Internet of Things: Security Challenges

Slides:



Advertisements
Similar presentations
Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology Department of Information.
Advertisements

ROWLBAC – Representing Role Based Access Control in OWL
TU e technische universiteit eindhoven / department of mathematics and computer science Modeling User Input and Hypermedia Dynamics in Hera Databases and.
Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.
The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.
Access Control RBAC Database Activity Monitoring.
CSCE 522 Building Secure Software. CSCE Farkas2 Reading This lecture – McGraw: Ch. 3 – G. McGraw, Software Security,
Attribute-Based Access Control Models and Beyond
CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.
Testing Implementations of Access Control and Authentication Graduate Students: Ammar Masood, K. Jayaram School of Electrical and Computer Engineering.
FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
Database Security By Bei Yuan. Why do we need DB Security? Make data arranged and secret Secure other’s DB.
Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.
CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.
Web-based E-commerce Architecture
Division of IT Convergence Engineering Towards Unified Management A Common Approach for Telecommunication and Enterprise Usage Sung-Su Kim, Jae Yoon Chung,
Threats, Risk Assessment, and Policy Management in UbiComp Workshop on Security in UbiComp UBICOMP 2002, 29th Sept. Göteborg, Sweden Philip Robinson, SAP.
The Science of Cyber Security Laurie Williams 1 Figure from IEEE Security and Privacy, May-June 2011 issue.
Ontology-based and Rule-based Policies: Toward a Hybrid Approach to Control Agents in Pervasive Environments The Semantic Web and Policy Workshop – ISWC.
CSCE 201 Introduction to Information Security Fall 2010 Access Control.
11 World-Leading Research with Real-World Impact! Risk-Aware RBAC Sessions Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu Institute for Cyber Security.
Ontology Summit 2015 Track C Report-back Summit Synthesis Session 1, 19 Feb 2015.
Computer Science and Engineering 1 Information Assurance Research Department of Computer Science and Engineering University of South Carolina, Columbia.
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
Secure Systems Research Group - FAU SW Development methodology using patterns and model checking 8/13/2009 Maha B Abbey PhD Candidate.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
FRAC: Implementing Role-Based Access Control for Network File Systems Aniruddha Bohra, Stephen Smaldone, and Liviu Iftode Department of Computer Science.
CSCE 548 Secure Software Development Security Operations.
16/11/ Semantic Web Services Language Requirements Presenter: Emilia Cimpian
Csilla Farkas Department of Computer Science and Engineering University of South Carolina
1 T. Hill Review of: ROWLBAC – Representing Role Based Access Control in OWL T. Finin, A. Joshi L. Kagal, B. Thuraisingham, J. Niu, R. Sandhu, W. Winsborough.
MIS323 – Business Telecommunications Chapter 10 Security.
Selected Semantic Web UMBC CoBrA – Context Broker Architecture  Using OWL to define ontologies for context modeling and reasoning  Taking.
Big Data Analytics Are we at risk? Dr. Csilla Farkas Director Center for Information Assurance Engineering (CIAE) Department of Computer Science and Engineering.
Context Aware RBAC Model For Wearable Devices And NoSQL Databases Amit Bansal Siddharth Pathak Vijendra Rana Vishal Shah Guided By: Dr. Csilla Farkas Associate.
Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 1: Why Study Information Security?
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
1 Role-Based Access Control (RBAC) Prof. Ravi Sandhu Executive Director and Endowed Chair January 29, © Ravi.
CS457 Introduction to Information Security Systems
The Internet of Things for Health Care
Application Intrusion Detection
Non-Traditional Databases
Building Trustworthy Semantic Webs
CSCE 548 Secure Software Development Use Cases Misuse Cases
Logics for Data and Knowledge Representation
Trusted Routing in IoT Dr Ivana Tomić In collaboration with:
Data & Network Security
Data and Applications Security Developments and Directions
World-Leading Research with Real-World Impact!
Lecture #11: Ontology Engineering Dr. Bhavani Thuraisingham
CNET334 - Network Security
CSCE 548 Secure Software Development Test 1 Review
University of Technology
Online Compliance Monitoring of Service Landscapes
Seraphim : A Security Architecture for Active Networks
Role-Based Access Control (RBAC)
Data/Analysis Challenges in the Electronic Business Environment
Data/Analysis Challenges in the Electronic Business Environment
Logics for Data and Knowledge Representation
Security and Privacy in Pervasive/Ubiquitous Computing Systems
IS4680 Security Auditing for Compliance
Towards Unified Management
Scalable and Efficient Reasoning for Enforcing Role-Based Access Control
Introduction to Cryptography
Data and Applications Security Developments and Directions
Access Control Evolution and Prospects
Cyber Security R&D: A Personal Perspective
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

Internet of Things: Security Challenges Csilla Farkas Department of Computer Science and Engineering University of South Carolina farkas@cec.sc.edu

Source: http://www. ipofferings

What are the security challenges?

https://www.youtube.com/watch?v=y7Gs1dB_bFw

What are the security challenges?

What are the security challenges?

Secure Software Development Requirement and Use cases Architecture and Design Test Plans Code Tests and Test Results Feedback from the Field 5. Abuse cases 6. Security Requirements 2. Risk Analysis External Review 4. Risk-Based Security Tests 1. Code Review (Tools) 3. Penetration Testing 7. Security Operations

Communication Security Passive attacks: Eavesdropping Monitoring Active attacks: Masquerade Replay Modification of messages Denial of service Cryptographic protocols

Device Security Source:smallbusiness.chron.com Source mobihealthnews.com Source: www.edn.com Source:smallbusiness.chron.com Source: kulichet.com Surce: www.pardaz.net Source: www.health.mil

New Types of Threats

Secure Data Management Data intensive applications Data driven research -- data warehouses Data Integration Sensitive data New types of misuse

DATA Volume Velocity Variety

Semantics Domain Knowledge Device information Context-specification Security policy Data Management Data quality Data integration Data query and storage Source: https://www.w3.org/Submission/2015/SUBM-iot-lite-20151126/

Security Policies . Users Roles Permissions Sessions User assignment Constraints Role Hierarchy Property Roles as Classes Roles as Values   Defining Roles <RoleName> rdfs:subclassOf rbac:Role. <Ac- tiveRoleName> rdfs:subClassOf rbac:ActiveRole. <ActiveRoleName> rdfs:subclassOf <Role- Name>. <RoleName> rbac:activeForm <ActiveRoleName> <RoleName> a rbac:Role. Role Hierarchy <RoleName> rdfs:subclassOf <SuperRole- Name> <RoleName> rbac:subRole <SuperRoleName> Permission Association OWL class expression <RoleName> rbac:permitted <Action> Static Separation of Duty Constraint <Role1> owl:disjointFrom <Role2> <Role1> rbac:ssod <Role2> Dynamic Separation of <ActiveRole1> owl:disjointFrom <ActiveRole2> <Role1> rbac:dsod <Role2> Queries role activation permitted, separation of duty, ac- cess monitoring Enforcing RBAC Mostly using DL reasoning Mostly using rules

What are the new security needs? IoT in the Future Interconnection of cyber-physical systems Interoperation and adaptive policy composition Full automation … What are the new security needs?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.