nach oben

Wireless Personal Communications

Erschienen in:

01.04.2015

Multi-Metrics Approach for Security, Privacy and Dependability in Embedded Systems

verfasst von: Iñaki Garitano, Seraj Fayyad, Josef Noll

Erschienen in: Wireless Personal Communications | Ausgabe 4/2015

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Embedded Systems have become highly interconnected devices, being the key elements of the Internet of Things. Their main function is to capture, store, manipulate and access data of a sensitive nature. Moreover, being connected to Internet, expose them to all kind of attacks, which could cause serious consequences. Traditionally, during the design process, security, privacy and dependability (SPD) have been set aside, including them as an add-on feature. This paper provides a methodology together with a Multi-Metrics approach to evaluate the system SPD level during both the design and running processes. The simplicity, based on a single process during the whole system evaluation, and scalability, simple and complex systems are evaluated equally, are the main advantages. The applicability of the presented methodology is demonstrated by the evaluation of a smart vehicle use case.

Vorheriger Artikel 5G Revolution Through WISDOM

Nächster Artikel Network Performance Testing System Integrating Models for Automatic QoE Evaluation of Popular Services: YouTube and Facebook

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Alam, S., Chowdhury, M. M. R., & Noll, J. (2011). Interoperability of security-enabled internet of things. Wireless Personal Communications, 61(3), 567–586.CrossRef

new SHIELD (2014) nSHIELD. New embedded systems architecture for multi-layer dependable solutions. Retrieved September 9, 2014 http://www.newshield.eu

Manadhata, P. K., & Wing, J. M. (2011a). An attack surface metric. Software Engineering, IEEE Transactions on, 37(3), 371–386.CrossRef

Voas, J., & Miller, K. W. (1995). Predicting software’s minimum-time-to-hazard andmean-time-to-hazard for rare input events. In Software Reliability Engineering, 1995. Proceedings, Sixth International Symposium on, IEEE (pp. 229–238).

Voas, J., Ghosh, A., McGraw, G., Charron, F., & Miller, K. W. (1996). Defning an adaptive software security metric from a dynamic software failure tolerance measure. In Computer Assurance, 1996. COMPASS’96, Systems Integrity. Software Safety. Process Security. Proceedings of the Eleventh Annual Conference on, IEEE (pp. 250–263).

Engler, D., Chelf, B., Chou, A., & Hallem, S. (2000). Checking system rules using system-specific, programmer-written compiler extensions. In Proceedings of the 4th conference on Symposium on Operating System Design & Implementation, USENIX Association (Vol. 4, pp. 1–16).

Engler, D., Chen, D. Y., Hallem, S., Chou, A., & Chelf, B. (2001). Bugs as deviant behavior: A general approach to inferring errors in systems code. In Proceedings of the Eighteenth ACM Symposium on Operating Systems Principles, SOSP ’01, ACM, New York, NY, USA (pp. 57–72). doi:10.1145/502034.502041

Wagner, D., Foster, J. S., Brewer, E. A., & Aiken, A. (2000). A first step towards automated detection of buffer overrun vulnerabilities. New York, NY: NDSS.

Zhang, X., Edwards, A., & Jaeger, T. (2002). Using cqual for static analysis of authorization hook placement. In USENIX Security Symposium, (pp. 33–48).

10.

United States Computer Emergency Readiness Team (US-CERT). (2014). National cyber awareness system. Retrieved September 9, 2014 https://www.us-cert.gov/ncas

11.

National Institute of Standards and Technology (NIST). (2014). National vulnerability database. Retrieved September 28, 2014 http://nvd.nist.gov

12.

MITRE. (2014). Common vulnerabilities and exposures. Retrieved September 28, 2014 http://www.cve.mitre.org

13.

SecurityFocus. (2014). Securityfocus. Retrieved September 28, 2014 http://www.securityfocus.com

14.

Browne, H. K., Arbaugh, W. A., McHugh, J., & Fithen, W. L. (2001). A trend analysis of exploitations. In Security and Privacy, 2001. S&P 2001. Proceedings. 2001 IEEE Symposium on, IEEE, (pp. 214–229).

15.

Alves-Foss, J., & Barbosa, S. (1995). Assessing computer security vulnerability. SIGOPS Operating Systems Review, 29(3), 3–13. doi:10.1145/206826.206829.CrossRef

16.

Beattie, S., Arnold, S., Cowan, C., Wagle, P., Wright, C., & Shostack, A. (2002). Timing the application of security patches for optimal uptime. LISA, 2, 233–242.

17.

Brocklehurst, S., Littlewood, B., Olovsson, T., & Jonsson, E. (1994). On measurement of operational security. Aerospace and Electronic Systems Magazine, IEEE, 9(10), 7–16.CrossRef

18.

Howard, M. (2003). Fending off future attacks by reducing attack surface. Retrieved September 9, 2014 http://msdn.microsoft.com/en-us/library/ms972812.aspx

19.

Bartel, A., Klein, J., Le Traon, Y., & Monperrus, M. (2012). Automatically securing permission-based software by reducing the attack surface: An application to android. In Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering, ACM (pp. 274–277).

20.

Howard, M., Pincus, J., & Wing, J. M. (2005). Measuring relative attack surfaces. In D. T. Lee, S. P. Shieh, & J. D. Tygar (Eds.), Computer Security in the 21st Century (pp. 109–137). US: Springer.CrossRef

21.

Kurmus, A., Sorniotti, A., & Kapitza, R. (2011). Attack surface reduction for commodity os kernels: Trimmed garden plants may attract less bugs. In Proceedings of the Fourth European Workshop on System Security, ACM, p. 6.

22.

Manadhata, P., & Wing, J. M. (2004). Measuring a system’s attack surface. Tech. rep., DTIC Document.

23.

Manadhata, P.K., & Wing, J.M. (2011). A formal model for a systems attack surface. In Moving target defense, chap creating asymmetric uncertainty for cyber threats, Vol. 54, (pp. 1–28). New York: Springer.

24.

Stuckman, J., & Purtilo, J. (2012). Comparing and applying attack surface metrics. In Proceedings of the 4th international workshop on Security measurements and metrics, ACM (pp. 3–6).

25.

Szefer, J., Keller, E., Lee, R. B., & Rexford, J. (2011). Eliminating the hypervisor attack surface for a more secure cloud. In Proceedings of the 18th ACM conference on Computer and communications security, ACM (pp. 401–412).

26.

Public Interest, Inc. (2014). Debian. Retrieved October 15, 2014 http://www.debian.org

27.

Red Hat, Inc. (2014). Redhat. Retrieved October 15, 2014 http://www.redhat.com

28.

Manadhata, P. K., & Wing, J. M. (2005). An attack surface metric. Tech. rep., DTIC Document.

29.

Manadhata, P. K., Tan, K. M., Maxion, R. A., & Wing, J. M. (2007). An approach to measuring a system’s attack surface. Tech. rep., DTIC Document.

30.

Manadhata, P., Wing, J., Flynn, M., & McQueen, M. (2006). Measuring the attack surfaces of two ftp daemons. In Proceedings of the 2nd ACM workshop on Quality of protection, ACM (pp. 3–10).

31.

Kurmus, A., Tartler, R., Dorneanu, D., Heinloth, B., Rothberg, V., Ruprecht, A., et al. (2013). Attack surface metrics and automated compile-time os kernel tailoring. In NDSS.

32.

Tartler, R., Kurmus, A., Ruprecht, A., Heinloth, B., Rothberg, V., Dorneanu, D., et al. (2012). Automatic os kernel tcb reduction by leveraging compile-time configurability. In Proceedings of the Eighth Workshop on Hot Topics in System Dependability, ser. HotDep, Vol. 12.

33.

Krumm, J. (2009). A survey of computational location privacy. Personal and Ubiquitous Computing, 13(6), 391–399.CrossRef

34.

Shokri, R., Theodorakopoulos, G., Le Boudec, J. Y., & Hubaux, J. P. (2011). Quantifying location privacy. In Security and Privacy (SP), 2011 IEEE Symposium on, IEEE (pp. 247–262).

35.

Ma, Z., Kargl, F., & Weber, M. (2009). A location privacy metric for v2x communication systems. In Sarnoff Symposium, 2009. SARNOFF’09, IEEE (pp. 1–6).

36.

Jatain, A., & Mehta, Y. (2014). Metrics and models for software reliability: A systematic review. In Issues and Challenges in Intelligent Computing Techniques (ICICT), 2014 International Conference on, IEEE (pp. 210–214).

37.

Henkel, J., Bauer, L., Zhang, H., Rehman, S., & Shafique, M. (2014). Multi-layer dependability: From microarchitecture to application level. In Proceedings of the The 51st Annual Design Automation Conference on Design Automation Conference, ACM (pp. 1–6).

38.

Weiner, M., Jorgovanovic, M., Sahai, A., & Nikolie, B. (2014). Design of a low-latency, high-reliability wireless communication system for control applications. In Communications (ICC), 2014 IEEE International Conference on, IEEE (pp. 3829–3835).

Titel: Multi-Metrics Approach for Security, Privacy and Dependability in Embedded Systems
verfasst von: Iñaki Garitano
Seraj Fayyad
Josef Noll
Publikationsdatum: 01.04.2015
Verlag: Springer US
Erschienen in: Wireless Personal Communications / Ausgabe 4/2015
Print ISSN: 0929-6212
Elektronische ISSN: 1572-834X
DOI: https://doi.org/10.1007/s11277-015-2478-z

Neuer Inhalt

Bildnachweise

VDI-Icon, Profil Icon, inhalt2, Springer Professional Modul/© Springer Fachmedien Wiesbaden GmbH, Zukunftswerkstatt Sales Excellence_ieS/© Springer Fachmedien Wiesbaden GmbH, Search Icon, Banner Hanser, Dr. Alexandru Oproiescu/© Dr. Alexandru Oproiescu, Julian Erhard/© Packex GmbH, Cloud Netzwerk Open Banking/© vege / Fotolia, Zeitschrift Wissensmanagement Cover, PatentFit-Logo/© Springer Fachmedien Wiesbaden GmbH, Zukunftswerkstatt Sales Excellence 2024/© AndreyPopov / Getty Images / iStock, 2023_Antrieb/© supervisuell, ATZ-Webinar: Prototypenfreie Entwicklung durch Offline- und Driver-in-the-Loop-HiL-Tests /© (c) VI-grade

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 4/2015

Editorial: Special Issue on “Cooperation Optimized Innovation Intelligent Infrastructure Networks (COINS)”

Throughput in A Cooperative Network and Channel State Information

Network Performance Testing System Integrating Models for Automatic QoE Evaluation of Popular Services: YouTube and Facebook

The Opportunities and Challenges of Persuasive Technology in Creating Sustainable Innovation and Business Model Innovation

Deploying 5G-Technologies in Smart City and Smart Home Wireless Sensor Networks with Interferences

5G Revolution Through WISDOM

Neuer Inhalt

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.