security summary
play

Security Summary Michael McCool Intel Osaka, W3C Web of Things - PowerPoint PPT Presentation

Feb 21, 2024 •308 likes •385 views

Security Summary Michael McCool Intel Osaka, W3C Web of Things F2F, 17 May 2017 Summary Summary Plenary Review of security process Breakout Review of Threat Model Stakeholders, Roles , Assets, Adversaries, Attack Surfaces,

  1. Security Summary Michael McCool Intel Osaka, W3C Web of Things F2F, 17 May 2017

  2. Summary Summary  Plenary  Review of security process  Breakout  Review of Threat Model  Stakeholders, Roles , Assets, Adversaries, Attack Surfaces, Threats, Use Cases, Objectives  External references and standards for security and privacy  Selection  Discussion of summarization and evaluation process 2/37

  3. Process Threat model – Understand what you need to protect and why Scoping – Organize and prioritize threats, define security objectives State of Art – Study related areas and their approaches to security Solutions – Find a suitable mitigation for each in-scope threat Implementation and Evaluation – Implement and Test each solution

  4. Threat Model  Stakeholders See Pull Request #318  Description, Role, Business-driven security goals, Interesting edge cases  Roles  Assets  Description, Who should have access (Trust Model), Attack Points  Adversaries  Persona, Motivation, Attacker type  Attack surfaces  System Element, Compromise Type(s), Assets exposed, Attack Method  Threats  Name, Adversary, Asset, Attack method and pre-conditions, priority  Use Cases  Security Objectives and Non-Objectives  Threats, Mitigation (if an objective), Reasoning (if not) 4/37

  5. Attack Surfaces  Boundaries depends on assets and architecture  Boundaries between domains provide attack surfaces  Hierarchy of trust 5/37

  6. External References and Standards See Pull Request #319  External References: Industrial Internet Consortium Security Framework: http://www.iiconsortium.org/IISF.htm  IETF ACE (Authentication and Authorization for Constrained Environments): https://tools.ietf.org/wg/ace/  IETF RFC 7252 (CoAP) Security model: https://tools.ietf.org/html/rfc7252  IETF (IAB) RFC 3552 – Guidelines for Writing RFC Text on Security Considerations: https://tools.ietf.org/html/rfc3552  IETF (IAB) RFC 6973 – Privacy Considerations for Internet protocols: https://tools.ietf.org/html/rfc6973  STRIDE Threat Model: https://docs.microsoft.com/en-us/azure/iot-suite/iot-security-architecture  OWASP IoT Attack Vectors: https://www.owasp.org/index.php/Threat_Risk_Modeling  IoT Security Foundation: https://iotsecurityfoundation.org/  FIPS and other national standards   Liaison References (Systems are built on top of these): OCF 1.0 Security Specification (Draft): https://openconnectivity.org/draftspecs/OCF_Security_Specification_v1.0.0.pdf  oneM2M Security Solutions, TS-0003: http://www.onem2m.org/images/files/deliverables/Release2/TS-0003_Security_Solutions-v2_4_1.pdf  OPC(-UA)?  Echonet (but… no security?), BACnet (but… no security?)  6/37

Recommend

Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

ITS335 Intro. to Security Concepts Threats, Attacks, Assets Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2

965 views • 34 slides
Internet Security Summary ITS335: IT Security Sirindhorn International Institute of Technology

Internet Security Summary ITS335: IT Security Sirindhorn International Institute of Technology

ITS335 Internet Security Internet Security Secure Email Internet Security Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015 its335y15s2l10,

450 views • 25 slides
Web Security HTTPS Certificates Summary ITS335: IT Security Sirindhorn International Institute

Web Security HTTPS Certificates Summary ITS335: IT Security Sirindhorn International Institute

ITS335 Web Security Browsing Applications Web Security HTTPS Certificates Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2 February 2014 its335y13s2l09,

446 views • 31 slides
Web Security HTTPS Certificates Summary ITS335: IT Security Sirindhorn International Institute

Web Security HTTPS Certificates Summary ITS335: IT Security Sirindhorn International Institute

ITS335 Web Security Browsing Applications Web Security HTTPS Certificates Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015 its335y15s2l08,

680 views • 35 slides
WLAN Security Summary 2010/02/15 (C) Herbert Haas Threat Summary Simple eavesdropping

WLAN Security Summary 2010/02/15 (C) Herbert Haas Threat Summary Simple eavesdropping

WLAN Security Summary 2010/02/15 (C) Herbert Haas Threat Summary Simple eavesdropping Radio broadcast Reduce TX powers! Encryption (WEP, TKIP, AES, IPsec) Authentication Shared secrets vs. stolen devices, large nets

964 views • 93 slides
Chosen-Ciphertext Security Chosen-Ciphertext Security without Redundancy without Redundancy

Chosen-Ciphertext Security Chosen-Ciphertext Security without Redundancy without Redundancy

Chosen-Ciphertext Security Chosen-Ciphertext Security without Redundancy without Redundancy Duong Hieu Phan David Pointcheval ENS France CNRS-ENS France Asiacrypt '03 Taipei - Taiwan December 1 st 2003 Summary Summary Asymmetric

235 views • 21 slides
Security Proofs ---- Asymmetric Encryption Introduction without Redundancy Provable Security

Security Proofs ---- Asymmetric Encryption Introduction without Redundancy Provable Security

Summary Summary Security Proofs ---- Asymmetric Encryption Introduction without Redundancy Provable Security Asymmetric Encryption Rennes January 2004 New Schemes Joint work with Duong Hieu Phan David Pointcheval David Pointcheval

638 views • 8 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
Summary Security: Applications & Aspects Part I Cryptographic Features Introduction

Summary Security: Applications & Aspects Part I Cryptographic Features Introduction

Summary Security: Applications & Aspects Part I Cryptographic Features Introduction Software vs Hardware Support Hardware Acceleration Solutions Processor Extensions for Security Basic Cyphering Part II Symmetric vs Asymmetric

1.14k views • 21 slides
Safety and Security Summary Dr. Peter Giarrizzo, Superintendent of Schools North Shore Central

Safety and Security Summary Dr. Peter Giarrizzo, Superintendent of Schools North Shore Central

Safety and Security Summary Dr. Peter Giarrizzo, Superintendent of Schools North Shore Central School District March 26, 2018 What security measures exist? Each school conducts Table Top drills to test our emergency response plans.

489 views • 10 slides
Security Middleware for Distributed applications Professor : Sophie Chabridon Ma Siqi Shalini

Security Middleware for Distributed applications Professor : Sophie Chabridon Ma Siqi Shalini

Security Middleware for Distributed applications Professor : Sophie Chabridon Ma Siqi Shalini Nagar 1 CONTENTS Security Characterizing Security General Scenario Tactics for Security A Design Checklist for Security Summary 2 01

487 views • 25 slides
Provable Security Introduction Lawrence Berkeley National Lab August 2003 David Pointcheval

Provable Security Introduction Lawrence Berkeley National Lab August 2003 David Pointcheval

Provable Security Introduction Lawrence Berkeley National Lab August 2003 David Pointcheval LIENS-CNRS Ecole normale suprieure Summary Summary Introduction Asymmetric Cryptography Computational Assumptions Security

498 views • 31 slides
NPA 2019-07 Management of Information Security Risks Summary of Discussion: AMC & GM

NPA 2019-07 Management of Information Security Risks Summary of Discussion: AMC & GM

NPA 2019-07 Management of Information Security Risks Summary of Discussion: AMC & GM Jean-Paul Moreaux Principle Cybersecurity in Aviation Coordinator 2 nd July 2019 EASA Workshop on NPA 2019-07 Your safety is our mission. An Agency

123 views • 9 slides
Provable Security in Cryptography ----- DL-based Systems ECC - Sept 24th 2002 - Essen David

Provable Security in Cryptography ----- DL-based Systems ECC - Sept 24th 2002 - Essen David

Provable Security in Cryptography ----- DL-based Systems ECC - Sept 24th 2002 - Essen David Pointcheval Ecole normale suprieure France Summary Summary The Methodology of Provable Security Complexity Assumptions

351 views • 24 slides
Security in Pervasive Wireless Security in Pervasive Wireless Systems Systems Wade Trappe

Security in Pervasive Wireless Security in Pervasive Wireless Systems Systems Wade Trappe

Security in Pervasive Wireless Security in Pervasive Wireless Systems Systems Wade Trappe Breaking Down the Issues (summary) Breaking Down the Issues (summary) Wireless is easy to sniff. We still need encryption services and key management.

533 views • 13 slides
CCM4350 Security Architecture and Engineering Lecture 2 Security Design Principles 15.10.2012

CCM4350 Security Architecture and Engineering Lecture 2 Security Design Principles 15.10.2012

CCM4350 Security Architecture and Engineering Lecture 2 Security Design Principles 15.10.2012 1 Content of Todays Lecture Summary and Wrap up on Security Terminology The Fundamental Dilemma of Security Five Design Principles

801 views • 25 slides
Summary Introduction & Cryptographic Background Hardware Support for Physical Security

Summary Introduction & Cryptographic Background Hardware Support for Physical Security

Summary Introduction & Cryptographic Background Hardware Support for Physical Security Side Channel Attacks Arnaud Tisserand Fault Injection Attacks CNRS, Lab-STICC laboratory CRiSIS 2017, Dinard, France Protections Examples

266 views • 15 slides
Conficker Summary and Review David Piscitello ICANN Sr. Security Technologist What is Conficker?

Conficker Summary and Review David Piscitello ICANN Sr. Security Technologist What is Conficker?

Conficker Summary and Review David Piscitello ICANN Sr. Security Technologist What is Conficker? An Internet worm Self replicating malicious code Uses a network for distribution A blended threat Uses various methods to spread

389 views • 15 slides
Firewalls Summary ITS335: IT Security Sirindhorn International Institute of Technology

Firewalls Summary ITS335: IT Security Sirindhorn International Institute of Technology

ITS335 Firewalls Characteristics Types Locations Firewalls Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 25 October 2013 its335y13s2l08,

245 views • 23 slides
Web Attacks Summary ITS335: IT Security Sirindhorn International Institute of Technology

Web Attacks Summary ITS335: IT Security Sirindhorn International Institute of Technology

ITS335 Web Attacks Web Apps OWASP Top 10 Risks Web Attacks Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 13 February 2014 its335y13s2l10,

575 views • 30 slides
File System Needs Summary of Day #4 discussions from Dagstuhl Seminar #17202 Security Issues in

File System Needs Summary of Day #4 discussions from Dagstuhl Seminar #17202 Security Issues in

File System Needs Summary of Day #4 discussions from Dagstuhl Seminar #17202 Security Issues in User-level File Systems Stergios Anastasiadis University of Ioannina Rangetable: Deamortized compactions Arion: Client-side journal for

198 views • 7 slides
Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security

Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security

Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security Authentication not required. i.e., Adversary allowed to send own messages (possibly error) Key/ Key/ Recv Enc Dec Send Replay SIM-CCA

192 views • 16 slides
NSF Workshop on Big Data Security and Privacy Report Summary Bhavani Thuraisingham The University

NSF Workshop on Big Data Security and Privacy Report Summary Bhavani Thuraisingham The University

NSF Workshop on Big Data Security and Privacy Report Summary Bhavani Thuraisingham The University of Texas at Dallas (UTD) February 19, 2015 Acknowledgement NSF SaTC Program for support Chris Clifton and Jeremy Epstein Workshop

412 views • 18 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides

More recommend