , access rights A : enforcement: read, write, execute, append,. .

371 views • 14 slides

Protection and Security Threat is potential security violation Attack is attempt to breach

CSC 4103 - Operating Systems The Security Problem Spring 2007 Security must consider external environment of the system, and protect the system resources Lecture - XX Intruders (crackers) attempt to breach security Protection and

195 views • 4 slides

Yang Models for I2NSF Capabilities draft-hares-i2nsf-capabilities-yang Susan Hares Co-author:

Yang Models for I2NSF Capabilities draft-hares-i2nsf-capabilities-yang Susan Hares Co-author: Robert Moskowitz` Capability Model (Xia, et al.) External Meta External ECA Model Model Capability sub-model Attack Mitigation Network Security

258 views • 15 slides

New Trends in Two Regional Security Complexes: Adaptjng to the New Security Challenges Dr .

New Trends in Two Regional Security Complexes: Adaptjng to the New Security Challenges Dr . Mara Laura Moreno Sainz Sciences Po Lyon, France Geneva Center for Security Policy April 28 th 2016 Latin America : an external invention

784 views • 35 slides

BUSINESS AND SECURITY Chris Klimek TALKING POINTS PERSONAL BUSINESS IMPORTANCE EXTERNAL

BUSINESS AND SECURITY Chris Klimek TALKING POINTS PERSONAL BUSINESS IMPORTANCE EXTERNAL BRAND UNDERSTANDI OF FACTORS NG SECURITY LOOKING FOR THE RIGHT FIT Walk me through the process of how you would start looking for a job or

916 views • 45 slides

Security Models: Proofs, Protocols and Certification Florent Autrau - Yassine Lakhnech -

Security Models: Proofs, Protocols and Certification Florent Autrau - Yassine Lakhnech - Jean-Louis Roch Master-2 Security, Cryptology and Coding of Information Systems ENSIMAG/Grenoble-INP UJF Grenoble University, France Security Models,

396 views • 20 slides

St State ate of Al f Alas aska ka Presented by Department of Administration State Security

St State ate of Al f Alas aska ka Presented by Department of Administration State Security Office Mark Breunig, CISO April 30, 2019 1 A Brief History External Factors Increasing external threats Successful cyber-attacks, and

387 views • 9 slides

Graphical Models Graphical Models Review of probability theory Review of probability theory

Graphical Models Graphical Models Review of probability theory Review of probability theory Siamak Ravanbakhsh Winter 2018 Learning objectives Learning objectives Probability distribution and density functions Random variable Bayes' rule

988 views • 65 slides

4 Why do we need channel models? Lecture no: Narrowband models Review of properties

RADIO SYSTEMS ETI 051 Contents 4 Why do we need channel models? Lecture no: Narrowband models Review of properties Okumuras measurements Okumura-Hata model COST 231-Walfish-Ikegami model Channel models

317 views • 10 slides

CS 642: Midterm 1 Review Questions and General Study Pointers March 2020 1 Threat Modeling,

CS 642: Midterm 1 Review Questions and General Study Pointers March 2020 1 Threat Modeling, Security Mindset Review the security mindset, and practice threat modeling on a few example websites. Also, review the various types of attacker models

401 views • 3 slides

Assessment of External Hazards Javier Yllera Department of Nuclear Safety and Security Division

Joint ICTP-IAEA Essential Knowledge Workshop on Deterministic Safety Analysis and Engineering Aspects Important to Safety Trieste, 12-23 October 2015 Assessment of External Hazards Javier Yllera Department of Nuclear Safety and Security

1.16k views • 62 slides

Integrated Science Assessment for Carbon Monoxide (2 nd External Review Draft) Briefing for Clean

Integrated Science Assessment for Carbon Monoxide (2 nd External Review Draft) Briefing for Clean Air Scientific Advisory Committee Carbon Monoxide Review Panel Office of Research and Development November 16, 2009 National Center for

419 views • 27 slides

Introduction to Computer Security Formal Security Models Pavel Laskov Wilhelm Schickard

Introduction to Computer Security Formal Security Models Pavel Laskov Wilhelm Schickard Institute for Computer Science Security instruments learned so far Symmetric and asymmetric cryptography confidentiality, integrity, non-repudiation

319 views • 29 slides

Expertise knowledge-based Policy Refinement Process T. Rochaeli and C. Eckert Technische

Expertise knowledge-based Policy Refinement Process T. Rochaeli and C. Eckert Technische Universitt Darmstadt 25.06.2007 POLICY '07, Bologna, Italy 1 Workflow and Kripke Model Workflow: computerized facilitation or automation of a

356 views • 13 slides

Improving Usability of Information Flow Security in Java Mark Thober Joint work with Scott F.

Mark Thober June 14, 2007 Improving Usability of Information Flow Security in Java Mark Thober Joint work with Scott F. Smith Department of Computer Science Johns Hopkins University PLAS 07 1 Mark Thober June 14, 2007 Motivation

580 views • 37 slides

Neural Networks: Powerful yet Mysterious MNIST (hand-written digit recognition) Power lies

Neural Networks: Powerful yet Mysterious MNIST (hand-written digit recognition) Power lies in the The working mechanism complexity of DNN is hard to understand 3-layer DNN with 10K neurons and 25M weights DNNs work as black-

459 views • 16 slides

Language-based Security FOSAD 2008 Steve Zdancewic University of Pennsylvania Confidential Data

Language-based Security FOSAD 2008 Steve Zdancewic University of Pennsylvania Confidential Data Networked information systems: PCs store passwords, e-mail, finances,... Businesses rely on computing infrastructure Military &

1.18k views • 102 slides

Probable Security of Networks LI Angsheng Institute of Software Chinese Academy of Sciences

Definitions Security model Mathematical principles Security theorems Probable Security of Networks LI Angsheng Institute of Software Chinese Academy of Sciences Joint work with Yicheng Pan, Wei Zhang Fragrant Hill Meeting 6th, Oct 2013

488 views • 36 slides

Secrecy Security Policy CSE497b - Spring 2007 Introduction Computer and Network Security

Secrecy Security Policy CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Secrecy

389 views • 23 slides

Security Policies Security Policies for Large Who is allowed to do what when Systems

Security Policies Security Policies for Large Who is allowed to do what when Systems And what happens if they do CS 239 something else Security for Networks and And whos responsible for making sure System Software thats

245 views • 3 slides

policies Security in Organizations 2011 Eric Verheul 1 Literature Main literature for this

Information security policies Security in Organizations 2011 Eric Verheul 1 Literature Main literature for this lecture: 1. ISO 27001 and ISO 27002 2. Besluit voorschrift informatiebeveiliging rijksdienst 2007 (www.wetten.nl) 3.

680 views • 40 slides