security summary
play

Security Summary Michael McCool Intel Osaka, W3C Web of Things - PowerPoint PPT Presentation

Feb 21, 2024 •308 likes •385 views

Security Summary Michael McCool Intel Osaka, W3C Web of Things F2F, 17 May 2017 Summary Summary Plenary Review of security process Breakout Review of Threat Model Stakeholders, Roles , Assets, Adversaries, Attack Surfaces,

  1. Security Summary Michael McCool Intel Osaka, W3C Web of Things F2F, 17 May 2017

  2. Summary Summary  Plenary  Review of security process  Breakout  Review of Threat Model  Stakeholders, Roles , Assets, Adversaries, Attack Surfaces, Threats, Use Cases, Objectives  External references and standards for security and privacy  Selection  Discussion of summarization and evaluation process 2/37

  3. Process Threat model – Understand what you need to protect and why Scoping – Organize and prioritize threats, define security objectives State of Art – Study related areas and their approaches to security Solutions – Find a suitable mitigation for each in-scope threat Implementation and Evaluation – Implement and Test each solution

  4. Threat Model  Stakeholders See Pull Request #318  Description, Role, Business-driven security goals, Interesting edge cases  Roles  Assets  Description, Who should have access (Trust Model), Attack Points  Adversaries  Persona, Motivation, Attacker type  Attack surfaces  System Element, Compromise Type(s), Assets exposed, Attack Method  Threats  Name, Adversary, Asset, Attack method and pre-conditions, priority  Use Cases  Security Objectives and Non-Objectives  Threats, Mitigation (if an objective), Reasoning (if not) 4/37

  5. Attack Surfaces  Boundaries depends on assets and architecture  Boundaries between domains provide attack surfaces  Hierarchy of trust 5/37

  6. External References and Standards See Pull Request #319  External References: Industrial Internet Consortium Security Framework: http://www.iiconsortium.org/IISF.htm  IETF ACE (Authentication and Authorization for Constrained Environments): https://tools.ietf.org/wg/ace/  IETF RFC 7252 (CoAP) Security model: https://tools.ietf.org/html/rfc7252  IETF (IAB) RFC 3552 – Guidelines for Writing RFC Text on Security Considerations: https://tools.ietf.org/html/rfc3552  IETF (IAB) RFC 6973 – Privacy Considerations for Internet protocols: https://tools.ietf.org/html/rfc6973  STRIDE Threat Model: https://docs.microsoft.com/en-us/azure/iot-suite/iot-security-architecture  OWASP IoT Attack Vectors: https://www.owasp.org/index.php/Threat_Risk_Modeling  IoT Security Foundation: https://iotsecurityfoundation.org/  FIPS and other national standards   Liaison References (Systems are built on top of these): OCF 1.0 Security Specification (Draft): https://openconnectivity.org/draftspecs/OCF_Security_Specification_v1.0.0.pdf  oneM2M Security Solutions, TS-0003: http://www.onem2m.org/images/files/deliverables/Release2/TS-0003_Security_Solutions-v2_4_1.pdf  OPC(-UA)?  Echonet (but… no security?), BACnet (but… no security?)  6/37

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

ITS335 Intro. to Security Concepts Threats, Attacks, Assets Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2

965 views • 34 slides
Internet Security Summary ITS335: IT Security Sirindhorn International Institute of Technology

Internet Security Summary ITS335: IT Security Sirindhorn International Institute of Technology

ITS335 Internet Security Internet Security Secure Email Internet Security Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015 its335y15s2l10,

450 views • 25 slides
Web Security HTTPS Certificates Summary ITS335: IT Security Sirindhorn International Institute

Web Security HTTPS Certificates Summary ITS335: IT Security Sirindhorn International Institute

ITS335 Web Security Browsing Applications Web Security HTTPS Certificates Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2 February 2014 its335y13s2l09,

446 views • 31 slides
Web Security HTTPS Certificates Summary ITS335: IT Security Sirindhorn International Institute

Web Security HTTPS Certificates Summary ITS335: IT Security Sirindhorn International Institute

ITS335 Web Security Browsing Applications Web Security HTTPS Certificates Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015 its335y15s2l08,

680 views • 35 slides
WLAN Security Summary 2010/02/15 (C) Herbert Haas Threat Summary Simple eavesdropping

WLAN Security Summary 2010/02/15 (C) Herbert Haas Threat Summary Simple eavesdropping

WLAN Security Summary 2010/02/15 (C) Herbert Haas Threat Summary Simple eavesdropping Radio broadcast Reduce TX powers! Encryption (WEP, TKIP, AES, IPsec) Authentication Shared secrets vs. stolen devices, large nets

964 views • 93 slides
Chosen-Ciphertext Security Chosen-Ciphertext Security without Redundancy without Redundancy

Chosen-Ciphertext Security Chosen-Ciphertext Security without Redundancy without Redundancy

Chosen-Ciphertext Security Chosen-Ciphertext Security without Redundancy without Redundancy Duong Hieu Phan David Pointcheval ENS France CNRS-ENS France Asiacrypt '03 Taipei - Taiwan December 1 st 2003 Summary Summary Asymmetric

235 views • 21 slides
Security Proofs ---- Asymmetric Encryption Introduction without Redundancy Provable Security

Security Proofs ---- Asymmetric Encryption Introduction without Redundancy Provable Security

Summary Summary Security Proofs ---- Asymmetric Encryption Introduction without Redundancy Provable Security Asymmetric Encryption Rennes January 2004 New Schemes Joint work with Duong Hieu Phan David Pointcheval David Pointcheval

638 views • 8 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
Summary Security: Applications & Aspects Part I Cryptographic Features Introduction

Summary Security: Applications & Aspects Part I Cryptographic Features Introduction

Summary Security: Applications & Aspects Part I Cryptographic Features Introduction Software vs Hardware Support Hardware Acceleration Solutions Processor Extensions for Security Basic Cyphering Part II Symmetric vs Asymmetric

1.14k views • 21 slides
Safety and Security Summary Dr. Peter Giarrizzo, Superintendent of Schools North Shore Central

Safety and Security Summary Dr. Peter Giarrizzo, Superintendent of Schools North Shore Central

Safety and Security Summary Dr. Peter Giarrizzo, Superintendent of Schools North Shore Central School District March 26, 2018 What security measures exist? Each school conducts Table Top drills to test our emergency response plans.

489 views • 10 slides
Security Middleware for Distributed applications Professor : Sophie Chabridon Ma Siqi Shalini

Security Middleware for Distributed applications Professor : Sophie Chabridon Ma Siqi Shalini

Security Middleware for Distributed applications Professor : Sophie Chabridon Ma Siqi Shalini Nagar 1 CONTENTS Security Characterizing Security General Scenario Tactics for Security A Design Checklist for Security Summary 2 01

487 views • 25 slides
Provable Security Introduction Lawrence Berkeley National Lab August 2003 David Pointcheval

Provable Security Introduction Lawrence Berkeley National Lab August 2003 David Pointcheval

Provable Security Introduction Lawrence Berkeley National Lab August 2003 David Pointcheval LIENS-CNRS Ecole normale suprieure Summary Summary Introduction Asymmetric Cryptography Computational Assumptions Security

498 views • 31 slides
NPA 2019-07 Management of Information Security Risks Summary of Discussion: AMC & GM

NPA 2019-07 Management of Information Security Risks Summary of Discussion: AMC & GM

NPA 2019-07 Management of Information Security Risks Summary of Discussion: AMC & GM Jean-Paul Moreaux Principle Cybersecurity in Aviation Coordinator 2 nd July 2019 EASA Workshop on NPA 2019-07 Your safety is our mission. An Agency

123 views • 9 slides
Provable Security in Cryptography ----- DL-based Systems ECC - Sept 24th 2002 - Essen David

Provable Security in Cryptography ----- DL-based Systems ECC - Sept 24th 2002 - Essen David

Provable Security in Cryptography ----- DL-based Systems ECC - Sept 24th 2002 - Essen David Pointcheval Ecole normale suprieure France Summary Summary The Methodology of Provable Security Complexity Assumptions

351 views • 24 slides
Security in Pervasive Wireless Security in Pervasive Wireless Systems Systems Wade Trappe

Security in Pervasive Wireless Security in Pervasive Wireless Systems Systems Wade Trappe

Security in Pervasive Wireless Security in Pervasive Wireless Systems Systems Wade Trappe Breaking Down the Issues (summary) Breaking Down the Issues (summary) Wireless is easy to sniff. We still need encryption services and key management.

533 views • 13 slides
CCM4350 Security Architecture and Engineering Lecture 2 Security Design Principles 15.10.2012

CCM4350 Security Architecture and Engineering Lecture 2 Security Design Principles 15.10.2012

CCM4350 Security Architecture and Engineering Lecture 2 Security Design Principles 15.10.2012 1 Content of Todays Lecture Summary and Wrap up on Security Terminology The Fundamental Dilemma of Security Five Design Principles

801 views • 25 slides
A Public Web Services Security Framework Based on Current and Future Usage Scenarios Internet

A Public Web Services Security Framework Based on Current and Future Usage Scenarios Internet

A Public Web Services Security Framework Based on Current and Future Usage Scenarios Internet Computing 2002 Conference, Las Vegas, June 2002 J.Thelin, Chief Architect PJ.Murray, Product Manager Cape Clear Software Inc. Web Services Usage

357 views • 11 slides
Vampire User Event: Introduction 16 th July 2020 Farzana Hampshire Contents Housekeeping

Vampire User Event: Introduction 16 th July 2020 Farzana Hampshire Contents Housekeeping

Vampire User Event: Introduction 16 th July 2020 Farzana Hampshire Contents Housekeeping Agenda Update SNCLs position Our vision for Vampire Meet the Team A few words from our Senior Management Team Vampire User

921 views • 28 slides
Fraunhofer Institute for Open Communication Systems | Kaiserin-Augusta-Allee 31 | 10589 Berlin,

Fraunhofer Institute for Open Communication Systems | Kaiserin-Augusta-Allee 31 | 10589 Berlin,

Fraunhofer Institute for Open Communication Systems | Kaiserin-Augusta-Allee 31 | 10589 Berlin, Germany RCIS 2013 Tutorial Test automation with models Marc-Florian Wendland, Ina Schieferdecker, | RCIS 2013 | 30 th May, 2013 | Paris, France Goal

1.07k views • 69 slides
Cincom Smalltalk News 2011 ESUG Update By Arden Thomas Cincom Smalltalk Product Line Manager

Cincom Smalltalk News 2011 ESUG Update By Arden Thomas Cincom Smalltalk Product Line Manager

Cincom Smalltalk News 2011 ESUG Update By Arden Thomas Cincom Smalltalk Product Line Manager Cincom Talks: Recent Work on VM by Andres Valloud Make the Past Serve the Future, Active Record/GLORP by Niall Ross, Dirk

769 views • 32 slides
CSC 5290 Cyber Security Practice Fengwei Zhang Wayne State University CSC 5290 Cyber Security

CSC 5290 Cyber Security Practice Fengwei Zhang Wayne State University CSC 5290 Cyber Security

CSC 5290 Cyber Security Practice Fengwei Zhang Wayne State University CSC 5290 Cyber Security Practice 1 Who Am I? Fengwei Zhang Assistant Professor of Computer Science Office: Maccabees Building, Room 14109.3 Emai: fengwei at

559 views • 19 slides
Security Considerations in Blaise E Environments: Options and Solutions i t O ti d S l ti

Security Considerations in Blaise E Environments: Options and Solutions i t O ti d S l ti

Security Considerations in Blaise E Environments: Options and Solutions i t O ti d S l ti Mike Rhoads and Ray Snowden, Westat IBUC 2010 Importance of IT Security p y Sample headlines Sample headlines Virginia (8/27/2010)

472 views • 20 slides
American Public Power Associations Cybersecurity Services Program APP A Western Regional

American Public Power Associations Cybersecurity Services Program APP A Western Regional

American Public Power Associations Cybersecurity Services Program APP A Western Regional Cyber Summit August 22, 2019 Anaheim, CA #PublicPower www.PublicPower.org Cyber & Physical Preparedness Help members develop

624 views • 17 slides
Cyber@UC Meeting 58 Cool GitHub Projects! If Youre New! Join our Slack: ucyber.slack.com

Cyber@UC Meeting 58 Cool GitHub Projects! If Youre New! Join our Slack: ucyber.slack.com

Cyber@UC Meeting 58 Cool GitHub Projects! If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general) Feel free to get involved with one of our committees: Content Finance Public Affairs

328 views • 19 slides

More recommend