review of external security models
play

Review of External Security Models Michael McCool Intel Osaka, W3C - PowerPoint PPT Presentation

Apr 16, 2023 •7 likes •87 views

Review of External Security Models Michael McCool Intel Osaka, W3C Web of Things F2F, 17 May 2017 Purpose WoT charter: The scope of the Working Group is restricted to APIs and security frameworks that are applicable across platforms. We will

  1. Review of External Security Models Michael McCool Intel Osaka, W3C Web of Things F2F, 17 May 2017

  2. Purpose WoT charter: The scope of the Working Group is restricted to APIs and security frameworks that are applicable across platforms. We will not define new security mechanisms but will use existing mechanisms and best practices. 1. Determine how to gather requirements for external security models and standards 2. Determine how to represent information in a common format  THEN b egin to review external security models and standards… 2/37

  3. Outline  List of external sources  External standards  Security models of important external IoT ecosystems WoT should interoperate with  Anything missing we should add?  Template for Threat model  Other templates to consider  Standards to review:  IIC Security Framework  IETF ACE Model 3/37

  4. Sources  See: https://github.com/w3c/wot/pull/319  Please create issues to suggest new references  External References:  Industrial Internet Consortium Security Framework: http://www.iiconsortium.org/IISF.htm  IETF ACE (Authentication and Authorization for Constrained Environments): https://tools.ietf.org/wg/ace/  IETF RFC 7252 (CoAP) Security model: https://tools.ietf.org/html/rfc7252  STRIDE Threat Model  OWASP IoT Attack Vectors  Liaison References:  OCF 1.0 Security Specification (Draft): https://openconnectivity.org/draftspecs/OCF_Security_Specification_v1.0.0.pdf  Will discuss this during OCF Review on May 17  oneM2M Security Solutions, TS-0003: http://www.onem2m.org/images/files/deliverables/Release2/TS-0003_Security_Solutions- v2_4_1.pdf 4/37

  5. Template for Threat Model  Stakeholders  Description, Role, Business-driven security goals, Interesting edge cases  Assets  Description, Who should have access (Trust Model), Attack Points  Adversaries  Persona, Motivation, Attacker type  Attack surfaces  System Element, Compromise Type(s), Assets exposed, Attack Method  Threats  Name, Adversary, Asset, Attack method and pre-conditions, priority  Security Objectives and Non-Objectives  Threats, Mitigation (if an objective), Reasoning (if not) 5/37

  6. Other Templates?  Protocol security frameworks and link  Configuration management security  Lifecycle management  TLS, DTLS, etc.  Logging and monitoring  Encryption standards  AES, RSA, etc.  Privacy frameworks  Identity, Authentication, and  Integrity protection Authorization  OAuth, etc. 6/37

  7. IIC Security Framework  See 7/37

  8. IETF ACE  See 8/37

Recommend

Staff has concerns over the setbacks of the second floor patio and will be conditioning that the

Staff has concerns over the setbacks of the second floor patio and will be conditioning that the

From: Liska, Andrew <Andrew.Liska@minneapolismn.gov> Sent: Wednesday, August 19, 2020 2:34 PM To: Michael Subject: RE: [EXTERNAL] RE: [EXTERNAL] RE: [EXTERNAL] RE: [EXTERNAL] RE: [EXTERNAL] RE: [EXTERNAL] 1219 31st W Joyce Church Hi,

366 views • 3 slides
SPF, DKIM and DMARC SPF stands for Sender Policy Framework, a record on the DNS which

SPF, DKIM and DMARC SPF stands for Sender Policy Framework, a record on the DNS which

4/30/2019 (515) 229-5674 kkothari@sgcsecure.com Cheap Solutions to Cybersecurity Kaushal Kothari Audit Secure Guard Consulting Internal Security Assessment (515) 229-5674 External Security Assessment and External Penetration Testing

62 views • 3 slides
Certification Program External Review Certification Program Advisory Committee Harrisburg, PA

Certification Program External Review Certification Program Advisory Committee Harrisburg, PA

11/5/2015 Certification Program External Review Certification Program Advisory Committee Harrisburg, PA November 5, 2015 Tom Wolf, Governor John Quigley, Secretary External Review Timeline March 11 Identify priority elements May

383 views • 10 slides
Security models Bj orn Victor Security models p.1/14 Harrison-Ruzzo-Ullman (HRU)

Security models Bj orn Victor Security models p.1/14 Harrison-Ruzzo-Ullman (HRU)

Information Technology Security models Bj orn Victor Security models p.1/14 Harrison-Ruzzo-Ullman (HRU) Information Technology Subjects S , objects O , access matrix M , access rights A : enforcement: read, write, execute, append,. .

371 views • 14 slides
Protection and Security Threat is potential security violation Attack is attempt to breach

Protection and Security Threat is potential security violation Attack is attempt to breach

CSC 4103 - Operating Systems The Security Problem Spring 2007 Security must consider external environment of the system, and protect the system resources Lecture - XX Intruders (crackers) attempt to breach security Protection and

195 views • 4 slides
Yang Models for I2NSF Capabilities draft-hares-i2nsf-capabilities-yang Susan Hares Co-author:

Yang Models for I2NSF Capabilities draft-hares-i2nsf-capabilities-yang Susan Hares Co-author:

Yang Models for I2NSF Capabilities draft-hares-i2nsf-capabilities-yang Susan Hares Co-author: Robert Moskowitz` Capability Model (Xia, et al.) External Meta External ECA Model Model Capability sub-model Attack Mitigation Network Security

258 views • 15 slides
New Trends in Two Regional Security Complexes: Adaptjng to the New Security Challenges Dr .

New Trends in Two Regional Security Complexes: Adaptjng to the New Security Challenges Dr .

New Trends in Two Regional Security Complexes: Adaptjng to the New Security Challenges Dr . Mara Laura Moreno Sainz Sciences Po Lyon, France Geneva Center for Security Policy April 28 th 2016 Latin America : an external invention

784 views • 35 slides
BUSINESS AND SECURITY Chris Klimek TALKING POINTS PERSONAL BUSINESS IMPORTANCE EXTERNAL

BUSINESS AND SECURITY Chris Klimek TALKING POINTS PERSONAL BUSINESS IMPORTANCE EXTERNAL

BUSINESS AND SECURITY Chris Klimek TALKING POINTS PERSONAL BUSINESS IMPORTANCE EXTERNAL BRAND UNDERSTANDI OF FACTORS NG SECURITY LOOKING FOR THE RIGHT FIT Walk me through the process of how you would start looking for a job or

916 views • 45 slides
Security Models: Proofs, Protocols and Certification Florent Autrau - Yassine Lakhnech -

Security Models: Proofs, Protocols and Certification Florent Autrau - Yassine Lakhnech -

Security Models: Proofs, Protocols and Certification Florent Autrau - Yassine Lakhnech - Jean-Louis Roch Master-2 Security, Cryptology and Coding of Information Systems ENSIMAG/Grenoble-INP UJF Grenoble University, France Security Models,

396 views • 20 slides
St State ate of Al f Alas aska ka Presented by Department of Administration State Security

St State ate of Al f Alas aska ka Presented by Department of Administration State Security

St State ate of Al f Alas aska ka Presented by Department of Administration State Security Office Mark Breunig, CISO April 30, 2019 1 A Brief History External Factors Increasing external threats Successful cyber-attacks, and

387 views • 9 slides
Graphical Models Graphical Models Review of probability theory Review of probability theory

Graphical Models Graphical Models Review of probability theory Review of probability theory

Graphical Models Graphical Models Review of probability theory Review of probability theory Siamak Ravanbakhsh Winter 2018 Learning objectives Learning objectives Probability distribution and density functions Random variable Bayes' rule

988 views • 65 slides
4 Why do we need channel models? Lecture no: Narrowband models Review of properties

4 Why do we need channel models? Lecture no: Narrowband models Review of properties

RADIO SYSTEMS ETI 051 Contents 4 Why do we need channel models? Lecture no: Narrowband models Review of properties Okumuras measurements Okumura-Hata model COST 231-Walfish-Ikegami model Channel models

317 views • 10 slides
CS 642: Midterm 1 Review Questions and General Study Pointers March 2020 1 Threat Modeling,

CS 642: Midterm 1 Review Questions and General Study Pointers March 2020 1 Threat Modeling,

CS 642: Midterm 1 Review Questions and General Study Pointers March 2020 1 Threat Modeling, Security Mindset Review the security mindset, and practice threat modeling on a few example websites. Also, review the various types of attacker models

401 views • 3 slides
Assessment of External Hazards Javier Yllera Department of Nuclear Safety and Security Division

Assessment of External Hazards Javier Yllera Department of Nuclear Safety and Security Division

Joint ICTP-IAEA Essential Knowledge Workshop on Deterministic Safety Analysis and Engineering Aspects Important to Safety Trieste, 12-23 October 2015 Assessment of External Hazards Javier Yllera Department of Nuclear Safety and Security

1.16k views • 62 slides
Integrated Science Assessment for Carbon Monoxide (2 nd External Review Draft) Briefing for Clean

Integrated Science Assessment for Carbon Monoxide (2 nd External Review Draft) Briefing for Clean

Integrated Science Assessment for Carbon Monoxide (2 nd External Review Draft) Briefing for Clean Air Scientific Advisory Committee Carbon Monoxide Review Panel Office of Research and Development November 16, 2009 National Center for

419 views • 27 slides
Introduction to Computer Security Formal Security Models Pavel Laskov Wilhelm Schickard

Introduction to Computer Security Formal Security Models Pavel Laskov Wilhelm Schickard

Introduction to Computer Security Formal Security Models Pavel Laskov Wilhelm Schickard Institute for Computer Science Security instruments learned so far Symmetric and asymmetric cryptography confidentiality, integrity, non-repudiation

319 views • 29 slides
Machine Models for Stream-Based Processing of External Memory Data Nicole Schweikardt

Machine Models for Stream-Based Processing of External Memory Data Nicole Schweikardt

Machine Models for Stream-Based Processing of External Memory Data Nicole Schweikardt Humboldt-University Berlin Workshop on Algorithms for Data Streams IIT Kanpur 18 20 December 2006 A model based on Turing machines FCMs Overview A

678 views • 53 slides
The effectiveness of external monitoring of institutions conducting animal research A review

The effectiveness of external monitoring of institutions conducting animal research A review

The effectiveness of external monitoring of institutions conducting animal research A review of outcomes over 20 years PW Johnson 1 , M Blanchard 2 , LD Chave 1 and MA Rose 3 1 NSW Department of Primary Industries Animal Welfare Unit 2

581 views • 15 slides
PLENARY Employment Lands & Economy Review External Advisory Group #4 vancouverplan.ca

PLENARY Employment Lands & Economy Review External Advisory Group #4 vancouverplan.ca

Slides presented July 29, 2020 PLENARY Employment Lands & Economy Review External Advisory Group #4 vancouverplan.ca Acknowledgement & Intros Welcome! The Employment Lands & Economy Review builds on all economic

1.04k views • 49 slides
CS 5150 So(ware Engineering 14. Security William Y. Arms Security in the So(ware Development

CS 5150 So(ware Engineering 14. Security William Y. Arms Security in the So(ware Development

Cornell University Compu1ng and Informa1on Science CS 5150 So(ware Engineering 14. Security William Y. Arms Security in the So(ware Development Process The security goal The security goal is to make sure that the agents (people or external

489 views • 24 slides
DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security

DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security

DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security Information Assessment Brand Operation Consultancy & Security Protection Penetration Awareness Centre Testing External Networks

474 views • 44 slides
Review: List Implementations The external interface is already defined Implementation goal:

Review: List Implementations The external interface is already defined Implementation goal:

Review: List Implementations The external interface is already defined Implementation goal: implement methods efficiently CSE 143 Java ArrayList approach: use an array with extra space internally ArrayList efficiency Linked

280 views • 6 slides
Certification Program External Review Certification Program Advisory Committee Harrisburg, PA

Certification Program External Review Certification Program Advisory Committee Harrisburg, PA

Certification Program External Review Certification Program Advisory Committee Harrisburg, PA May 28, 2015 Tom Wolf, Governor John Quigley, Acting Secretary Proposed Timeline March 11 Identify priority elements May 28 DEP

547 views • 28 slides
Models in Magnetism: Models in Magnetism: Introduction Introduction E. Burzo Faculty of

Models in Magnetism: Models in Magnetism: Introduction Introduction E. Burzo Faculty of

Models in Magnetism: Models in Magnetism: Introduction Introduction E. Burzo Faculty of Physics, Babes-Bolyai University Cluj-Napoca, Romania Short review: Short review: basic models describing the magnetic behaviour connections

739 views • 42 slides

More recommend