panel safety critical high assurance
play

Panel: Safety-Critical, High-Assurance Software Systems Ken Birman, - PowerPoint PPT Presentation

Nov 28, 2023 •102 likes •210 views

Engin Kirda, Northeastern University Panel: Safety-Critical, High-Assurance Software Systems Ken Birman, Cornell Assaf Kfoury, Boston University Rami Melhem, University of Pittsburgh Overview of Panel This panel is on safety-critical,

  1. Engin Kirda, Northeastern University Panel: Safety-Critical, High-Assurance Software Systems Ken Birman, Cornell Assaf Kfoury, Boston University Rami Melhem, University of Pittsburgh

  2. Overview of Panel • This panel is on safety-critical, high-assurance systems – I am a systems security person – hence, this is not necessarily my main area of research ;) – However, the security of critical systems is increasingly gaining focus and attention – There have been documented, high-profile attacks against critical systems (e.g., Stuxnet) • This panel aims to discuss – Promising research directions – Current research challenges – How we can foster more collaboration Safety-Critical, High-Assurance Systems

  3. Background: Critical Systems • Critical systems control public resources such as electricity, water, telecommunications, banks, etc. • The consequences of any disruption of service are severe and may result in loss of human life • Such systems must often consider different types of constraints compared with regular computer systems (e.g., real time) • Interdependencies between subsystems may lead to cascading effects that are difficult to foresee • There is an emphasis on safety and less understanding of computer security in this domain (and vice versa) Safety-Critical, High-Assurance Systems

  4. Examples of Critical Systems • ”Traditional” critical infrastructures – electricity, water, telecommunications, etc. • SCADA systems – Used in almost all critical infrastructures – Efforts are already ongoing to protect such systems • Financial systems are critical infrastructures – Many access points – Availability to many and diverse users Safety-Critical, High-Assurance Systems

  5. “Emerging” Critical Systems • Data centers are becoming common and these can be seen as CIs in that they provide data necessary for more traditional CIs • In-vehicle automation with remote diagnostics and software updates for vehicles – Embedded (automobile) systems connected to open networks. – Some of the problems related to any embedded system are also valid for the connected car Safety-Critical, High-Assurance Systems

  6. Safety takes priority over security • Problem: In the domain of critical systems, both safety and security are important, but in certain scenarios, safety takes priority • If the underlying process is about to become critical, security should not block or delay appropriate remedies or counteractions • We need an integrated view on safety and security, since a breach in security could provoke a breach in safety Safety-Critical, High-Assurance Systems

  7. Unforeseen cascading effects • Problem: Interconnected systems are difficult to model properly, and interdependencies between the subsystems, can lead to cascading effects that are difficult to foresee • We need to develop appropriate models for the domain, and an overall better architecture with a security baseline Safety-Critical, High-Assurance Systems

  8. Use of new technology • Problem: Critical systems also use new types of technology to add functionality • e.g., wireless communication for remote sites and internal enterprise communication. Critical control communication will be wireless within 10 years • There is a tradeoff between the advantages gained with a technology versus the security risk • This trade-off must be carefully modeled and analyzed Safety-Critical, High-Assurance Systems

  9. The Human Factor • Problem: The human is probably the weakest point in a critical system – The roles include operators in control rooms, engineers taking technical decisions, managers and decision-makers for future strategy development Adversarial problem : Insiders with experience of and knowledge about the system • Important issues: – Education and training, raising awareness of security risks; sound and evolving security policy; modeling the user (“cognitive modeling”) and user-interface properties. Effective strategies for discovering an “insider” is an open research question. Safety-Critical, High-Assurance Systems

  10. The Next Challenge: Cyberwar • Stuxnet, Duqu, Flame – Government-sponsored malware attacks against other nations – How can we secure existing critical systems?

Recommend

Practically Formal Development and Assurance of Complex Software-Intensive Safety-Critical

Practically Formal Development and Assurance of Complex Software-Intensive Safety-Critical

Practically Formal Development and Assurance of Complex Software-Intensive Safety-Critical Systems Alan Wassyng work with Zinovy Diskin, Nicholas Annable, and Mark Lawford CyPhyAssure, 20 March 2019 GSN-like Assurance Cases Pros

720 views • 33 slides
Assurance For Increasingly Autonomous (IA) Safety Critical Systems John Rushby Computer Science

Assurance For Increasingly Autonomous (IA) Safety Critical Systems John Rushby Computer Science

Assurance For Increasingly Autonomous (IA) Safety Critical Systems John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SR I Assurance For Safety Critical IA Systems 1 Introduction Increasing

557 views • 18 slides
Risk Management, Safety Assurance and the Importance of Lifecycle Maintenance Context of ALARP

Risk Management, Safety Assurance and the Importance of Lifecycle Maintenance Context of ALARP

Risk Management, Safety Assurance and the Importance of Lifecycle Maintenance Context of ALARP Compressed Breathing Air and Commercial Diving Automation Who we are Global Leaders in the Provision of Safety Critical Risk Management Solutions

212 views • 18 slides
Compliance vs. Due Diligence: SFAIRP and its Interaction with Systems Safety and Assurance

Compliance vs. Due Diligence: SFAIRP and its Interaction with Systems Safety and Assurance

Compliance vs. Due Diligence: SFAIRP and its Interaction with Systems Safety and Assurance Approaches Tim Procter Tel: Mob: Email: International Railway Safety Council Conference October 2019 Context System Safety and Assurance

647 views • 40 slides
FEBRUARY 2016 WEBINAR Quality Assurance Visit Information Critical Elements 1-3 Re-Accreditation

FEBRUARY 2016 WEBINAR Quality Assurance Visit Information Critical Elements 1-3 Re-Accreditation

FEBRUARY 2016 WEBINAR Quality Assurance Visit Information Critical Elements 1-3 Re-Accreditation Planning Danielle Morago HFO QA/TA Specialist 2016 Quality Assurance Visits Self-Study Reminders Critical Element 1 AGENDA Critical

535 views • 16 slides
Communication of bicyclists with car drivers and safety critical events Christine

Communication of bicyclists with car drivers and safety critical events Christine

Communication of bicyclists with car drivers and safety critical events Christine Chaloupka-Risser ICTCT, Elisabeth Fssl extra- ordinary workshop, Beijing April 2016 Bicyclists face a high accident risk Safety: 138,400

586 views • 14 slides
CAN CLOUD COMPUTING SYSTEMS OFFER HIGH ASSURANCE WITHOUT LOSING KEY CLOUD PROPERTIES? CS6410

CAN CLOUD COMPUTING SYSTEMS OFFER HIGH ASSURANCE WITHOUT LOSING KEY CLOUD PROPERTIES? CS6410

1 CAN CLOUD COMPUTING SYSTEMS OFFER HIGH ASSURANCE WITHOUT LOSING KEY CLOUD PROPERTIES? CS6410 Ken Birman, Cornell University High Assurance in Cloud Settings 2 A wave of applications that need high assurance is fast approaching

672 views • 40 slides
Assurance Challenges for New & In-service Submarines. Roger Coles May 2019 Introduction

Assurance Challenges for New & In-service Submarines. Roger Coles May 2019 Introduction

Safety Assurance Challenges for New & In-service Submarines. Roger Coles May 2019 Introduction High value assets in a hostile environments Acceptable Risk Level Design Build In-Service Assurance Owners Responsibility

400 views • 23 slides
Critical Friends Panel Graham Edwards, Chief Executive 1 Business performance update outputs

Critical Friends Panel Graham Edwards, Chief Executive 1 Business performance update outputs

July 2017 Critical Friends Panel Graham Edwards, Chief Executive 1 Business performance update outputs 2016/17 Social Customer Safety Reliability Environmental obligations Service Met our 1 in 20 Met both our key

844 views • 65 slides
Data Assurance in Opaque Computations High Assurance Systems Engineering Guy Haworth

Data Assurance in Opaque Computations High Assurance Systems Engineering Guy Haworth

Data Assurance in Opaque Computations High Assurance Systems Engineering Guy Haworth guy.haworth@bnc.oxon.org 1 Data Assurance - ACG12, 2009-05-11 Topics Motivation Systems Engineering Cycle Definition: the Problem Domain and the

824 views • 27 slides
Xenon: High-Assurance Xen John McDermott John.McDermott@NRL.Navy.Mil Naval Research Laboratory

Xenon: High-Assurance Xen John McDermott John.McDermott@NRL.Navy.Mil Naval Research Laboratory

Xenon: High-Assurance Xen John McDermott John.McDermott@NRL.Navy.Mil Naval Research Laboratory Center for High-Assurance Computer Systems http:/ / chacs.nrl.navy.mil Xenon Xen Beyond Buffer Overflows high-assurance Policy flaws Use the

565 views • 24 slides
Cybersecurity Assurance for Critical Infrastructure Jason Jaskolka Collaborator: John Villasenor

Cybersecurity Assurance for Critical Infrastructure Jason Jaskolka Collaborator: John Villasenor

Introduction Research Problem Methodological Elements Impact & Value Concluding Remarks Cybersecurity Assurance for Critical Infrastructure Jason Jaskolka Collaborator: John Villasenor Center for International Security and Cooperation

457 views • 44 slides
Objectives To introduce the concept of safety-critical software To describe the

Objectives To introduce the concept of safety-critical software To describe the

Chapter 21 Chapter 21 Safety-Critical Software Learning Objective . Developing software which should never compromise the overall safety of a system. Frederick T Sheldon Assistant Professor of Computer Science Washington State University CS

327 views • 15 slides
1 The High Value High Risk, or HVHR, assessments were critical inputs to government decisions for

1 The High Value High Risk, or HVHR, assessments were critical inputs to government decisions for

The Auditor-General provides assurance to Parliament on the accountability and performance of the Victorian Public Sector. The Auditor-General conducts financial audits and performance audits, and reports on the results of these audits to

239 views • 13 slides
Completing the jigsaw system and safety assurance, and asset management Richard Adams,

Completing the jigsaw system and safety assurance, and asset management Richard Adams,

Completing the jigsaw system and safety assurance, and asset management Richard Adams, Manager Safety & Risk Assurance Asset Standards Authority Asset Standards Authority RISSB Rail Safety 2015 Conference | 1 RISSB Rail Safety 2015

270 views • 24 slides
Safety-critical systems design: the TASTE tool-chain Julien Delange

Safety-critical systems design: the TASTE tool-chain Julien Delange

Safety-critical systems design: the TASTE tool-chain Julien Delange <julien.delange@esa.int> Maxime Perrotin <maxime.perrotin@esa.int> 1 High-integrity software constraints Real-Time determinism Safety & security

692 views • 22 slides
Development of Critical Systems AUTHORS: P. GRAYDON, J. KNIGHT, E. STRUNK PRESENTED BY: MIKE

Development of Critical Systems AUTHORS: P. GRAYDON, J. KNIGHT, E. STRUNK PRESENTED BY: MIKE

Assurance Based Development of Critical Systems AUTHORS: P. GRAYDON, J. KNIGHT, E. STRUNK PRESENTED BY: MIKE MAKSIMOV 1 Overview 1. Introduction to Assurance Cases 2. Overview of the Problem 3. Assurance Based Development (ABD)

599 views • 37 slides
Opportunities and Challenges for Whole Genome Sequencing in Food Safety Assurance and Control

Opportunities and Challenges for Whole Genome Sequencing in Food Safety Assurance and Control

Opportunities and Challenges for Whole Genome Sequencing in Food Safety Assurance and Control Leon Gorris Unilever R&D Vlaardingen, The Netherlands 12 th CII Food Safety Summit 4 5 December 2017 Outline Next Generation Sequencing

332 views • 31 slides
High-Assurance and High-Speed Cryptographic Implementations Using the Jasmin Language J.B.

High-Assurance and High-Speed Cryptographic Implementations Using the Jasmin Language J.B.

High-Assurance and High-Speed Cryptographic Implementations Using the Jasmin Language J.B. Almeida, M. Barbosa, G. Barthe, B. Grgoire, A. Koutsos , V. La- porte, T. Oliveira, P-Y. Strub Octobre 9th, 2019 1 Context 2 Context Cryptographic

985 views • 57 slides
C++ for Safety-Critical Systems DI Gnter Obiltschnig Applied Informatics Software Engineering

C++ for Safety-Critical Systems DI Gnter Obiltschnig Applied Informatics Software Engineering

C++ for Safety-Critical Systems DI Gnter Obiltschnig Applied Informatics Software Engineering GmbH guenter.obiltschnig@appinf.com A life-critical system or safety-critical system is a system whose failure or malfunction may result in: >

899 views • 87 slides
Consumer Protection DIRECTORATE FOOD SAFETY & QUALITY ASSURANCE Niel Erasmus Division Animal

Consumer Protection DIRECTORATE FOOD SAFETY & QUALITY ASSURANCE Niel Erasmus Division Animal

NATIONAL DEPARTMENT OF AGRICULTURE Food Quality Standards and Consumer Protection DIRECTORATE FOOD SAFETY & QUALITY ASSURANCE Niel Erasmus Division Animal and Processed Products Directorate: Food Safety and Quality Assurance The Act THE

288 views • 24 slides
Jasmin: High-Assurance and High-Speed Cryptography Jos Bacelar Almeida Manuel Barbosa Gilles

Jasmin: High-Assurance and High-Speed Cryptography Jos Bacelar Almeida Manuel Barbosa Gilles

Jasmin: High-Assurance and High-Speed Cryptography Jos Bacelar Almeida Manuel Barbosa Gilles Barthe Arthur Blot Benjamin Grgoire Vincent Laporte Tiago Oliveira Hugo Pacheco Benedick Schmidt Pierre-Yves Strub CCS17 2017-11-02

440 views • 31 slides
Housing Agency Regulation Office Assurance and the Critical Role of the Audit and Risk Committee

Housing Agency Regulation Office Assurance and the Critical Role of the Audit and Risk Committee

Housing Agency Regulation Office Assurance and the Critical Role of the Audit and Risk Committee Prof. Patricia Barker The Development of Corporate Governance Relatively recent phenomenon Development of ACs in the USA in 1939

495 views • 10 slides
Critical Friends Panel 1 EQ Communications Who we are Housekeeping Agenda 2 Purpose

Critical Friends Panel 1 EQ Communications Who we are Housekeeping Agenda 2 Purpose

September 2018 Critical Friends Panel 1 EQ Communications Who we are Housekeeping Agenda 2 Purpose of today Provide you with Get your valued an update on what input into our weve been doing future stakeholder since we last

988 views • 53 slides

More recommend