IoTSec Taxonomy Proposal

Slides:

Advertisements

Similar presentations

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Advertisements

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.

Chapter 1 – Introduction

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 An Overview of Computer Security computer security.

Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Applied Cryptography for Network Security

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering.

Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

C OMPUTER S ECURITY C ONCEPTS By: Qubilah D’souza TE computer.

Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.

Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.

1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]

Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus

Cryptography and Network Security

Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY

Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.

Introduction to Computer and Network Security

Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,

Chapter VII Security Management for an E-Enterprise -Ramyah Rammohan.

Another perspective on Network Security Network Security Essentials: Applications and Standards, 4/E William Stallings ISBN-10: ISBN-13:

Definitions of Business, E- Business, and Risk  Business: An organization involved in trade of goods and/or services to the consumers  E-Business: Application.

. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.

CST 312 Pablo Breuer. measures to deter, prevent, detect, and correct security violations that involve the transmission of information.

By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.

Overview of Database Security Introduction Security Problems Security Controls Designing Database Security.

UNIT-4 Computer Security Classification 2 Online Security Issues Overview Computer security – The protection of assets from unauthorized access, use,

Electronic Commerce Semester 1 Term 1 Lecture 14.

1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.

COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.

Information Management System Ali Saeed Khan 29 th April, 2016.

Protection of Personal Information Act An Analysis on the impact.

Network Security Overview

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Firewalls and Tunneling Firewalls –Acts as a barrier against unwanted network traffic –Blocks many communication channels –Can change the design space.

Lecture 1 Introduction Dr. nermin hamza 1. Aim of Course Overview Cryptography Symmetric and Asymmetric Key management Researches topics 2.

 Introduction  History  What is Digital Signature  Why Digital Signature  Basic Requirements  How the Technology Works  Approaches.

Information Security Principles course “Cryptology” Based of: “Cryptography and network Security” by William Stalling, 5th edition. Eng. Mohamed Adam Isak.

CS457 Introduction to Information Security Systems

Computer and Network Security

Auditing Concepts.

Management Information Systems

Information Security, Theory and Practice.

Chapter 4 – Requirements Engineering

Information System and Network Security

COMPUTER SECURITY CONCEPTS

Information Security.

BINF 711 Amr El Mougy Sherif Ismail.

Computer and Network Security

Cryptography and Network Security

DATABASE SECURITY For CSCL (BIM).

Chinese wall model in the internet Environment

Introduction to Cryptography

Cryptography and Network Security

Introduction to Course

Digital Signatures Network Security.

Confidentiality, Integrity, Nonrepudiation

Definition Of Computer Security

Presentation transcript:

IoTSec Taxonomy Proposal Consortium meeting 11. October 2018 Rune Winther Øivind Berg Multiconsult Senior Researcher Energy Economics rune.winther@multiconsult.no +47 91665762 Oivind.berg@smartinnovationnorway.com +47 995 21 679

Topics Background and goal Considerations Causes vs. consequences About the proposal Practical issues The proposal

Background and goal We want to establish a trust case (explicit argument) for security, privacy and dependability in smart grids The starting point is the claim “Smart grid is adequately secure, private and dependable (SPD)” A convincing trust case requires a precise understanding of this claim Thus, we need a taxonomy for SPD, specifically suitable for building trust cases

Considerations No ambition to establish a «globally» accepted taxonomy Focus is on our needs to formulate a precise claim in the trust case Should, as far as possible, be based on existing taxonomies «Pick and choose» The taxonomy must cover all of SPD, but also be usable for each of S, P and D separately Essential that the structure directly supports the construction of trust cases

Causes vs consequences The difference between safety and security can be described as: Security: The effect the world has on a system Safety: The effect a system has on the world From the perspective of the system, this means that: Security is about causes Safety is about consequences When establishing the taxonomy we need to be conscious about whether we characterize causes, consequences, or both

Security – Can go both ways… Security defined by the CIA triad Loss of confidentiality, integrity and availability can be interpreted as primarily being characterizations of consequences Security defined as “protection against threats” Focus is primarily on causes Neither is more correct, but we need to be consistent, and ensure that terms are understood in the same way by all stakeholders

About the taxonomy proposal Primarily focused on characterizing consequences Sort of… Typically the loss of some characteristic Top-level claim will often be about the absence of negative effects Primarily based on Laprie et.al, “dependable and secure” PIPS-project Stallings, W. Cryptography and network security: principles and practice

Practical issues Since the taxonomy is focused on consequences, we need to ensure that all relevant causes are included in the trust cases Whether unwanted events are intentional or unintentional should be explicitly addressed in the trust case Should we extend the taxonomy to address both causes and consequences? Confidentiality is in the taxonomy only associated with security, but is usually also part of dependability

The proposal - Overview

The taxonomy – Definitions - Security Confidentiality The absence of unauthorized disclosure of information. Integrity (security) Absence of unauthorized system alterations. Note: Unauthorized system alterations can be internal or external, as well as intentional or unintentional. Availability (security) Availability for authorized actions only. Authenticity The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. This means verifying that users are who they say they are and that each input arriving at the system came from a trusted source. Accountability The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action. Because truly secure systems are not yet an achievable goal, we must keep records of their activities to permit later forensic analysis to trace security breaches or to aid in transaction disputes.

The taxonomy – Definitions - Privacy Controlled collection The individual has control on what, and how, personal information is collected. Controlled processing The individual has control on how, and for what purpose, personal information is used. Controlled dissemination The individual has control on what, and how, personal information is disseminated. Invasion prevention Protection against disturbance/intrusion of an individual’s solitude or seclusion

The taxonomy – Definitions - Dependability Availability (dependability) Readiness for correct service. Reliability Continuity of correct service. Safety Absence of catastrophic consequences on the user(s) and the environment. Integrity (dependability) For safety: The probability of a safety-related system satisfactorily performing the required safety functions under all the stated conditions within a stated period of time. General: Absence of improper system alterations. Maintainability Ability to undergo modifications and repairs.