convergence of safety and security
play

Convergence of Safety and Security Sebastian Fischmeister Dept. of - PowerPoint PPT Presentation

Dec 10, 2022 •300 likes •696 views

1 Convergence of Safety and Security Sebastian Fischmeister Dept. of Electrical and Comp. Engineering University of Waterloo esg.uwaterloo.ca 2 Research area: Safety and security of software- intensive embedded safety- critical systems 3

  1. 1 Convergence of Safety and Security Sebastian Fischmeister Dept. of Electrical and Comp. Engineering University of Waterloo esg.uwaterloo.ca

  2. 2 Research area: Safety and security of software- intensive embedded safety- critical systems

  3. 3 Prof. Fischmeister 1. Security of mobile code systems (1999-2001) 2. Embedded and safety-critical systems (2002-now) • Static analysis and instrumentation 3. Data extraction • Dynamic binary instrumentation (2008-now) • Side-channel analysis • Runtime verification, monitoring 4. Data analysis • Anomaly detection, intrusion detection (2011-now) • Reverse engineering Applied to: Safety-critical systems • Exec. Director WatCAR • Consulting for ISO 26262 • Member of SCC TC56

  4. 4 Observation: Modern systems are beyond deep comprehension of human minds

  5. 5 Systems Are Complex Picture of car

  6. 6 Code Complexity is Increasing

  7. 7 We Cannot Comprehend Digital Systems System size and Nobody would try building that bridge; complexity are the unless it was software only! challenge! => Humans are bad at judging logical complexity Illustrating one example: Bridge from Tokyo to Vancouver

  8. 9 Observation: Safety deals with the universe Security deals with people

  9. 10 Safety: Security: The sun flips bits by chance. Attacker flips bits on purpose.

  10. 11 Safe but not secure Millions of people are driving this vehicle …

  11. 12 Secure but not safe … but nobody would drive this car. (except Colin Furze)

  12. 13 Observation: Safety is static Security is dynamic

  13. 14 Safety Following ISO 26262 Recommended lifecycle leading to a safe product.

  14. 15 Once a Safe Product … Always Safe*

  15. 16 More Vulnerabilities Every Year 137,729 (Dec ‘18) In last 10 years: • 206 per week • 1.2 per hour (!)

  16. 17 Once a Secure Product … Not Secure Tomorrow!

  17. 18 News of the Day

  18. 19 Observation: Security operates at a different speed than product development

  19. 20 Passenger aircraft 10 years 5 years Vehicle 1 year Smart phone Flashy IoT thingy 1 week 137,729+ CVE entries? (206 per week)

  20. 21 RELATION TO DEFENCE SYSTEMS

  21. Weapon Systems Spending $1.66 Trillion $25.5 Billion

  22. 23 Cyber attacks have the potential to take control of or shutdown any of these systems that are dependent on software. Ref. US Government Accountability Office – Report t U.S. Senate, Weapons Systems Cybersecurity - 9 October 2018

  23. “This … herald[s] the coming rise of strategic cyberwarfare as a means of striking in very costly, disruptive ways at an adversary without a prior need to defeat opposing military forces in the field, at sea, or in the air.” John Arquilla, The Rise of Strategic Cyberwar, U.S. Naval Postgraduate School

  24. 25 An estimated 15% of spare and replacement parts for DoD equipment are counterfeit. Toohey , Brian. “Counterfeit Semiconductors – A Clear and Present Threat.” Testimony Before Senate Committee on Armed Services, Counterfeit Electronic Parts in the U.S. Military Supply Chain, November 8, 2011.

  25. 26 CHALLENGES: AN INCOMPLETE, BIASED SELECTION

  26. 27 Challenge: How to assist engineers to understand modern systems?

  27. 28 Challenge: How to provide effective protection of cyberphysical systems?

  28. 29 Challenge: How to maintain 30-year old systems?

  29. 30 Challenge: How to holistically address safety and security? +100% more AI inside now

  30. 31 EXAMPLE RESULTS OF COLLABORATING WITH THE UNIVERSITY OF WATERLOO

  31. Palisade: Cyberphysical Mission Assurance Attack Detector – Detect crafted attacks Attack Capture – Capture&store adversary attacks Attack Counter – React to detected attacks Multiplicative security controls – Heterogeneous design to maximize resilience A scalable, retrofittable solution for surviving crafted cyberphysical attacks

  32. Palisade Test: Hexacopter Drone Detected control disruption, denial-of-service, reverse engineering attacks Public test

  33. Palisade Test: Vehicle Body Control Module Detected buffer overflow, arc injection attacks Public test

  34. Palisade Test: Autonomous Driving AI Detected GPS spoofing, steering hijack, man-in-the-middle attacks Public test

  35. Palisade Test: Autonomous Vehicles Detected gear-shift & control state irregularities Public test

  36. Palisade Test: Military Platform Detected gear-shift & control state Detected various attacks and irregularities induced anomalies Released photos Public test

  37. Conclusions • Systems are becoming too complex for humans to comprehend • Computerization of systems will continue to happen • We need to identify methods and technology for building safe and secure systems • Be prepared as change can come practically over night!

  38. 39 Contact info: Sebastian Fischmeister sfischme@uwaterloo.ca Dept. of Electrical and Computer Eng. University of Waterloo 200 University Ave West Waterloo, ON N2L 3G1

Recommend

Safety and Security Certification Program Safety and Security Certification A process to

Safety and Security Certification Program Safety and Security Certification A process to

Safety and Security Certification Program Safety and Security Certification A process to assure that safety & security concerns, vulnerabilities, and hazards are adequately addressed prior to the initiation of service. Safety and

97 views • 9 slides
CAC Safety Report 2018-19 John Heiderscheidt Director of Safety and Culture Safety and Security

CAC Safety Report 2018-19 John Heiderscheidt Director of Safety and Culture Safety and Security

CAC Safety Report 2018-19 John Heiderscheidt Director of Safety and Culture Safety and Security Technology What has been done to address safety and security? Using Safety Technology BASCO - Building Access Security Control Office

445 views • 26 slides
SECURITY & SAFETY AWARENESS TRAINING Purpose of Security & Safety Plan To inform

SECURITY & SAFETY AWARENESS TRAINING Purpose of Security & Safety Plan To inform

SECURITY & SAFETY AWARENESS TRAINING Purpose of Security & Safety Plan To inform employee of risk and threats To inform employee of companys safety & security plans for: Company Terminals Customer To make

465 views • 15 slides
Come Together, Right Now Convergence and Collaboration in Cloud Computing, Data Security &

Come Together, Right Now Convergence and Collaboration in Cloud Computing, Data Security &

bu.edu/hic Boston University Slideshow Title Goes Here Come Together, Right Now Convergence and Collaboration in Cloud Computing, Data Security & Artificial Intelligence September 30, 2020 Eric Kolaczyk | Orran Krieger | Kate Saenko |

821 views • 48 slides
Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety Sensitive Information Not for public or media release F.S. 119.071. Required by law, rule and regulation: Homeland Security Directive 5 and 8.

393 views • 11 slides
Public Safety and Public Safety and Homeland Security Homeland Security Bureau Bureau 2008

Public Safety and Public Safety and Homeland Security Homeland Security Bureau Bureau 2008

Public Safety and Public Safety and Homeland Security Homeland Security Bureau Bureau 2008 Hurricane Summit Background Advance statutory mandate for the purpose of promoting safety of life and property through the use of

480 views • 11 slides
The Global Nuclear Safety and Security Network Yassine Chaari Office of Safety and Security

The Global Nuclear Safety and Security Network Yassine Chaari Office of Safety and Security

The Global Nuclear Safety and Security Network Yassine Chaari Office of Safety and Security Coordination Department of Nuclear Safety and Security What is GNSSN? GNSSN human network operating at global, regional and national levels,

355 views • 24 slides
Some Thoughts on MC Convergence first, would like to define what I mean two kinds of

Some Thoughts on MC Convergence first, would like to define what I mean two kinds of

Some Thoughts on MC Convergence first, would like to define what I mean two kinds of convergence - convergence = experiments all working towards using same MC generator (common basis for comparison) - convergence =

239 views • 11 slides
4/20/18 Safety & Security in Chesterfield School Board Safety Task Force - April 24, 2018

4/20/18 Safety & Security in Chesterfield School Board Safety Task Force - April 24, 2018

4/20/18 Safety & Security in Chesterfield School Board Safety Task Force - April 24, 2018 Donald R. Green, CPP Safety & Security Manager Schools are Safe School mass violence attacks are very rare: Extremely Low Probability -

517 views • 4 slides
Safety & Security 2019-2020 School Year Comprehensive School Safety Plan Chief of f Staff

Safety & Security 2019-2020 School Year Comprehensive School Safety Plan Chief of f Staff

Safety & Security 2019-2020 School Year Comprehensive School Safety Plan Chief of f Staff Chris Smith Director of Safety & Security Ian Lopez Security Manager Eaglecrest HS Feeders Eaglecrest High School Thunder Ridge Middle

615 views • 28 slides
Safety & Security Presented by: Chandra Ravada FAST ACT Safety & Security Increase

Safety & Security Presented by: Chandra Ravada FAST ACT Safety & Security Increase

DMATS LRTP 2045 Safety & Security Presented by: Chandra Ravada FAST ACT Safety & Security Increase the safety of the transportation system for motorized and non-motorized users Increase the security of the transportation system

544 views • 15 slides
DEPARTMENT OF SAFETY & SECURITY OVERVIEW Embracing A New Direction JANUARY 2013 March

DEPARTMENT OF SAFETY & SECURITY OVERVIEW Embracing A New Direction JANUARY 2013 March

DEPARTMENT OF SAFETY & SECURITY OVERVIEW Embracing A New Direction JANUARY 2013 March 25, 2010 DEPARTMENT OF SAFETY & SECURITY WORKFLOW Public Safety Technical Security Cooperative Partnerships Emergency Management 2

335 views • 15 slides
Safety and Security Update Department / District Supports Police & Security School

Safety and Security Update Department / District Supports Police & Security School

Safety and Security Update Department / District Supports Police & Security School Leadership Social & Emotional Learning Psychological Services Operations & School Safety 2 Police & Security Staffing FY 19-20 Position

516 views • 14 slides
Europe and Central Asia Background, Status and Next Challenges Safety and Security Coordination

Europe and Central Asia Background, Status and Next Challenges Safety and Security Coordination

Development of Safety Network in Europe and Central Asia Background, Status and Next Challenges Safety and Security Coordination Section Department of Nuclear Safety & Security Content 1. IAEA, Nuclear Safety and the GNSSN 2. Regional

593 views • 24 slides
An Garda Sochna Holiday Security/Personal Safety Community Policing HOLIDAY SECURITY This

An Garda Sochna Holiday Security/Personal Safety Community Policing HOLIDAY SECURITY This

An Garda Sochna Holiday Security/Personal Safety Community Policing HOLIDAY SECURITY This presentation addresses three key areas relating to your holiday security as follows - Preparation plans and securing your property Safety when

397 views • 20 slides
FMC (Fixed Mobile Convergence) Wh t Ab What About Security? t S it ? Vancouver June 2008

FMC (Fixed Mobile Convergence) Wh t Ab What About Security? t S it ? Vancouver June 2008

FMC (Fixed Mobile Convergence) Wh t Ab What About Security? t S it ? Vancouver June 2008 Vancouver June 2008 Franck Veysset, Orange Labs Firstname.lastname at orange-ftgroup dot com research & development Agenda Introduction

463 views • 30 slides
Safety and Security 1) Please silence your cell phones during the presentation. 2) Please make

Safety and Security 1) Please silence your cell phones during the presentation. 2) Please make

Safety and Security Message Safety and Security 1) Please silence your cell phones during the presentation. 2) Please make note of the EXITS. 3) In the event of an emergency. Shelter in place. Move to the building interior away from

477 views • 25 slides
Safety and Security 1) Please silence your cell phones during the presentation. 2) Please make

Safety and Security 1) Please silence your cell phones during the presentation. 2) Please make

Safety and Security Message Safety and Security 1) Please silence your cell phones during the presentation. 2) Please make note of the EXITS. 3) In the event of an emergency: Shelter in place. Move to the building interior away from

518 views • 16 slides
CS 557 BGP Convergence Improved BGP Convergence via Ghost Flushing Bremler-Barr, Afek, Schwarz,

CS 557 BGP Convergence Improved BGP Convergence via Ghost Flushing Bremler-Barr, Afek, Schwarz,

CS 557 BGP Convergence Improved BGP Convergence via Ghost Flushing Bremler-Barr, Afek, Schwarz, 2003 BGP-RCN: Improving Convergence Through Root Cause Notification Pei, Azuma, Massey, Zhang, 2005 Spring 2013 BGP Path Exploration dest. ( ) Z

541 views • 31 slides
Physical, Corporate and Industrial Digital Security Convergence: Gaps to Close Rodney Busquim e

Physical, Corporate and Industrial Digital Security Convergence: Gaps to Close Rodney Busquim e

Polytechnic School of the University of Sao Paulo Navy Technological Center in Sao Paulo Physical, Corporate and Industrial Digital Security Convergence: Gaps to Close Rodney Busquim e Silva Jos Roberto Castilho Piqueira Ricardo Paulino

395 views • 15 slides
TRAINING WHO AM I? Senior Learning & Development Specialist @ Convergence Training

TRAINING WHO AM I? Senior Learning & Development Specialist @ Convergence Training

EFFECTIVE SAFETY TRAINING WHO AM I? Senior Learning & Development Specialist @ Convergence Training Instructional Designer More than 20 Years in Training More than 10 Years in Safety Training Regular Articles in

1.52k views • 115 slides
Mechanized Formal Analysis for Safety-Critical Systems: The Convergence of Need and Opportunity

Mechanized Formal Analysis for Safety-Critical Systems: The Convergence of Need and Opportunity

Mechanized Formal Analysis for Safety-Critical Systems: The Convergence of Need and Opportunity John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SRI Mechanized Analysis: 1

433 views • 20 slides
II of large Number Lattin in probability almost convergence convergence sure - - "

II of large Number Lattin in probability almost convergence convergence sure - - "

Chapters : Proofs of the laws II of large Number Lattin in probability almost convergence convergence sure - - " weak " strong " " cow corn Two tests for stray convergence - O almost sure conveyance . ) - X

339 views • 11 slides
19 FEM Convergence Requirements IFEM Ch 19 Slide 1 Introduction to FEM Convergence

19 FEM Convergence Requirements IFEM Ch 19 Slide 1 Introduction to FEM Convergence

Introduction to FEM 19 FEM Convergence Requirements IFEM Ch 19 Slide 1 Introduction to FEM Convergence Requirements for Finite Element Discretization Convergence: discrete (FEM) solution approaches the analytical (math model) solution

479 views • 17 slides

More recommend