Presentation is loading. Please wait.

Presentation is loading. Please wait.

IoTSafe: A Safe & Verified Security Controller for Internet-of-Things Tianlong Yu.

Published byLeon Flowers Modified over 8 years ago

Similar presentations

Presentation on theme: "IoTSafe: A Safe & Verified Security Controller for Internet-of-Things Tianlong Yu."— Presentation transcript:

1 IoTSafe: A Safe & Verified Security Controller for Internet-of-Things Tianlong Yu

2 IoT is an impending security disaster 2 IoT devices cause physical damage!!! overheatbreak-incrashfire

3 Current approaches fail to secure IoT 3 Attacker User Unfixable Flaws - Resource - Management - Longevity No physical context ✗✗ Embedded Controller

4 IoTSafe Security Controller 4 Attacker User Security Controller 2. Stop potential attacker 1. Reset device to safe state

5 Project Goals 5 Hybrid Program IoTSafe Controller KeYmaera X ✔ Verified Safety ✔ Implementation on OpenDayLight IoT APIsSecurity Appliances APIs Message Verifier with Snort ✔ Room Temperature Model

6 Hybrid Program 6 Security Controller TeTe T1T1 Desired Temperature T d Attacker User Safety 20<=T 1 <=24 Message Verifier By Newton’s cooling law:

7 Hybrid Program Design 7 /* Controller actions */ If can overheated/overcooled in tc time Block user/attacker Td change Reset Td to a safe value /* User/Attacker Actions */ If user/attacker can change Td Non-deterministic Td in (Td min, Td max ) /* Temperature change in tc time */ Differential equation to describe T change check every tc time P1 Event-triggered or time-triggered? P2 User/attacker actions? P3 Controller Actions?

8 Hybrid Program Design 8 How to predict overheat/overcool? How to set Td to safety value? Stop temperature change How to describe temperature change?

9 Verification with KeYmaera X 9

10 Implementation on SDN controller 10 Internet IoTSafe Controller IoT Gateway Home Network Security Server SDN IoT APIs NFV overheat/overcool normal FW: lock T; Reset Td; FW: allow T; FSM

11 Discussion & Future Works 11 Hybrid Program IoTSafe Controller KeYmaera X Synthesizer Automatic Translation? IoT Device Model Security Policy Automatic Verification?

Download ppt "IoTSafe: A Safe & Verified Security Controller for Internet-of-Things Tianlong Yu."

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.1 Firewalls.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.1 Firewalls.
Hybrid System Verification Synchronous Workshop 2003 A New Verification Algorithm for Planar Differential Inclusions Gordon Pace University of Malta December.

Hybrid System Verification Synchronous Workshop 2003 A New Verification Algorithm for Planar Differential Inclusions Gordon Pace University of Malta December.
ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.

ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.
® Context Aware Firewall Policies Ravi Sahita Priya Rajagopal, Pankaj Parmar Intel Corp. June 8 th 2004 IEEE Policy (Security)

® Context Aware Firewall Policies Ravi Sahita Priya Rajagopal, Pankaj Parmar Intel Corp. June 8 th 2004 IEEE Policy (Security)
© 2007-2010 Cisco Systems, Inc. All rights reserved. Cisco Public ITE PC v4.1 Chapter 4 1 Chapter 12: Advanced Troubleshooting IT Essentials v5.0.

© Cisco Systems, Inc. All rights reserved. Cisco Public ITE PC v4.1 Chapter 4 1 Chapter 12: Advanced Troubleshooting IT Essentials v5.0.
Defence in Depth: What’s Next? Kent Schramm Head, Cyber Security.

Defence in Depth: What’s Next? Kent Schramm Head, Cyber Security.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Raw Sockets CS-480b Dick Steflik Raw Sockets Raw Sockets let you program at just above the network (IP) layer You could program at the IP level using.

Raw Sockets CS-480b Dick Steflik Raw Sockets Raw Sockets let you program at just above the network (IP) layer You could program at the IP level using.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
Mi-Joung choi, Hong-Taek Ju, Hyun-Jun Cha, Sook-Hyang Kim and J

Mi-Joung choi, Hong-Taek Ju, Hyun-Jun Cha, Sook-Hyang Kim and J
9 99 CHAPTER Privacy and Security - FAQ’s. 9 © The McGraw-Hill Companies, Inc. 2002 Privacy How secure is data –On system –On Internet Private network.

9 99 CHAPTER Privacy and Security - FAQ’s. 9 © The McGraw-Hill Companies, Inc Privacy How secure is data –On system –On Internet Private network.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
©Ian Sommerville 2006Critical Systems Slide 1 Critical Systems Engineering l Processes and techniques for developing critical systems.

©Ian Sommerville 2006Critical Systems Slide 1 Critical Systems Engineering l Processes and techniques for developing critical systems.
Term 2, 2011 Week 3. CONTENTS Network security Security threats – Accidental threats – Deliberate threats – Power surge Usernames and passwords Firewalls.

Term 2, 2011 Week 3. CONTENTS Network security Security threats – Accidental threats – Deliberate threats – Power surge Usernames and passwords Firewalls.
Verify that management VLAN has been reassigned. Verify that operational VLANs do not have access to the management VLAN. Verify that the ports in the.

Verify that management VLAN has been reassigned. Verify that operational VLANs do not have access to the management VLAN. Verify that the ports in the.
Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.

Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.
Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.

Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.
Prepared by:Nahed AlSalah Data Security 2 Unit 19.

Prepared by:Nahed AlSalah Data Security 2 Unit 19.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

Similar presentations

Ads by Google