Presentation is loading. Please wait.

Presentation is loading. Please wait.

Graciela Saunders.  Introduction / Review  Challenges to Embedded Security  Approaches to Embedded Security  Security Analysis & Attack Taxonomy 

Published byDiane Payne Modified over 9 years ago

Similar presentations

Presentation on theme: "Graciela Saunders.  Introduction / Review  Challenges to Embedded Security  Approaches to Embedded Security  Security Analysis & Attack Taxonomy "— Presentation transcript:

1 Graciela Saunders

2  Introduction / Review  Challenges to Embedded Security  Approaches to Embedded Security  Security Analysis & Attack Taxonomy  Role of the OS in Embedded Security

3  Industrial Trends:  Automotive Electronics  Telecommunications  Avionics  Railways  Healthcare  Monitor & control of plants & equipment  Why is security so important?  The role of embedded systems  The damage caused by attacks

4  Resource Limitations  Processing gap  Battery gap  Memory constraints  Deployment Scale  Size/complexity of code  Cost  No “correct” solution

5 1 https://www.blackhat.com/presentations/bh-usa-04/bh-us-04- grand/grand_embedded_security_US04.pdfhttps://www.blackhat.com/presentations/bh-usa-04/bh-us-04- grand/grand_embedded_security_US04.pdf  Nothing is ever 100% Secure  Given enough time, resources, and motivation, an attacker can break any system  Secure your product/system against a specific threat  What needs to be protected?  Why is it being protected?  Who are you protecting against? (define the enemy)

6 1 https://www.blackhat.com/presentations/bh-usa-04/bh-us-04- grand/grand_embedded_security_US04.pdfhttps://www.blackhat.com/presentations/bh-usa-04/bh-us-04- grand/grand_embedded_security_US04.pdf

7  Design, design, design!  Security Analysis:  What are the main causes of successful attacks?  What type of attack are embedded system open to?  What type of attacker am I up against?  What are my attackers goals?  What are the main vulnerabilities of embedded systems?  What are the main threat vectors?  What effect will an attack have?  How can we use this knowledge to improve security?

8  Insider Attack  Significant percentage of breaches  Disgruntled employees  Lunchtime Attack  Take place during a small window of opportunity  Focused Attack  Time, money, and resources not an issue  Hardware  Software  Communication Stack 1 https://www.blackhat.com/presentations/bh-usa-04/bh-us-04- grand/grand_embedded_security_US04.pdfhttps://www.blackhat.com/presentations/bh-usa-04/bh-us-04- grand/grand_embedded_security_US04.pdf

9  Class I: Clever Outsiders  Intelligent, but have limited system knowledge  Try to take advantage of an existing weakness  Class II: Knowledgeable Insiders  Substantial specialized technical experience  Highly sophisticated tools and instruments  Class III: Funded Organizations  Specialists backed by great funding resources  In-depth analysis, sophisticated attacks, highly advanced analysis tools 1 https://www.blackhat.com/presentations/bh-usa-04/bh-us-04- grand/grand_embedded_security_US04.pdfhttps://www.blackhat.com/presentations/bh-usa-04/bh-us-04- grand/grand_embedded_security_US04.pdf

10 1 https://www.blackhat.com/presentations/bh-usa-04/bh-us-04- grand/grand_embedded_security_US04.pdfhttps://www.blackhat.com/presentations/bh-usa-04/bh-us-04- grand/grand_embedded_security_US04.pdf

11  Internet facing device  Discover the device and send message to it over the network

12  Local or remote access to the device  Attacker needs privileges for logical access to device services or functions  Direct physical access to the device  Physical proximity of the attacker  Wireless devices may only require attacker to be within the radio range

13  Programming errors  Control flow attacks  Web based vulnerability  Exploitation of unpatched vulnerabilities in the web based interface  Weak access control or authentication  Default/weak/hard-coded passwords  Improper use of cryptography:  Weak random number generation

14  Control hijacking attacks  Reverse engineering  Malware  Injecting crafted packets or input  Eavesdropping  Brute-force search attacks  Normal use

15  Denial-of-Service  Code execution  Integrity violation  Information leakage  Illegitimate access  Financial loss  Degraded level of protection  Miscellaneous

16  Key Point:  The Operating system bears a tremendous burden in achieving safety and security via resource control  Trusted Computing Base (TCB)  The portions of a system (hardware and software) that are critical to security and therefore must be trustworthy

17  Monolithic OS  System software shares a single memory space and executes in privileged (supervisor) mode  Large TCB – maximizes opportunities for hackers  Microkernel OS  Runs a minimal set of critical system services in supervisor mode  Small TCB – security is easier to verify and assure

18  Monolithic OS  Microkernel OS

19  Key Point: the foundation of a MILS-based embedded system is the separation kernel, a small microkernel that implements a limited set of critical function security policies  Security Policies:  Information Flow  Data Isolation  Damage Limitation  Periods Processing

20  A policy that ensures information within one component is not leaked into another component through reused resources  Without periods processing the confidentiality of P 1 ’s information would be violated by disclosure to P 2 via shared resources

21  Key Point: a separation kernel is considered a reference monitor when the kernel’s MILS policy enforcement mechanisms are N.E.A.T.  Non-bypassable  Evaluable  Always invoked  Tamper-proof

22  Bypassing file system policy via direct media access

23  Memory Protection  Malicious code is unable to crash an application or the operating system by corrupting its memory  Virtual Memory  Ability to map and unmap pages into a virtual address space  Guard pages  Location obfuscation

24  Fault Recovery  Kernel must provide a mechanism enabling a supervisor process to close down a faulted process and for restarting an application  Guaranteed Resources  Despite memory protection and virtual memory, malicious code can still take down a critical application by starving it of resources

25  Perform security analysis – know the enemy  Manage tradeoffs between performance, cost and security  Take advantage of the MILS concept and the recursive nature of MILS security policies

26  Embedded Systems Security: Threats, Vulnerabilities, and Attack Taxonomy  http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7 232966 http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7 232966  Introduction to Embedded Security; Black Hat USA Briefings; July, 2014  https://www.blackhat.com/presentations/bh-usa-04/bh-us-04- grand/grand_embedded_security_US04.pdf https://www.blackhat.com/presentations/bh-usa-04/bh-us-04- grand/grand_embedded_security_US04.pdf  The Two Software Updates and See Me in the Morning: The Case for Software Security Evaluations of Medical Devices  http://www.contrib.andrew.cmu.edu/~ppoosank/papers/hann a-aed-healthsec11.pdf http://www.contrib.andrew.cmu.edu/~ppoosank/papers/hann a-aed-healthsec11.pdf  Embedded Systems Security, Kliedermacher and Kliedermacher; Chapter 2; Feb, 2013  http://www.edn.com/design/systems- design/4406387/1/Embedded-Systems-Security http://www.edn.com/design/systems- design/4406387/1/Embedded-Systems-Security  Proposed Embedded Security Framework for Internet of Things (IoT) – graphics only  http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5 940923 http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5 940923

Download ppt "Graciela Saunders.  Introduction / Review  Challenges to Embedded Security  Approaches to Embedded Security  Security Analysis & Attack Taxonomy "

Similar presentations

Operating System Security

Operating System Security
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee 2007. 04. 23.

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.

1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
New Direction for Software Protection in Embedded Systems Department of EECS University of Michigan Feb 22, 2007 Kang G. Shin.

New Direction for Software Protection in Embedded Systems Department of EECS University of Michigan Feb 22, 2007 Kang G. Shin.
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 

11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.

Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.

An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Towards Application Security On Untrusted OS

Towards Application Security On Untrusted OS
Introduction (Pendahuluan)  Information Security.

Introduction (Pendahuluan)  Information Security.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.

Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.
©Ian Sommerville 2006Critical Systems Slide 1 Critical Systems Engineering l Processes and techniques for developing critical systems.

©Ian Sommerville 2006Critical Systems Slide 1 Critical Systems Engineering l Processes and techniques for developing critical systems.

Similar presentations

Ads by Google