Secure Real Time Embedded Systems Sherif Khattab and Daniel Mossé University of Pittsburgh Computer Science Department.

Slides:

Advertisements

Similar presentations

EE5900 Advanced Embedded System For Smart Infrastructure

Advertisements

Interaction model of grid services in mobile grid environment Ladislav Pesicka University of West Bohemia.

1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.

Resource Management §A resource can be a logical, such as a shared file, or physical, such as a CPU (a node of the distributed system). One of the functions.

Josh Alcorn Larry Brachfeld An in depth review of ad hoc mobile network & cloud security concerns.

David Grochocki et al.  Lures Potential attackers  Smartmeters do two way communication  Millions of Meters has to be replaced  Serious damages just.

CSE 6590 Department of Computer Science & Engineering York University 1 Introduction to Wireless Ad-hoc Networking 5/4/2015 2:17 PM.

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

P. Albertos* & A. Crespo + Universidad Politécnica de Valencia * Dept. of Systems Engineering and Control, + Dept. of Computer Engineering POB E

System and Network Security Practices COEN 351 E-Commerce Security.

Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies

An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Mitigating routing misbehavior in ad hoc networks Mary Baker Departments of Computer Science and.

PSMC Proxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White.

Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.

1 Security and Privacy in Sensor Networks: Research Challenges Radha Poovendran University of Washington

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Establishing Pairwise Keys in Distributed Sensor Networks Donggang Liu, Peng Ning Jason Buckingham CSCI 7143: Secure Sensor Networks October 12, 2004.

.NET Mobile Application Development Introduction to Mobile and Distributed Applications.

The Future of the Internet Jennifer Rexford ’91 Computer Science Department Princeton University

An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.

Building Survivable Systems based on Intrusion Detection and Damage Containment Paper by: T. Bowen Presented by: Tiyseer Al Homaiyd 1.

 Distributed Software Chapter 18 - Distributed Software1.

Chapter 1 The Challenges of Networked Games. Online Gaming Desire for entertainment has pushed the frontiers of computing and networking technologies.

Network Topologies.

Self-Organizing Adaptive Networks Hari Balakrishnan MIT Laboratory for Computer Science

Chapter 1 Intro to Routing & Switching.  Networks have changed how we communicate  Everyone can connect & share  How have networks changed the way…

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

Managing Service Metadata as Context The 2005 Istanbul International Computational Science & Engineering Conference (ICCSE2005) Mehmet S. Aktas

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Agile Objects: Component-based Inherent Survivability.

A Lightweight Platform for Integration of Resource Limited Devices into Pervasive Grids Stavros Isaiadis and Vladimir Getov University of Westminster

Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

1 Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University Excerpted from

A Design for Secure and Survivable Wireless Sensor Networks Yi Qian, Kejie Lu, David Tipper Presented by: William Newton University of Maryland, Baltimore.

VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.

Security Patterns in Wireless Sensor Networks By Y. Serge Joseph October 8 th, 2009 Part I.

Resisting Denial-of-Service Attacks Using Overlay Networks Ju Wang Advisor: Andrew A. Chien Department of Computer Science and Engineering, University.

Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.

Summary of Distributed Computing Security Yifeng Zou Georgia State University

Research Interest overview and future directions Mina Guirguis Computer Science Department Texas State University – San Marcos CS5300 9/16/2011.

Virtual Workspaces Kate Keahey Argonne National Laboratory.

Packet-Marking Scheme for DDoS Attack Prevention

R ECONFIGURABLE SECURITY SUPPORT FOR EMBEDDED SYSTEMS 1 AKSHATA VARDHARAJ.

Ad Hoc Network.

Security in Wireless Ad Hoc Networks. 2 Outline  wireless ad hoc networks  security challenges  research directions  two selected topics – rational.

Tufts Wireless Laboratory Tufts University School Of Engineering Real-Time Data Services for Cyber Physical Systems Zhong Zou.

Security Issues in Distributed Sensor Networks Yi Sun Department of Computer Science and Electrical Engineering University of Maryland, Baltimore County.

Attacking on IPv6 W.lilakiatsakun Ref: ipv6-attack-defense-33904http://

Cooperative Robotics and Sensor Networks Isaac Rieksts My web site

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #25 Dependable Data Management.

1 Roaming Honeypots for Mitigating Service-Level Denial-of-Service Attacks Written by: Sherif M. Khattab Chatree Sangpachatanarukz Daniel Mossé Rami Melhem.

Euro-Par, HASTE: An Adaptive Middleware for Supporting Time-Critical Event Handling in Distributed Environments ICAC 2008 Conference June 2 nd,

Energy Efficient Detection of Compromised Nodes in Wireless Sensor Networks Haengrae Cho Department of Computer Engineering, Yeungnam University Gyungbuk.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Creating the Network Design Designing and Supporting Computer Networks – Chapter.

Wireless sensor and actor networks: research challenges Ian. F. Akyildiz, Ismail H. Kasimoglu

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Lecture 8: Wireless Sensor Networks By: Dr. Najla Al-Nabhan.

In the name of God.

Albert M. K. Cheng Embedded Real-Time Systems

Intrusion Tolerance for NEST

Outline Introduction Characteristics of intrusion detection systems

Defending Against DDoS

Securing Wireless Sensor Networks

Fault Tolerance Distributed Web-based Systems

Path key establishment using multiple secured paths in wireless sensor networks CoNEXT’05 Guanfeng Li University of Pittsburgh, Pittsburgh, PA Hui Ling.

IT351: Mobile & Wireless Computing

Presentation transcript:

Secure Real Time Embedded Systems Sherif Khattab and Daniel Mossé University of Pittsburgh Computer Science Department

Embedded Systems Before: isolated, closed systems Later: connected thru dedicated phone lines Now, web connected; control can be done remotely Convenience costs LOTS of remote security issues  Safety and security are big issues, since these systems (now on the web) control actual industrial plants and other devices Attacker’s goal: compromise data and deadlines Defender’s goal: satisfy deadlines, despite overhead

POTS? Voice over IP? Assume VoIP is widespread (skype anyone?) Assume compromised nodes can attack POTS  Use VoIP to attack dialup control systems  Distributed Denial of Service: lots of VoIP clients compromised attack control system to a slow or fast death…

Denial of Service DoS attacks cause system overload, overloads cause timing failures (missed deadlines, control period) System needs to react when it cannot  Suggested approach: reserve security bandwidth? RTSs are a perfect candidate  Every new component creates a new vulnerability  Make detection a real-time task (temporally secure) characteristics? temporally vulnerable? Mitigating DoS attacks in RTSs or EmSys  Mixture of static and dynamic analysis?  Relation with imprecise, reward-based, version-based, elastic, …, computing? Power grids, sensor networks, industrial control systems…

DoS (dist system) More difficult problem:  Need to meet end to end deadlines  Ensure that all messages arrive safely  Network partitions are possible (common?)  Distributed and quick detection may be needed  Coordinated attacks are the norm  Each compromised node is undetected Cooperation among hosts, routers and other network entities is essential/crucial  Backward compatibility a must for early deployment

DoS (wireless system) Single attacker can influence many victims Physical proximity can also be compromised  Need more defenses.  Need localization services?

Requirements Need another property, namely security level  Do we need YARTM? (yet another RT task model?)  Include a measure of robustness and power/energy  Complete model includes attackers’ capabilities and constraints (battery, CPU, etc), attack model (correlated attacks, spoofing attacks, etc) However, security is on the eye of the system integrator  Need to provide tradeoffs  Specification is needed  Need to remember that data exists forever

Questions Define the difference between security and fault tolerance? Similar in RTSs? In EmSys? Find tradeoff of crypto/security deadline misses Need efficient intrusion detection mechanisms What is special (besides funding ) in secure embedded systems?? Similar, but for small devs  Cannot afford the power for public key crypto  Need adaptive security; does it compromise security?  Relatively light attacks may be crippling What detection mechanisms can we use that satisfy all restrictions of embedded systems?