Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet of Things: Security Challenges

Published byTrevor Summers Modified over 6 years ago

Similar presentations

Presentation on theme: "Internet of Things: Security Challenges"— Presentation transcript:

1 Internet of Things: Security Challenges
Csilla Farkas Department of Computer Science and Engineering University of South Carolina

2 Source: http://www. ipofferings

3 What are the security challenges?

4

5 What are the security challenges?

6 What are the security challenges?

7 Secure Software Development
Requirement and Use cases Architecture and Design Test Plans Code Tests and Test Results Feedback from the Field 5. Abuse cases 6. Security Requirements 2. Risk Analysis External Review 4. Risk-Based Security Tests 1. Code Review (Tools) 3. Penetration Testing 7. Security Operations

8 Communication Security
Passive attacks: Eavesdropping Monitoring Active attacks: Masquerade Replay Modification of messages Denial of service Cryptographic protocols

9 Device Security Source:smallbusiness.chron.com
Source mobihealthnews.com Source: Source:smallbusiness.chron.com Source: kulichet.com Surce: Source:

10 New Types of Threats

11 Secure Data Management
Data intensive applications Data driven research -- data warehouses Data Integration Sensitive data New types of misuse

12 DATA Volume Velocity Variety

13 Semantics Domain Knowledge Device information Context-specification
Security policy Data Management Data quality Data integration Data query and storage Source:

14 Security Policies . Users Roles Permissions Sessions User assignment
Constraints Role Hierarchy Property Roles as Classes Roles as Values Defining Roles <RoleName> rdfs:subclassOf rbac:Role. <Ac- tiveRoleName> rdfs:subClassOf rbac:ActiveRole. <ActiveRoleName> rdfs:subclassOf <Role- Name>. <RoleName> rbac:activeForm <ActiveRoleName> <RoleName> a rbac:Role. Role Hierarchy <RoleName> rdfs:subclassOf <SuperRole- Name> <RoleName> rbac:subRole <SuperRoleName> Permission Association OWL class expression <RoleName> rbac:permitted <Action> Static Separation of Duty Constraint <Role1> owl:disjointFrom <Role2> <Role1> rbac:ssod <Role2> Dynamic Separation of <ActiveRole1> owl:disjointFrom <ActiveRole2> <Role1> rbac:dsod <Role2> Queries role activation permitted, separation of duty, ac- cess monitoring Enforcing RBAC Mostly using DL reasoning Mostly using rules

15 What are the new security needs?
IoT in the Future Interconnection of cyber-physical systems Interoperation and adaptive policy composition Full automation What are the new security needs?

Download ppt "Internet of Things: Security Challenges"

Similar presentations

Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology www.list.gmu.edu Department of Information.

Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology Department of Information.
ROWLBAC – Representing Role Based Access Control in OWL

ROWLBAC – Representing Role Based Access Control in OWL
TU e technische universiteit eindhoven / department of mathematics and computer science Modeling User Input and Hypermedia Dynamics in Hera Databases and.

TU e technische universiteit eindhoven / department of mathematics and computer science Modeling User Input and Hypermedia Dynamics in Hera Databases and.
Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.
The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.

The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.
Access Control RBAC Database Activity Monitoring.

Access Control RBAC Database Activity Monitoring.
CSCE 522 Building Secure Software. CSCE 548 - Farkas2 Reading This lecture – McGraw: Ch. 3 – G. McGraw, Software Security,

CSCE 522 Building Secure Software. CSCE Farkas2 Reading This lecture – McGraw: Ch. 3 – G. McGraw, Software Security,
Attribute-Based Access Control Models and Beyond

Attribute-Based Access Control Models and Beyond
CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.

CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.
Testing Implementations of Access Control and Authentication Graduate Students: Ammar Masood, K. Jayaram School of Electrical and Computer Engineering.

Testing Implementations of Access Control and Authentication Graduate Students: Ammar Masood, K. Jayaram School of Electrical and Computer Engineering.
FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.

FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
Database Security By Bei Yuan. Why do we need DB Security? Make data arranged and secret Secure other’s DB.

Database Security By Bei Yuan. Why do we need DB Security? Make data arranged and secret Secure other’s DB.
Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.

Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.
CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.

CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.
Web-based E-commerce Architecture

Web-based E-commerce Architecture
Division of IT Convergence Engineering Towards Unified Management A Common Approach for Telecommunication and Enterprise Usage Sung-Su Kim, Jae Yoon Chung,

Division of IT Convergence Engineering Towards Unified Management A Common Approach for Telecommunication and Enterprise Usage Sung-Su Kim, Jae Yoon Chung,
Threats, Risk Assessment, and Policy Management in UbiComp Workshop on Security in UbiComp UBICOMP 2002, 29th Sept. Göteborg, Sweden Philip Robinson, SAP.

Threats, Risk Assessment, and Policy Management in UbiComp Workshop on Security in UbiComp UBICOMP 2002, 29th Sept. Göteborg, Sweden Philip Robinson, SAP.
The Science of Cyber Security Laurie Williams 1 Figure from IEEE Security and Privacy, May-June 2011 issue.

The Science of Cyber Security Laurie Williams 1 Figure from IEEE Security and Privacy, May-June 2011 issue.
Ontology-based and Rule-based Policies: Toward a Hybrid Approach to Control Agents in Pervasive Environments The Semantic Web and Policy Workshop – ISWC.

Ontology-based and Rule-based Policies: Toward a Hybrid Approach to Control Agents in Pervasive Environments The Semantic Web and Policy Workshop – ISWC.

Similar presentations

Ads by Google