Graciela Saunders.  Introduction / Review  Challenges to Embedded Security  Approaches to Embedded Security  Security Analysis & Attack Taxonomy 

Slides:



Advertisements
Similar presentations
Operating System Security
Advertisements

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
New Direction for Software Protection in Embedded Systems Department of EECS University of Michigan Feb 22, 2007 Kang G. Shin.
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
Lecture 1: Overview modified from slides of Lawrie Brown.
Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.
1 Telstra in Confidence Managing Security for our Mobile Technology.
1 An Overview of Computer Security computer security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Towards Application Security On Untrusted OS
Introduction (Pendahuluan)  Information Security.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.
©Ian Sommerville 2006Critical Systems Slide 1 Critical Systems Engineering l Processes and techniques for developing critical systems.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Securing Information Systems
SEC835 Database and Web application security Information Security Architecture.
Section 11.1 Identify customer requirements Recommend appropriate network topologies Gather data about existing equipment and software Section 11.2 Demonstrate.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.
ISA 562 Internet Security Theory & Practice
Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.
G53SEC 1 Reference Monitors Enforcement of Access Control.
Computer Security: Principles and Practice
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Welcome to Introduction to Computer Security. Why Computer Security The past decade has seen an explosion in the concern for the security of information.
CE Operating Systems Lecture 3 Overview of OS functions and structure.
Chapter 7 Securing Commercial Operating Systems. Chapter Overview Retrofitting Security into a Commercial OS History of Retrofitting Commercial OS's Commercial.
G53SEC 1 Reference Monitors Enforcement of Access Control.
© 2001 Objective Interface Systems, Inc. Common Expressions/Languages for Protection Profiles Bill Beckwith Objective Interface Systems,
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
Welcome to CPS 210 Graduate Level Operating Systems –readings, discussions, and programming projects Systems Quals course –midterm and final exams Gateway.
M. Alexander Helen J. Wang Yunxin Liu Microsoft Research 1 Presented by Zhaoliang Duan.
Improving Xen Security through Disaggregation Derek MurrayGrzegorz MilosSteven Hand.
Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319.
Operating Systems Security
Csci5233 computer security & integrity 1 An Overview of Computer Security.
Wireless and Mobile Security
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
Computer Security By Duncan Hall.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.
Chapter 19: Building Systems with Assurance Dr. Wayne Summers Department of Computer Science Columbus State University
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
1 Security Architecture and Designs  Security Architecture Description and benefits  Definition of Trusted Computing Base (TCB)  System level and Enterprise.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
CS457 Introduction to Information Security Systems
Securing Network Servers
INFORMATION SYSTEMS SECURITY AND CONTROL.
CMSC 345 Defensive Programming Practices from Software Engineering 6th Edition by Ian Sommerville.
Secure Software Confidentiality Integrity Data Security Authentication
Exam Review.
Security in Networking
How to Mitigate the Consequences What are the Countermeasures?
Operating Systems: A Modern Perspective, Chapter 3
Presentation transcript:

Graciela Saunders

 Introduction / Review  Challenges to Embedded Security  Approaches to Embedded Security  Security Analysis & Attack Taxonomy  Role of the OS in Embedded Security

 Industrial Trends:  Automotive Electronics  Telecommunications  Avionics  Railways  Healthcare  Monitor & control of plants & equipment  Why is security so important?  The role of embedded systems  The damage caused by attacks

 Resource Limitations  Processing gap  Battery gap  Memory constraints  Deployment Scale  Size/complexity of code  Cost  No “correct” solution

1 grand/grand_embedded_security_US04.pdfhttps:// grand/grand_embedded_security_US04.pdf  Nothing is ever 100% Secure  Given enough time, resources, and motivation, an attacker can break any system  Secure your product/system against a specific threat  What needs to be protected?  Why is it being protected?  Who are you protecting against? (define the enemy)

1 grand/grand_embedded_security_US04.pdfhttps:// grand/grand_embedded_security_US04.pdf

 Design, design, design!  Security Analysis:  What are the main causes of successful attacks?  What type of attack are embedded system open to?  What type of attacker am I up against?  What are my attackers goals?  What are the main vulnerabilities of embedded systems?  What are the main threat vectors?  What effect will an attack have?  How can we use this knowledge to improve security?

 Insider Attack  Significant percentage of breaches  Disgruntled employees  Lunchtime Attack  Take place during a small window of opportunity  Focused Attack  Time, money, and resources not an issue  Hardware  Software  Communication Stack 1 grand/grand_embedded_security_US04.pdfhttps:// grand/grand_embedded_security_US04.pdf

 Class I: Clever Outsiders  Intelligent, but have limited system knowledge  Try to take advantage of an existing weakness  Class II: Knowledgeable Insiders  Substantial specialized technical experience  Highly sophisticated tools and instruments  Class III: Funded Organizations  Specialists backed by great funding resources  In-depth analysis, sophisticated attacks, highly advanced analysis tools 1 grand/grand_embedded_security_US04.pdfhttps:// grand/grand_embedded_security_US04.pdf

1 grand/grand_embedded_security_US04.pdfhttps:// grand/grand_embedded_security_US04.pdf

 Internet facing device  Discover the device and send message to it over the network

 Local or remote access to the device  Attacker needs privileges for logical access to device services or functions  Direct physical access to the device  Physical proximity of the attacker  Wireless devices may only require attacker to be within the radio range

 Programming errors  Control flow attacks  Web based vulnerability  Exploitation of unpatched vulnerabilities in the web based interface  Weak access control or authentication  Default/weak/hard-coded passwords  Improper use of cryptography:  Weak random number generation

 Control hijacking attacks  Reverse engineering  Malware  Injecting crafted packets or input  Eavesdropping  Brute-force search attacks  Normal use

 Denial-of-Service  Code execution  Integrity violation  Information leakage  Illegitimate access  Financial loss  Degraded level of protection  Miscellaneous

 Key Point:  The Operating system bears a tremendous burden in achieving safety and security via resource control  Trusted Computing Base (TCB)  The portions of a system (hardware and software) that are critical to security and therefore must be trustworthy

 Monolithic OS  System software shares a single memory space and executes in privileged (supervisor) mode  Large TCB – maximizes opportunities for hackers  Microkernel OS  Runs a minimal set of critical system services in supervisor mode  Small TCB – security is easier to verify and assure

 Monolithic OS  Microkernel OS

 Key Point: the foundation of a MILS-based embedded system is the separation kernel, a small microkernel that implements a limited set of critical function security policies  Security Policies:  Information Flow  Data Isolation  Damage Limitation  Periods Processing

 A policy that ensures information within one component is not leaked into another component through reused resources  Without periods processing the confidentiality of P 1 ’s information would be violated by disclosure to P 2 via shared resources

 Key Point: a separation kernel is considered a reference monitor when the kernel’s MILS policy enforcement mechanisms are N.E.A.T.  Non-bypassable  Evaluable  Always invoked  Tamper-proof

 Bypassing file system policy via direct media access

 Memory Protection  Malicious code is unable to crash an application or the operating system by corrupting its memory  Virtual Memory  Ability to map and unmap pages into a virtual address space  Guard pages  Location obfuscation

 Fault Recovery  Kernel must provide a mechanism enabling a supervisor process to close down a faulted process and for restarting an application  Guaranteed Resources  Despite memory protection and virtual memory, malicious code can still take down a critical application by starving it of resources

 Perform security analysis – know the enemy  Manage tradeoffs between performance, cost and security  Take advantage of the MILS concept and the recursive nature of MILS security policies

 Embedded Systems Security: Threats, Vulnerabilities, and Attack Taxonomy   Introduction to Embedded Security; Black Hat USA Briefings; July, 2014  grand/grand_embedded_security_US04.pdf grand/grand_embedded_security_US04.pdf  The Two Software Updates and See Me in the Morning: The Case for Software Security Evaluations of Medical Devices  a-aed-healthsec11.pdf a-aed-healthsec11.pdf  Embedded Systems Security, Kliedermacher and Kliedermacher; Chapter 2; Feb, 2013  design/ /1/Embedded-Systems-Security design/ /1/Embedded-Systems-Security  Proposed Embedded Security Framework for Internet of Things (IoT) – graphics only 