Presentation is loading. Please wait.

Presentation is loading. Please wait.

CHARLES UNIVERSITY IN PRAGUE faculty of mathematics and physics CHARLES UNIVERSITY IN PRAGUE faculty of mathematics.

Published byDarrell Harrison Modified over 9 years ago

Similar presentations

Presentation on theme: "CHARLES UNIVERSITY IN PRAGUE faculty of mathematics and physics CHARLES UNIVERSITY IN PRAGUE faculty of mathematics."— Presentation transcript:

1 CHARLES UNIVERSITY IN PRAGUE http://d3s.mff.cuni.cz faculty of mathematics and physics CHARLES UNIVERSITY IN PRAGUE http://d3s.mff.cuni.cz faculty of mathematics and physics CHARLES UNIVERSITY IN PRAGUE http://d3s.mff.cuni.cz faculty of mathematics and physics Security and Trust in Data Sharing Smart Cyber-Physical Systems Ondřej Štumpf, Tomáš Bureš, Vladimír Matěna matena@d3s.mff.cuni.cz SANCS‘15

2 What we are dealing with sCPS (Smart Cyber Physical Systems) Next generation ICT Embedded Real time Interconnected Collaborating

3 Motivation for security and trust in sCPS Owner: David Hill Speed: 48 Km/h GPS:14.450,40.325 Owner: John Doe Speed: 45 Km/h GPS:14.451,40.321 Collision avoidance Owner record inspection Owner: Police dep. Speed: 42Km/h GPS:14.448,40.323 POLICE

4 Motivation for security and trust in sCPS Owner, Speed, GPS Owner: David Hill Speed: 48 Km/h GPS:14.450,40.325 Owner: John Doe Speed: 45 Km/h GPS:14.451,40.321 Owner: Police dep. Speed: 42Km/h GPS:14.448,40.323 POLICE Speed, GPS

5 Motivation for security and trust in sCPS Owner: David Hill Speed: 48 Km/h GPS:14.450,40.325 City: Prague In Pursuit: no Owner: Police dep. Speed: 42Km/h GPS:14.448,40.323 POLICE City: Berlin In Pursuit: no Owner: Police dep. Speed: 42Km/h GPS:14.428,41.326 POLICE City: Berlin In Pursuit: yes Owner: Police dep. Speed: 42Km/h GPS:14.438,41.342 POLICE

6 Problem definition Complex access control and trust management Open-ended and dynamic systems Partitioned networks Lack of systematic approach in engineering Separation of security and trust

7 Related approaches ACL (Access control lists) and RBACm

8 Related approaches ACL (Access control lists) and RBACm Do not capture complex security

9 Related approaches ACL (Access control lists) and RBACm Do not capture complex security RBAC (Role Based Access Control)

10 Related approaches ACL (Access control lists) and RBACm Do not capture complex security RBAC (Role Based Access Control) Do not capture dynamic systems

11 Related approaches ACL (Access control lists) and RBACm Do not capture complex security RBAC (Role Based Access Control) Do not capture dynamic systems dRBAC (Distributed Role Based Access Control)

12 Related approaches ACL (Access control lists) and RBACm Do not capture complex security RBAC (Role Based Access Control) Do not capture dynamic systems dRBAC (Distributed Role Based Access Control) Need to verify trust chains Split security and trust Does not work well on partitioned networks

13 Proposed solution Based on RBAC and dRBAC Security and trust on the level of architecture Roles assigned to components Roles can base on other roles i.e. role StatePolice implies MunicipalPolice(*) Access control and trust for component data i.e. Vehicle knowledge Owner read by StatePolice only Roles parametrized by knowledge i.e. PoliceVehicle[CityOfJurisdiction] cdRBAC (Context Dependent Role Based Access Control)

14 cdRBAC: Realization Public key Private key Owner Role: idEntity[42] Role: idEntity[43] Role: Police[Prague] POLICE Speed GPS

15 cdRBAC: Realization Public key Private key Owner Role: IdEntity[42] IdEntity 42 Role: IdEntity[43] IdEntity 43 Role: Police[Prague] POLICE Police Prague Speed GPS Public/private key pairs are assigned to each role and each role parameter

16 cdRBAC: Realization Public key Private key Owner Role: IdEntity[42] IdEntity 42 Role: IdEntity[43] IdEntity 43 Role: Police[Prague] POLICE Police Prague Speed GPS Offline authority bootstraps the system by assigning key pairs to roles and static parameters.

17 cdRBAC: Realization Public key Private key Owner Role: IdEntity[42] IdEntity 42 Role: IdEntity[43] IdEntity 43 Role: Police[Prague] POLICE Police Prague Speed GPS

18 cdRBAC: Realization Public key Private key Owner Police Role: IdEntity[42] IdEntity 42 Role: IdEntity[43] IdEntity 43 Role: Police[Prague] POLICE Police Prague Speed GPS

19 cdRBAC: Realization Public key Private key Owner Police Prague Role: IdEntity[42] IdEntity 42 Role: IdEntity[43] IdEntity 43 Role: Police[Prague] POLICE Police Prague Speed GPS

20 cdRBAC: Realization Public key Private key Owner Police Prague Role: IdEntity[42] IdEntity 42 Role: IdEntity[43] IdEntity 43 Role: Police[Prague] POLICE Police Prague Speed GPS If the knowledge needs to be read by multiple roles it is send multiple times.

21 cdRBAC: Realization Public key Private key Role: Police[Prague] POLICE Police Role: PraguePolice PraguePolice Prague PraguePolice signed by Note: PraguePolice can be also realized by role Police with parameter Prague. PraguePolice was used for the sake of simplicity.

22 cdRBAC: Realization Public key Private key Role: Police[Prague] POLICE Police Prague PraguePolice signed by Role: IdEntity[42] IdEntity 42 Role: IdEntity[43] IdEntity 43

23 Component: PoliceVehicle DEECo as a reference sCPS Owner: John Doe Speed: 45 Km/h GPS:14.451,40.321 Owner: Police dep. Speed: 42Km/h GPS:14.448,40.323 POLICE Local Knowledge Others: [{},{},…] Owner: David Hill Speed: 48 Km/h GPS:14.450,40.325 Component: Vehicle

24 Component: PoliceVehicle DEECo as a reference sCPS Owner: John Doe Speed: 45 Km/h GPS:14.451,40.321 Owner: Police dep. Speed: 42Km/h GPS:14.448,40.323 POLICE Collision avoidance process @10ms Local Knowledge Others: [{},{},…] Owner: David Hill Speed: 48 Km/h GPS:14.450,40.325 Component: Vehicle

25 Component: PoliceVehicle Ensemble: Driver info Ensemble: Crash avoidance DEECo as a reference sCPS Owner: John Doe Speed: 45 Km/h GPS:14.451,40.321 Owner: Police dep. Speed: 42Km/h GPS:14.448,40.323 POLICE Collision avoidance process @10ms Local Knowledge Others: [{},{},…] Owner: David Hill Speed: 48 Km/h GPS:14.450,40.325 Component: Vehicle

26 Component: PoliceVehicle Ensemble: Driver info Ensemble: Crash avoidance Condition: distance < 50m Mapping: Speed, GPS -> Others DEECo as a reference sCPS Owner: John Doe Speed: 45 Km/h GPS:14.451,40.321 Owner: Police dep. Speed: 42Km/h GPS:14.448,40.323 POLICE Collision avoidance process @10ms Local Knowledge Others: [{},{},…] Owner: David Hill Speed: 48 Km/h GPS:14.450,40.325 Component: Vehicle

27 Component: PoliceVehicle Ensemble: Driver info Ensemble: Crash avoidance Condition: distance < 50m Mapping: Speed, GPS -> Others DEECo as a reference sCPS Owner: John Doe Speed: 45 Km/h GPS:14.451,40.321 Owner: Police dep. Speed: 42Km/h GPS:14.448,40.323 POLICE Local Knowledge Owner: John Doe Speed: 45 Km/h GPS:14.451,40.321 Replica @15ms Others: [{},{},…] Owner: David Hill Speed: 48 Km/h GPS:14.450,40.325 Collision avoidance process @10ms Component: Vehicle Owner: John Doe Speed: 45 Km/h GPS:14.451,40.321 Owner: Police dep. Speed: 42Km/h GPS:14.448,40.323 POLICE

28 DEECo as a reference sCPS Components are objects in the system Knowledge is internal data of the component Process is a task on the local knowledge Ensemble is an knowledge exchange mechanism Knowledge mapping based on condition DEECo (Dependable Emergent Ensembles of Components).

29 cdRBAC: DEECo extension Standard DEECo DSL component Vehicle knowledge: id, owner, GPS,... process updateGPS(out GPS) {... } component PoliceVehicle extends Vehicle knowledge: nearby,... process checkOffenders(in nearby) ensemble UpdateVehiclesNearby: coordinator: PoliceVehicle member: Vehicle membership: isCloseBy(coord.GPS, mbr.GPS) exchange: coord.nearby += mbr.owner Extended DEECo DSL role IdEntity(id [const]) role StatePolice component Vehicle hasRole IdEntity(id) knowledge [public]: position knowledge [public read, const write]: id knowledge [StatePolice read]: owner component StatePoliceVehicle extends PoliceVehicle hasRole StatePolice

30 Open issues How to design and engineer security and trust for sCPS in general How to capture these on the architecture level How to apply this to other fields

31 Questions Owner: John Doe Speed: 45 Km/h GPS:14.451,40.321 Owner: John Doe Speed: 45 Km/h GPS:14.451,40.321 Owner: John Doe Speed: 45 Km/h GPS:14.451,40.321 POLICE Replica Knowledge

32 cdRBAC: Performance impact A performance of the implementation was measured on the 10 minute simulation of the example application with 10 vehicles. Average number of messages sent with access control in place was 20% higher. The average extra time was 51%.

Download ppt "CHARLES UNIVERSITY IN PRAGUE faculty of mathematics and physics CHARLES UNIVERSITY IN PRAGUE faculty of mathematics."

Similar presentations

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.
Donkey Project Introduction and ideas around February 21, 2003 Yuri Demchenko.

Donkey Project Introduction and ideas around February 21, 2003 Yuri Demchenko.
Presented by: Thabet Kacem Spring 2010. Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.

Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.
Systems Engineering in a System of Systems Context

Systems Engineering in a System of Systems Context
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
On the Impact of Delay on Real-Time Multiplayer Games Authors: Lothar Pantel, Lars C. Wolf Presented by: Bryan Wong.

On the Impact of Delay on Real-Time Multiplayer Games Authors: Lothar Pantel, Lars C. Wolf Presented by: Bryan Wong.
Page: 1 24-26 October 2006 © 2006 VIVACE Consortium Members. All rights reserved VIVACE FORUM 2 +33 (0)5 61 55 60 86 {mkamel, benzekri, barrere, nasser}

Page: October 2006 © 2006 VIVACE Consortium Members. All rights reserved VIVACE FORUM (0) {mkamel, benzekri, barrere, nasser}
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
1 LINK STATE PROTOCOLS (contents) Disadvantages of the distance vector protocols Link state protocols Why is a link state protocol better?

1 LINK STATE PROTOCOLS (contents) Disadvantages of the distance vector protocols Link state protocols Why is a link state protocol better?
SIS: Secure Information Sharing for Windows Systems Osama Khaleel CS526 Semester Project.

SIS: Secure Information Sharing for Windows Systems Osama Khaleel CS526 Semester Project.
Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.

Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.
Mini-Project 2006 Secure positioning in vehicular networks based on map sharing with radars Mini-Project IC-29 Self-Organized Wireless and Sensor Networks.

Mini-Project 2006 Secure positioning in vehicular networks based on map sharing with radars Mini-Project IC-29 Self-Organized Wireless and Sensor Networks.
ATSN 2009 Towards an Extensible Agent-based Middleware for Sensor Networks and RFID Systems Dirk Bade University of Hamburg, Germany.

ATSN 2009 Towards an Extensible Agent-based Middleware for Sensor Networks and RFID Systems Dirk Bade University of Hamburg, Germany.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
TrafficView: A Scalable Traffic Monitoring System Tamer Nadeem, Sasan Dashtinezhad, Chunyuan Liao, Liviu Iftode* Department of Computer Science University.

TrafficView: A Scalable Traffic Monitoring System Tamer Nadeem, Sasan Dashtinezhad, Chunyuan Liao, Liviu Iftode* Department of Computer Science University.
Information Security of Embedded Systems 3.2.2010: Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
Smart Objects for QMS in Advanced Manufacturing Systems Part 1: Architectures and Role PUTNIK G., CARVALHO C., ALVES C., SHAH V., VARELA L. UNIVERSITY.

Smart Objects for QMS in Advanced Manufacturing Systems Part 1: Architectures and Role PUTNIK G., CARVALHO C., ALVES C., SHAH V., VARELA L. UNIVERSITY.

Similar presentations

Ads by Google