Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Real Time Embedded Systems Sherif Khattab and Daniel Mossé University of Pittsburgh Computer Science Department.

Published byDulcie Hensley Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Real Time Embedded Systems Sherif Khattab and Daniel Mossé University of Pittsburgh Computer Science Department."— Presentation transcript:

1 Secure Real Time Embedded Systems Sherif Khattab and Daniel Mossé University of Pittsburgh Computer Science Department

2 Embedded Systems Before: isolated, closed systems Later: connected thru dedicated phone lines Now, web connected; control can be done remotely Convenience costs LOTS of remote security issues  Safety and security are big issues, since these systems (now on the web) control actual industrial plants and other devices Attacker’s goal: compromise data and deadlines Defender’s goal: satisfy deadlines, despite overhead

3 POTS? Voice over IP? Assume VoIP is widespread (skype anyone?) Assume compromised nodes can attack POTS  Use VoIP to attack dialup control systems  Distributed Denial of Service: lots of VoIP clients compromised attack control system to a slow or fast death…

4 Denial of Service DoS attacks cause system overload, overloads cause timing failures (missed deadlines, control period) System needs to react when it cannot  Suggested approach: reserve security bandwidth? RTSs are a perfect candidate  Every new component creates a new vulnerability  Make detection a real-time task (temporally secure) characteristics? temporally vulnerable? Mitigating DoS attacks in RTSs or EmSys  Mixture of static and dynamic analysis?  Relation with imprecise, reward-based, version-based, elastic, …, computing? Power grids, sensor networks, industrial control systems…

5 DoS (dist system) More difficult problem:  Need to meet end to end deadlines  Ensure that all messages arrive safely  Network partitions are possible (common?)  Distributed and quick detection may be needed  Coordinated attacks are the norm  Each compromised node is undetected Cooperation among hosts, routers and other network entities is essential/crucial  Backward compatibility a must for early deployment

6 DoS (wireless system) Single attacker can influence many victims Physical proximity can also be compromised  Need more defenses.  Need localization services?

7 Requirements Need another property, namely security level  Do we need YARTM? (yet another RT task model?)  Include a measure of robustness and power/energy  Complete model includes attackers’ capabilities and constraints (battery, CPU, etc), attack model (correlated attacks, spoofing attacks, etc) However, security is on the eye of the system integrator  Need to provide tradeoffs  Specification is needed  Need to remember that data exists forever

8 Questions Define the difference between security and fault tolerance? Similar in RTSs? In EmSys? Find tradeoff of crypto/security deadline misses Need efficient intrusion detection mechanisms What is special (besides funding ) in secure embedded systems?? Similar, but for small devs  Cannot afford the power for public key crypto  Need adaptive security; does it compromise security?  Relatively light attacks may be crippling What detection mechanisms can we use that satisfy all restrictions of embedded systems?

Download ppt "Secure Real Time Embedded Systems Sherif Khattab and Daniel Mossé University of Pittsburgh Computer Science Department."

Similar presentations

EE5900 Advanced Embedded System For Smart Infrastructure

EE5900 Advanced Embedded System For Smart Infrastructure
Interaction model of grid services in mobile grid environment Ladislav Pesicka University of West Bohemia.

Interaction model of grid services in mobile grid environment Ladislav Pesicka University of West Bohemia.
1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.

1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.
Resource Management §A resource can be a logical, such as a shared file, or physical, such as a CPU (a node of the distributed system). One of the functions.

Resource Management §A resource can be a logical, such as a shared file, or physical, such as a CPU (a node of the distributed system). One of the functions.
Josh Alcorn Larry Brachfeld An in depth review of ad hoc mobile network & cloud security concerns.

Josh Alcorn Larry Brachfeld An in depth review of ad hoc mobile network & cloud security concerns.
David Grochocki et al.  Lures Potential attackers  Smartmeters do two way communication  Millions of Meters has to be replaced  Serious damages just.

David Grochocki et al.  Lures Potential attackers  Smartmeters do two way communication  Millions of Meters has to be replaced  Serious damages just.
CSE 6590 Department of Computer Science & Engineering York University 1 Introduction to Wireless Ad-hoc Networking 5/4/2015 2:17 PM.

CSE 6590 Department of Computer Science & Engineering York University 1 Introduction to Wireless Ad-hoc Networking 5/4/2015 2:17 PM.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
P. Albertos* & A. Crespo + Universidad Politécnica de Valencia * Dept. of Systems Engineering and Control, + Dept. of Computer Engineering POB. 22012 E-46071.

P. Albertos* & A. Crespo + Universidad Politécnica de Valencia * Dept. of Systems Engineering and Control, + Dept. of Computer Engineering POB E
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies www.coresecurity.com.

Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies
An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.

An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Mitigating routing misbehavior in ad hoc networks Mary Baker Departments of Computer Science and.

Mitigating routing misbehavior in ad hoc networks Mary Baker Departments of Computer Science and.
PSMC Proxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White.

PSMC Proxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White.
Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.

Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.
1 Security and Privacy in Sensor Networks: Research Challenges Radha Poovendran University of Washington

1 Security and Privacy in Sensor Networks: Research Challenges Radha Poovendran University of Washington
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Similar presentations

Ads by Google