synergy collaborative security and privacy aware cyber
play

Synergy: Collaborative: Security and Privacy-Aware Cyber-Physical - PowerPoint PPT Presentation

Nov 13, 2023 •750 likes •1.11k views

Synergy: Collaborative: Security and Privacy-Aware Cyber-Physical Systems (NSF CNS-1505799 and the Intel-NSF Partnership for Cyber- Physical Systems Security and Privacy) Insup Lee (PI) PRECISE Center School of Engineering and Applied Science

  1. Synergy: Collaborative: Security and Privacy-Aware Cyber-Physical Systems (NSF CNS-1505799 and the Intel-NSF Partnership for Cyber- Physical Systems Security and Privacy) Insup Lee (PI) PRECISE Center School of Engineering and Applied Science University of Pennsylvania Intel-NSF Project Meeting Stanford University July 12 & 13, 2018

  2. Team Members Insup Lee (PI, Penn) Andreas Haeberlen (Penn) Bill Hanson (UPHS) Nadia Heninger (Penn) Ross Koppel (Penn, Sociology) Miroslav Pajic (Duke) George Pappas (Penn) Linh Phan (Penn) Rita Powell (Penn) Kang G. Shin (Michigan) Oleg Sokolsky (Penn) James Weimer (Penn) Christopher Yoo (Penn, Law) 7/12/18 2

  3. Outline • Intro on CPS security • What our team has done • Lily’s Questions 7/12/18

  4. Cyber-Physical Systems We are heading towards (living in?) a sensor-driven world need control systems capable of operating in malicious environments 7/12/18 4

  5. Cyber-Physical Systems Security

  6. CPS security incidents – Siberian pipeline: June 1982: • Soviets stole control software from Canadian company. • US influence Canadian company to alter code such that pipeline pressures would build up. • Explosion could be seen from space. 7/12/18 cyber-physical attacks: a growing invisible threat: George Loukas, 2015. 6

  7. CPS security incidents – Maroochi Shire sewage hacking, Spring 2000: • Disgruntled employee hacked control system to release tons of raw sewage into the neighborhood 7/12/18 cyber-physical attacks: a growing invisible threat: George Loukas, 2015. 7

  8. CPS security incidents – Stuxnet: 2009: • Attack on Iranian nuclear facility • Used 4 undiscovered exploits targeting control 7/12/18 cyber-physical attacks: a growing invisible threat: George Loukas, 2015. 8

  9. CPS security incidents – US Drone captured: 2011: • Iran captured predator drone that landed in the wrong area. • GPS spoofing • “System” worked perfectly – sensor measurements were wrong 7/12/18 cyber-physical attacks: a growing invisible threat: George Loukas, 2015. 9

  10. CPS security incidents – IoT DDoS : October 21, 2016 • Thousands of devices overtaken using default passwords • Organized into botnet to flood DNS provider • Took down many major websites – $17 Billion cost to economy (0.1% of GDP) 7/12/18 cyber-physical attacks: a growing invisible threat: George Loukas, 2015. 10

  11. CPS security incidents Common Vulnerabilities and Exposures (CVEs) (1988 – 2012) cyber-physical attacks: a growing invisible threat: George Loukas, 2015. 7/12/18 11 25-years of vulnerabilities, 1988-2012. Yves Younan.

  12. Typical CPS Architecture The Cloud Internet complex platform architecture Internet-connected car Local (control) network Actuators Sensors temperature CO extreme smoke detector motion sensor detector detector natural flood gas detector pressure mat pillow alert Physical world smart medical comm. unit home enuresis sensor medical devices call-for-help button bed occupancy medication sensor dispenser fall detector 7/12/18 12

  13. Software as a Medical Device (SaMD) Medical device defined by • FDA release of clinical evaluation software that interacts with guidelines on Dec 8, 2017 existing FDA certified devices Benefits: • – simplified pathway to certification – potential for formal safety guarantees Challenges: • – tools to enable developers • lack of standardization makes development hard – IoMT infrastructure development • interfacing with devices • deployment hardware • real-time guarantees • EHR APIs 7/12/18 13

  14. Internet of Medical Things (IoMT) Remote Devices In-Clinic Devices (MCPS) IoMT + SaMD patient clinician personalized automation 7/12/18 14

  15. What is CPS Security? • A CPS attack whose goal is to (negatively) affect the interaction between a CPS and the physical world – Originates through any attack surface • cyber, physical, or any combination of cyber/physical • CPS security concerns the development of technologies for defending against CPS attacks – e.g., discovering new vulnerabilities, techniques for detection/mitigation/recovery, … 7/12/18 15

  16. Cyber- vs. CPS security • All cyber-security challenges are still there! • New challenges – Larger attack surface – New kinds of attacks – Imperfect system models • New opportunities – Laws of physics – Natural redundancy – Operational context 7/12/18 16

  17. CPS Attack Surfaces Cyber attack surfaces • The Cloud – e.g., communication, networks, computers, databases, ... Internet Physical attack surfaces • – e.g., locks, casings, cables, ... Environmental attack surfaces • Local (control) network – e.g., GPS signal, electro-magnetic Actuators Sensors interference, battery draining/cycling/heating, … Human attack surfaces • – e.g., phishing, bribing, blackmail, Physical world etc. 7/12/18 17

  18. CPS Security Challenges Foundational Challenges • – How to build an ideal resilient CPS? – Quantifying CPS attacks effectiveness • wide variability in metrics for CPS security • concerns depend on the CPS mission – System evolution • operate in many different physical environments • adapt to physical surroundings – Operating scenarios restrict defensive capabilities • patching and frequent updates, are not well suited for control systems • real-time availability provides a stricter operational environment than most traditional IT systems. • legacy systems may not be updated Social and Legal Challenges • – What solutions will be accepted by practitioners? – Who/what is liable when such a system fails due to security and privacy attacks? 7/12/18 18

  19. Interaction Complexity • Cyber physical systems are systems of components – Heterogeneous computation and interaction models • Composition of components are about the interactions of systems • “Normal Accidents”, an influential book by Charles Perrow (1984) – One of the Three Mile Island investigators – NRC Study “Software for Dependable Systems: Sufficient Evidence?” • Posits that sufficiently complex systems can produce accidents without a simple cause due to interactive complexity and tight coupling 7/12/18 19

  20. Unintended Feature Interactions • A complex system exhibits complex interactions due to – Unexpected interferences that are not visible or not immediately comprehensible – Unfamiliar or unintended feedback loops – Limited isolation of failed components • Examples of Security Vulnerabilities – Secure door lock and rollover – Meltdown/Spectra(?) 7/12/18 20

  21. Improving CPS security • Apply suitable best (cyber) security practices • CPS can provide additional information – CPS architecture / physical-world interface • e.g., multiple sensors, actuators, controllers – Environmental context • e.g., operating conditions (rain/snow), geographic location – Physical constraints and guarantees • e.g., laws of physics, bounds on power, CPU speed, network bandwidth • How to leverage additional information to improve CPS security? 7/12/18 21

  22. Security and Privacy-Aware Cyber-Physical Systems Challenges: Scientific Impact: • How to build an ideal resilient CPS? • Foundational understanding The Cloud • Case studies from different CPS – architecture, build blocks and capabilities, design requirements domains (transportation, (technical, legal, social) medical) to ensure that results are • What solutions will be accepted generally applicable Internet temperature by practitioners? CO detector sensor smoke detector flood natural detector motion gas detector • Who/what is liable when such pressure mat a system fails due to security pillow alert comm. smart medical and privacy attacks? enuresis unit home sensor Local (control) network call-for-help bed occupancy Actuators Internet-connected car Sensors button medication sensor dispenser fall detector Solution: Broader Impact: • Platform support for security • Safer and more trustworthy CPS and • Security-aware control design IoT systems • Differential privacy in CPS Physical world • Clarification of legal • Privacy-related tradeoffs for CPS consequences • Human-in-the-loop security • Joint law/engineering assurance workforce training 7/12/18 22

  23. Two Complementary Approaches • Robustness – Employ preventive measures – Tolerate small problems with acceptable loss of performance • Detection and recovery – Attack/anomaly detection: redundant sensors, models, laws of physics, context – Recover: forward recovery/mitigation • Complementary – Not every attack can be masked – Attacks can exceed system robustness 7/12/18 23

  24. Overall technical approach Task 3: Working with sensitive data Task 1: Platform support for CPS security • Homeomorphic encryption • Timing Guarantees for Accountability • Differential Privacy in Distributed Systems • Bounded-Time Recovery • Differential Privacy for Medical Data • Secure Synchronous Provenance • Security and Privacy Duality in Control of CPS Task 2: Security-Aware Control Design Task 4: CPS security assurance • Robust Attack Detection and Identification • Human factors in CPS security assurance • Platform-Aware Attack-Resilient Control Systems • Policy-Aware Modeling of CPS • Control-Aware Cryptography • Security Assurance Cases for CPS 7/12/18 24

  25. Research Results Summary

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security and Privacy-Aware Cyber-Physical Systems: Legal Considerations Christopher S. Yoo

Security and Privacy-Aware Cyber-Physical Systems: Legal Considerations Christopher S. Yoo

Security and Privacy-Aware Cyber-Physical Systems: Legal Considerations Christopher S. Yoo University of Pennsylvania July 12, 2018 Overview of Research Tort and products liability for CPS Privacy and cybersecurity regulation NHTSA

472 views • 25 slides
System Aware Cyber Security Barry M. Horowitz, PI University of Virginia November, 2012 System

System Aware Cyber Security Barry M. Horowitz, PI University of Virginia November, 2012 System

System Aware Cyber Security Barry M. Horowitz, PI University of Virginia November, 2012 System Aware Cyber Security Operates at the system application-layer , For security inside of the network and perimeter protection provided for the

164 views • 3 slides
Collaborative and privacy-aware sensing for Gon calves, Rui Jos e, Carlos Baquero

Collaborative and privacy-aware sensing for Gon calves, Rui Jos e, Carlos Baquero

Collaborative and privacy-aware sensing for observing urban movement patterns Nelson Collaborative and privacy-aware sensing for Gon calves, Rui Jos e, Carlos Baquero observing urban movement patterns Universidade do Minho and

643 views • 16 slides
CORPORATE SECURITY IMPROVED SECURITY FOR THE MID-MARKET 1 SYNERGIES ACROSS SEGMENTS Privacy

CORPORATE SECURITY IMPROVED SECURITY FOR THE MID-MARKET 1 SYNERGIES ACROSS SEGMENTS Privacy

Jens Thonke, EVP, Cyber Security Services Jyrki Rosenberg, EVP, Corporate Cyber Security CORPORATE SECURITY IMPROVED SECURITY FOR THE MID-MARKET 1 SYNERGIES ACROSS SEGMENTS Privacy Family Connected home 2 F-Secure Capital Markets Day 2017

736 views • 19 slides
System Aware Cyber Security Application of Dynamic System Models and State Estimation Technology

System Aware Cyber Security Application of Dynamic System Models and State Estimation Technology

System Aware Cyber Security Application of Dynamic System Models and State Estimation Technology to the Cyber Security of Physical Systems Barry M. Horowitz, Kate Pierce University of Virginia April, 2012 This material is based upon work

518 views • 41 slides
Cyber Security and Privacy Issues in Smart Grids Acknowledgement: Slides by Hongwei Li from

Cyber Security and Privacy Issues in Smart Grids Acknowledgement: Slides by Hongwei Li from

2015/10/30 Cyber Security and Privacy Issues in Smart Grids Acknowledgement: Slides by Hongwei Li from Univ. of Waterloo References Main Reference Liu, J. and Xiao, Y. and Li, S. and Liang, W. and Chen, C. Cyber Security and

397 views • 13 slides
90% OF CYBER ATTACKS ARE 90% OF CYBER ATTACKS ARE SUCCESSFUL DUE TO HUMAN SUCCESSFUL DUE TO

90% OF CYBER ATTACKS ARE 90% OF CYBER ATTACKS ARE SUCCESSFUL DUE TO HUMAN SUCCESSFUL DUE TO

90% OF CYBER ATTACKS ARE 90% OF CYBER ATTACKS ARE SUCCESSFUL DUE TO HUMAN SUCCESSFUL DUE TO HUMAN ERROR ERROR CYBER AWARE CYBER AWARE NEXT-GEN SECURITY AWARENESS TRAINING Cyber Crime Is Now A Cyber Crime Is Now A Business Opportunity

550 views • 25 slides
Institute for Cyber Security A Framework for Risk-Aware Role Based Access Control Khalid Zaman

Institute for Cyber Security A Framework for Risk-Aware Role Based Access Control Khalid Zaman

Institute for Cyber Security A Framework for Risk-Aware Role Based Access Control Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu Institute for Cyber Security University of Texas at San Antonio October 16, 2013 SafeConfig 2013: IEEE 6th

227 views • 18 slides
Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence

Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence

Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence Service 05-10-2015 05-10-2015 Who are we? Centre for Cyber Security In respect of the Rule of Law and Privacy Cyber is a priority (Gov.

455 views • 18 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
AI and Cyber Warfare Ernesto Damiani 12-09-2019 ku.ac.ae KU Cyber-Physical Systems Center

AI and Cyber Warfare Ernesto Damiani 12-09-2019 ku.ac.ae KU Cyber-Physical Systems Center

AI and Cyber Warfare Ernesto Damiani 12-09-2019 ku.ac.ae KU Cyber-Physical Systems Center (C2PS) SECURITY OF THE GLOBAL ICT INFRASTRUCTURE Network and Communications Security Business Process Security and Privacy Security and

667 views • 15 slides
Resilient Cyber Security and Privacy Butler Lampson Microsoft Research Cyberforum April 7,

Resilient Cyber Security and Privacy Butler Lampson Microsoft Research Cyberforum April 7,

Resilient Cyber Security and Privacy Butler Lampson Microsoft Research Cyberforum April 7, 2015 Security: What we know how to do Secure something simple very well Protect complexity by isolation and sanitization Stage security

399 views • 18 slides
The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director

The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director

The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director Global Privacy & Security by Design Centre Technion Summer School on Cyber Security Haifa, Israel September 9, 2020 Lets Dispel The Myths

929 views • 55 slides
Cyber Security Risk Management For November 6, 2014 Jim Halpert Co-Chair Global Privacy &

Cyber Security Risk Management For November 6, 2014 Jim Halpert Co-Chair Global Privacy &

Cyber Security Risk Management For November 6, 2014 Jim Halpert Co-Chair Global Privacy & Security Practice jim.halpert@DLAPiper.com Trends Point of Sale Attacks Malware Skimming Industrial Control Systems and Critical

636 views • 26 slides
The Internet Security Alliance The Internet Security Alliance is a collaborative effort with

The Internet Security Alliance The Internet Security Alliance is a collaborative effort with

The Internet Security Alliance The Internet Security Alliance is a collaborative effort with Carnegie Mellon University. It is a cross-sector, internationally- based trade association devoted to cyber security. ISA has individual corporate

349 views • 30 slides
Synergy of social networks defeats online privacy Eleonora Petridou Marek Kuczy nski System

Synergy of social networks defeats online privacy Eleonora Petridou Marek Kuczy nski System

Synergy Of Social Networks Defeats Online Privacy, www.socialsynergy.nl Synergy of social networks defeats online privacy Eleonora Petridou Marek Kuczy nski System And Network Engineering University of Amsterdam February 2, 2011 Synergy

710 views • 37 slides
Basic Infection Prevention Issues New Construction Renovation Repairs Lets Start with New

Basic Infection Prevention Issues New Construction Renovation Repairs Lets Start with New

Infection Prevention Boot Camp I for the Novice January 16 17, 2020 Infection Preventionist Infection Prevention in Construction and Renovation Linda R. Greene, RN, MPS,CIC, FAPIC Barbara Russell, MPH, BS, RN, CIC, FAPIC Basic Infection

394 views • 17 slides
Advanced Laparoscopic and Hysteroscopic Skills: Techniques to make hard cases easier No

Advanced Laparoscopic and Hysteroscopic Skills: Techniques to make hard cases easier No

Advanced Laparoscopic and Hysteroscopic Skills: Techniques to make hard cases easier No disclosures Alison Jacoby, MD ! Director, Comprehensive Fibroid Center Keys to success Learning Objectives Laparoscopic entry: port placement, cosmetic

952 views • 10 slides
Mogden Sewage Treatment Works Residents Liaison Meeting 26 April 2018 1 Mogden Residents Meeting

Mogden Sewage Treatment Works Residents Liaison Meeting 26 April 2018 1 Mogden Residents Meeting

Mogden Sewage Treatment Works Residents Liaison Meeting 26 April 2018 1 Mogden Residents Meeting Mogden Agenda Welcome and introductions Review of previous minutes and actions Mogden Technical Work Group update

346 views • 30 slides
LARGE DATA AND BIOMEDICAL COMPUTATIONAL PIPELINES FOR COMPLEX DISEASES Ezekiel Adebiyi, PhD

LARGE DATA AND BIOMEDICAL COMPUTATIONAL PIPELINES FOR COMPLEX DISEASES Ezekiel Adebiyi, PhD

1 LARGE DATA AND BIOMEDICAL COMPUTATIONAL PIPELINES FOR COMPLEX DISEASES Ezekiel Adebiyi, PhD Professor and Head, Covenant University Bioinformatics Research and CU NIH H3AbioNet node Covenant University, Ota, Nigeria A talk given at the joint

294 views • 26 slides
T he CARE - Inde x use in the fore nsic e va lua tion for the c hild prote c tive proje c

T he CARE - Inde x use in the fore nsic e va lua tion for the c hild prote c tive proje c

T he CARE - Inde x use in the fore nsic e va lua tion for the c hild prote c tive proje c t L uc ia Di F ilippo Ph.D., c og nitive psyc hote ra pist a nd psyc holog ist for Child Prote c tion Se rvic e - Ce ntro di T e ra pia de

461 views • 23 slides
Janice Burberry Head of Public Health (Children and Families) Leeds City Council Leeds in

Janice Burberry Head of Public Health (Children and Families) Leeds City Council Leeds in

Bucking the trend: impact of a city-wide child healthy weight strategy. Janice Burberry Head of Public Health (Children and Families) Leeds City Council Leeds in context Big city and growing Over 5 0,000 under 5s Strong economy

555 views • 19 slides
A Very Short Introduction to Pervasive Computing Nicola Dragoni Embedded Systems Engineering

A Very Short Introduction to Pervasive Computing Nicola Dragoni Embedded Systems Engineering

DTU Informatics Department of Informatics and Mathematical Modelling A Very Short Introduction to Pervasive Computing Nicola Dragoni Embedded Systems Engineering Section DTU Informatics Technical University of Denmark These slides have been

462 views • 23 slides
Bridging Research in Ageing and ICT Development (BRAID)

Bridging Research in Ageing and ICT Development (BRAID)

Bridging Research in Ageing and ICT Development (BRAID) Elizabeth Cummings University of Tasmania ConsorBum members 1. Queens University Belfast (QUB) UK (Belfast)

991 views • 23 slides

More recommend