Download
secure real time embedded systems n.
Skip this Video
Loading SlideShow in 5 Seconds..
Secure Real Time Embedded Systems PowerPoint Presentation
Download Presentation
Secure Real Time Embedded Systems

Secure Real Time Embedded Systems

122 Vues Download Presentation
Télécharger la présentation

Secure Real Time Embedded Systems

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Secure Real TimeEmbedded Systems Sherif Khattab and Daniel Mossé University of Pittsburgh Computer Science Department

  2. Embedded Systems • Before: isolated, closed systems • Later: connected thru dedicated phone lines • Now, web connected; control can be done remotely • Convenience costs LOTS of remote security issues • Safety and security are big issues, since these systems (now on the web) control actual industrial plants and other devices • Attacker’s goal: compromise data and deadlines • Defender’s goal: satisfy deadlines, despite overhead

  3. POTS? Voice over IP? • Assume VoIP is widespread (skype anyone?) • Assume compromised nodes can attack POTS • Use VoIP to attack dialup control systems • Distributed Denial of Service: lots of VoIP clients compromised attack control system to a slow or fast death…

  4. Denial of Service • DoS attacks cause system overload, overloads cause timing failures (missed deadlines, control period) • System needs to react when it cannot • Suggested approach: reserve security bandwidth? RTSs are a perfect candidate • Every new component creates a new vulnerability • Make detection a real-time task (temporally secure) characteristics? temporally vulnerable? • Mitigating DoS attacks in RTSs or EmSys • Mixture of static and dynamic analysis? • Relation with imprecise, reward-based, version-based, elastic, …, computing? • Power grids, sensor networks, industrial control systems…

  5. Requirements • Need another property, namely security level • Do we need YARTM? (yet another RT task model?) • Include a measure of robustness and power/energy • Complete model includes attackers’ capabilities and constraints (battery, CPU, etc), attack model (correlated attacks, spoofing attacks, etc) • However, security is on the eye of the system integrator • Need to provide tradeoffs • Specification is needed • Need to remember that data exists forever

  6. Questions • Define the difference between security and fault tolerance? Similar in RTSs? In EmSys? • Find tradeoff of crypto/security deadline misses • Need efficient intrusion detection mechanisms • What is special (besides funding ) in secure embedded systems?? Similar, but for small devs • Cannot afford the power for public key crypto • Need adaptive security; does it compromise security? • Relatively light attacks may be crippling • What detection mechanisms can we use that satisfy all restrictions of embedded systems?