Security in Cyber-Physical Systems

1. Security and Privacy in Cyber-Physical Systems Bob Marcus Co-Chair NIST Big Data PWG robert.marcus@et-strategies.com Caveat: This is a rough ﬁrst cut and will be revised extensively! Friday, April 29, 16

2. Key Points on CPS Security and Privacy - Initial Thoughts • Security and privacy are essential for IoT applications • Due to the ability to interact with physical systems, security breaches can be much worse than unauthorized data access • Due to the increasingly pervasive placement of IoT devices, privacy will be a major issue for IoT • Security and privacy will be required at all levels and across networks • Regulatory and user requirements will often need to have localized data that is not available for remote processing Friday, April 29, 16

3. Outline of Slides ・CPS Security Issues ・CPS Privacy ・CPS Security Frameworks ・Online Trust Alliance (OTA) Trust Framework and Resource Guide ・Open Web Application Security Project (OWASP) Slides ・CPS Use Cases Security Friday, April 29, 16

4. CPS Security Issues Friday, April 29, 16

5. Operational and Information Technology Security for IoT From http://www.corporateperformancemanagement-hq.com/how-should-you-consider-the-iot-security-management-better-secure-the-application-layer/ Friday, April 29, 16

6. CPS System of Systems Security Characteristics From http://www.slideshare.net/pfroberts/cyber-physical-systems-boston-2015-1 Friday, April 29, 16

7. CPS Security Topics From http://icsd.i2r.a-star.edu.sg/cpss15/ • Adaptive attack mitigation for CPS • Authentication and access control for CPS • Availability, recovery and auditing for CPS • Data security and privacy for CPS • Embedded systems security • EV charging system security • Intrusion detection for CPS • Key management in CPS • Legacy CPS system protection • Lightweight crypto and security • SCADA security • Security of industrial control systems • Smart grid security • Threat modeling for CPS • Urban transportation system security • Vulnerability analysis for CPS • Wireless sensor network security Friday, April 29, 16

8. IoT Security Levels From http://www.slideshare.net/DrDavidProbert/integrated-cybersecurity-and-the-internet-of-things Friday, April 29, 16

9. Recommended Interdisciplinary Design Areas from NIST From https://s3.amazonaws.com/nist-sgcps/cpspwg/pwgglobal/CPS_PWG_Draft_Framework_for_Cyber-Physical_Systems_Release_0_8_September_2015.pdf Friday, April 29, 16

10. Cyber-Physical and Analog Design Layers from NIST From https://s3.amazonaws.com/nist-sgcps/cpspwg/pwgglobal/CPS_PWG_Draft_Framework_for_Cyber-Physical_Systems_Release_0_8_September_2015.pdf Friday, April 29, 16

11. Recommended Design Considerations for CPS Security From https://s3.amazonaws.com/nist-sgcps/cpspwg/pwgglobal/CPS_PWG_Draft_Framework_for_Cyber-Physical_Systems_Release_0_8_September_2015.pdf Friday, April 29, 16

12. Design Considerations for CPS Security continued From https://s3.amazonaws.com/nist-sgcps/cpspwg/pwgglobal/CPS_PWG_Draft_Framework_for_Cyber-Physical_Systems_Release_0_8_September_2015.pdf Friday, April 29, 16

13. Challenges for Privacy and Security From http://tinyurl.com/gv38c78 Friday, April 29, 16

14. Responses toChallenges to Cyber-Physical System Security From http://tinyurl.com/gv38c78 mPCDs = Mobile Personal Communication Device SNSS = Smart Networked Systems and Society Friday, April 29, 16

15. Online Trust Alliance’s (OTA)Vendor Best Practices for IoT Security From https://otalliance.org/news-events/press-releases/internet-things-lacks-safety-today-opening-door-major-threats-tomorrow • Making privacy policies readily available for review prior to product purchase, download or activation. • Encrypting or hashing all personally identiﬁable data both at rest and in motion. • Disclosing prior to purchase a device’s data collection policies, as well as the impact on the device’s key features if consumers choose not to share their data. • Disclosing if the user has the ability to remove or make anonymous all personal data upon discontinuing device or device end-of-life. • Publishing a timeframe for support after the device/app is discontinued or replaced by newer version. Friday, April 29, 16

16. From http://iot-datamodels.blogspot.com/2014/05/design-patterns-for-internet-of-things.html Design Patterns for IoT Security from Michael Koster • Access control using data models: semantic hyperlinks control access to resources based on the embedded metadata • Social to physical graph relationship: well deﬁned concepts of ownership and access delegation between people, entities, and things • PGP and asymmetric public-key cryptography on devices: ways of creating SSL sessions and signing data between devices and applications • DTLS over UDP: security for resource constrained devices • End-to-end encryption: transmitting and storing encrypted data independent of channel encryption • Device Management: using device identity, registration, and secure key exchange Friday, April 29, 16

17. Device Level Security Requirements From www.windriver.com/whitepapers/security-in-the-internet-of-things/wr_security-in-the-internet-of-things.pdf • Secure Booting • Access Control • Device Authentication • Firewalls or Intrusion Prevention System (IPS) • Updates and Patches Friday, April 29, 16

18. Security for IoT in IERC From www.internet-of-things-research.eu/pdf/IERC_Cluster_Book_2014_Ch.3_SRIA_WEB.pdf DoS/DDOS attacks are already well understood for the current Internet, but the IoT is also susceptible to such attacks and will require speciﬁc techniques and mechanisms to ensure that transport, energy, city infrastructures cannot be disabled or subverted. General attack detection and recovery/resilience to cope with IoT-speciﬁc threats, such as compromised nodes, malicious code hacking attacks. Cyber situation awareness tools/techniques will need to be developed to enable IoT-based infrastructures to be monitored.Advances are required to enable operators to adapt the protection of the IoT during the lifecycle of the system and assist operators to take the most appropriate protective action during attacks. The IoT requires a variety of access control and associated accounting schemes to support the various authorisation and usage models that are required by users.The heterogeneity and diversity of the devices/gateways that require access control will require new lightweight schemes to be developed. The IoT needs to handle virtually all modes of operation by itself without relying on human control. New techniques and approaches e.g. from machine learning, are required to lead to a self- managed IoT Friday, April 29, 16

19. Privacy for IoT from IERC From www.internet-of-things-research.eu/pdf/IERC_Cluster_Book_2014_Ch.3_SRIA_WEB.pdf Cryptographic techniques that enable protected data to be stored processed and shared, without the information content being accessible to other parties. Technologies such as homomorphic and searchable encryption are potential candidates for developing such approaches. Techniques to support Privacy by Design concepts, including data minimisation, identification, authentication and anonymity. Fine-grain and self-configuring access control mechanism emulating the real world. There are a number of privacy implications arising from the ubiquity and pervasiveness of IoT devices where further research is required, including Preserving location privacy, where location can be inferred from things associated with people. Prevention of personal information inference, that individuals would wish to keep private, through the observation of IoT-related exchanges. Keeping information as local as possible using decentralised computing and key management. Use of soft Identities, where the real identity of the user can be used to generate various soft identities for specific applications.Each soft identity can be designed for a specific context or application without revealing unnecessary information, which can lead to privacy breaches Friday, April 29, 16

20. Trust for IoT from IERC From www.internet-of-things-research.eu/pdf/IERC_Cluster_Book_2014_Ch.3_SRIA_WEB.pdf Lightweight Public Key Infrastructures (PKI) as a basis for trust management.Advances are expected in hierarchical and cross certification concepts to enable solutions to address the scalability requirements. Lightweight key management systems to enable trust relationships to be established and the distribution of encryption materials using minimum communications and processing resources, as is consistent with the resource constrained nature of many IoT devices. Quality of Information is a requirement for many IoT-based systems where metadata can be used to provide an assessment of the reliability of IoT data. Decentralised and self-configuring systems as alternatives to PKI for establishing trust e.g. identity federation, peer to peer. Novel methods for assessing trust in people, devices and data, beyond reputation systems. One example is Trust Negotiation.Trust Negotiation is a mechanism that allows two parties to automatically negotiate, on the basis of a chain of trust policies, the minimum level of trust required to grant access to a service or to a piece of information. Assurance methods for trusted platforms including hardware, software, protocols, etc. Access Control to prevent data breaches. One example is Usage Control, which is the process of ensuring the correct usage of certain information according to a predefined policy after the access to information is granted Friday, April 29, 16

21. IoT Security Concerns from HP From http://www8.hp.com/h20195/V2/GetPDF.aspx/4AA5-4759ENW.pdf Friday, April 29, 16

22. Security Threats for IoT from Infineon From http://www.slideshare.net/infineon/infineon-the-root-of-trust-for-the-internet-of-things Friday, April 29, 16

23. Attacks on IoT Devices From https://www.researchgate.net/publication/252013823_Proposed_embedded_security_framework_for_Internet_of_Things_IoT Friday, April 29, 16

24. Potential Security Risks in IoT to Cloud Networks From http://blog.imgtec.com/powervr/bringing-better-security-to-mobile-automotive-or-iot Friday, April 29, 16

25. Device Level Security Levels From http://viodi.com/2015/04/26/summary-of-iot-sessions-at-2015-gsa-silicon-summit-part-i/ Friday, April 29, 16

26. IoT Security Chain (Device to Data Center) from PRPL From http://www.slideshare.net/axroh/cie-io-tsecurityarﬁnal Friday, April 29, 16

27. IoT Products Security Comparison by Veracode From https://www.veracode.com/sites/default/ﬁles/Resources/Whitepapers/internet-of-things-whitepaper.pdf 1. User Facing Services Security 2. Device Facing Services Security 3. Mobile Application Interface Security 4. Device Debugging Interface Security Friday, April 29, 16

28. 1. User Facing Cloud Services Security Comparison From https://www.veracode.com/sites/default/ﬁles/Resources/Whitepapers/internet-of-things-whitepaper.pdf Friday, April 29, 16

29. 2. Device Facing Cloud Services Security Comparison From https://www.veracode.com/sites/default/ﬁles/Resources/Whitepapers/internet-of-things-whitepaper.pdf Friday, April 29, 16

30. 3. Mobile Application Interface Security Comparison From https://www.veracode.com/sites/default/ﬁles/Resources/Whitepapers/internet-of-things-whitepaper.pdf Friday, April 29, 16

31. 4. Device Debugging Interface Security Comparison From https://www.veracode.com/sites/default/ﬁles/Resources/Whitepapers/internet-of-things-whitepaper.pdf Friday, April 29, 16

32. CPS Privacy Friday, April 29, 16

33. Privacy Risks with IoT From www.computerworld.com/article/3010626/internet-of-things/a-privacy-standard-for-internet-of-things-suppliers.html • Prospective buyers of connected cars have heard the reports of hackers taking over control of the vehicle, putting passengers at risk of an accident.They also worry about others being able to remotely monitor conversations inside the vehicle, monitor compliance with trafﬁc regulations and predict when and where they will be. • Future consumers of smart homes — houses containing interconnected appliances, smart meters and smart TVs — similarly worry about outside parties being able to assume remote control of their living space, monitor activity, predict whereabouts and also draw conclusions about what type of people they are based on their living patterns. • As wearables expand beyond tracking the number of steps per day into more comprehensive health and wellness proﬁles integrated with smartphones and social networks, users’ commentary and concern about the use and disclosure of their data dossiers are increasing. Friday, April 29, 16

34. Industry Speciﬁc Privacy Standards with IoT From www.computerworld.com/article/3010626/internet-of-things/a-privacy-standard-for-internet-of-things-suppliers.html • Mobile-marketing industry’s Mobile Application Privacy Policy Framework http://tinyurl.com/hjzwfnp • Automaker’s Consumer Privacy Protection Principles forVehicle Technologies and Services http://www.autoalliance.org/?objectid=865F3AC0-68FD-11E4-866D000C296BA163 • Agribusiness sector’s Privacy and Security Principles for Farm Data. http://www.fb.org/tmp/uploads/PrivacyAndSecurityPrinciplesForFarmData.pdf Friday, April 29, 16

35. Required Privacy for IoT From www.computerworld.com/article/3010626/internet-of-things/a-privacy-standard-for-internet-of-things-suppliers.html 1. Tested security. It’s one thing to adopt a set of security controls like the Payment Card Industry Data Security Standard, designed to reduce credit card fraud. It’s another thing for those controls to prevail in a sophisticated penetration test.The IoT would need to set the bar at this higher level to earn maximum user trust. 2. Data minimization. IoT components should maintain default settings that use the minimum amount of personal data to perform their service. Minimum can mean minimum types of data ﬁelds collected and exposed to other devices as well as minimum periods of data retention. 3. Controlled and transparent disclosure. Law enforcement and national defense around the world will seek to pursue their legitimate objectives within the IoT.Virtually every industry will seek to track or analyze their end consumers as they move through the system.Trust in the whole enterprise will collapse, however, if these pursuits are not counterbalanced with reliable disclosure controls that are proportionate to the identiﬁed threat, and widely known and understood. 4. Data portability. Users won’t want any one node of the IoT ecosystem to accumulate too much power by storing data in its own proprietary format.To bolster trust in the entire system, adopt a common data format that allows users to port their data from one platform to the next. 5. Right to be forgotten.The IoT should be safe for the most vulnerable in society: children, victims of crime and the poor.To protect their safety and thereby make the IoT the largest possible marketplace, enable users to completely opt out by being able to withdraw their data. Friday, April 29, 16

36. CPS Security Frameworks Friday, April 29, 16

37. CPS Security Framework from China From www.sersc.org/journals/IJSIA/vol9_no1_2015/17.pdf or https://www.terraswarm.org/pubs/136/lu_newmultiframe_edge.pdf Friday, April 29, 16

38. Security Architecture Service Delivery Framework from Cap Gemini From http://www.slideshare.net/JohnArnoldSec/security-architecture-frameworks Friday, April 29, 16

39. Architecture Reference Model based Security Framework for IoT From http://www.mdpi.com/1424-8220/15/7/15611/htm Friday, April 29, 16

40. Architecture Interaction with Security Framework for IoT From http://www.mdpi.com/1424-8220/15/7/15611/htm Friday, April 29, 16

41. Security Enclaves Management Structure from Cisco From http://www.cisco.com/c/en/us/products/collateral/servers-uniﬁed-computing/ucs-manager/whitepaper-c07-731204.html Friday, April 29, 16

42. IoT Security Environment from Cisco From http://www.cisco.com/web/about/security/intelligence/iot_framework.html Friday, April 29, 16

43. Secure IoT Framework from Cisco From http://www.cisco.com/web/about/security/intelligence/iot_framework.html Friday, April 29, 16

44. Secure Features and Layering from IoT-A From http://www.iot-a.eu/arm/d1.3/at_download/ﬁle Friday, April 29, 16

45. Security Framework from iCore Project From http://www.sciencedirect.com/science/article/pii/S0167404815000887 Friday, April 29, 16

46. Model-Based Security Kit (SecKit) based on ICore From http://www.sciencedirect.com/science/article/pii/S0167404815000887 Friday, April 29, 16

47. SecKit Metamodel and Dependencies From http://www.internet-of-things-research.eu/pdf/Building_the_Hyperconnected_Society_IERC_2015_Cluster_eBook_978-87-93237-98-8_P_Web.pdf Friday, April 29, 16

48. Eurotech’s Security Approach From http://www.slideshare.net/Eurotechchannel/iot-security-elements Friday, April 29, 16

49. EurotechEveryWareDeviceCloud(EDC)+SoftwareFramework(ESF) From http://www.slideshare.net/Eurotechchannel/iot-security-elements Friday, April 29, 16

50. EurotechEveryWareDeviceCloud+SoftwareFrameworkcontinued From http://www.slideshare.net/Eurotechchannel/iot-security-elements Friday, April 29, 16

51. EurotechEveryWareDeviceCloud+SoftwareFrameworkcontinued From http://www.slideshare.net/Eurotechchannel/iot-security-elements Friday, April 29, 16

52. Internet of Secure Things Framework From http://embedded-computing.com/25942-leveraging-iot-security-to-improve-roi/ Friday, April 29, 16

53. Floodgate Security Framework from Icon Labs From http://www.iconlabs.com/prod/product-family/ﬂoodgate-security-framework Friday, April 29, 16

54. Secure Analytics for IoT Framework from Cisco From http://www.cisco.com/web/about/security/intelligence/iot_framework.html • This secure analytics layer defines the services by which all elements (endpoints and network infrastructure, inclusive of data centers) may participate to provide telemetry for the purpose of gaining visibility and eventually controlling the IoT/M2M ecosystem. • With the maturity of big data systems, we can deploy a massive parallel database (MPP) platform that can process large volumes of data in near real time.When we combine this technology with analytics, we can do some real statistical analysis on the security data to pick out anomalies. • Further, it includes all elements that aggregate and correlate the information, including telemetry, to provide reconnaissance and threat detection.Threat mitigation could vary from automatically shutting down the attacker from accessing further resources to running specialized scripts to initiate proper remediation. • The data, generated by the IoT devices, is only valuable if the right analytics algorithms or other security intelligence processes are defined to identify the threat. We can get better analytical outcome by collecting data from multiple sources and applying security profiles and statistical models that are built upon various layers of security algorithms. Friday, April 29, 16

55. Security Cloud from Cisco From https://techradar.cisco.com/pdf/cisco-technology-radar.pdf Before After Friday, April 29, 16

56. Security Options for Constrained Devices From http://cnds.eecs.jacobs-university.de/slides/2013-im-iot-management.pdf Friday, April 29, 16

57. Security Boundaries from RTI From http://www.slideshare.net/RealTimeInnovations/build-safe-and-secure-distributed-systems-39944271 Friday, April 29, 16

58. Data Distribution ServiceTransport Security from RTI From http://www.slideshare.net/RealTimeInnovations/build-safe-and-secure-distributed-systems-39944271 Friday, April 29, 16

59. Open Trust Alliance (OTA) Trust Framework and Resource Guid Friday, April 29, 16

60. Online Trust Alliance’s (OTA) Trust Framework From https://otalliance.org/system/ﬁles/ﬁles/initiative/documents/iot_trust_framework_released_3-2-2016.pdf Friday, April 29, 16

61. Online Trust Alliance’s (OTA) Trust Framework From https://otalliance.org/system/ﬁles/ﬁles/initiative/documents/iot_trust_framework_released_3-2-2016.pdf Friday, April 29, 16

62. Online Trust Alliance’s (OTA) Trust Framework continued From https://otalliance.org/system/ﬁles/ﬁles/initiative/documents/iot_trust_framework_released_3-2-2016.pdf Security continued Friday, April 29, 16

63. Online Trust Alliance’s (OTA) Trust Framework continued From https://otalliance.org/system/ﬁles/ﬁles/initiative/documents/iot_trust_framework_released_3-2-2016.pdf Friday, April 29, 16

64. Online Trust Alliance’s (OTA) Trust Framework continued From https://otalliance.org/system/ﬁles/ﬁles/initiative/documents/iot_trust_framework_released_3-2-2016.pdf Friday, April 29, 16

65. Online Trust Alliance’s (OTA) Trust Framework continued From https://otalliance.org/system/ﬁles/ﬁles/initiative/documents/iot_trust_framework_released_3-2-2016.pdf Privacy, Disclosures, and Transparency Continued Friday, April 29, 16

66. Online Trust Alliance’s Trust Framework for IoT Resource Guide From https://otalliance.org/system/ﬁles/ﬁles/initiative/documents/iot_trust_resource_guide_2-8.pdf Friday, April 29, 16

67. Online Trust Alliance’s Trust Framework for IoT Resource Guide From https://otalliance.org/system/ﬁles/ﬁles/initiative/documents/iot_trust_resource_guide_2-8.pdf Security Friday, April 29, 16

68. OTA Trust Framework for IoT Resource Guide Continued From https://otalliance.org/system/ﬁles/ﬁles/initiative/documents/iot_trust_resource_guide_2-8.pdf Security Friday, April 29, 16

69. OTA Trust Framework for IoT Resource Guide continued From https://otalliance.org/system/ﬁles/ﬁles/initiative/documents/iot_trust_resource_guide_2-8.pdf Security Friday, April 29, 16

76. OTA Trust Framework for IoT Resource Guide continued From https://otalliance.org/system/ﬁles/ﬁles/initiative/documents/iot_trust_resource_guide_2-8.pdf User Access and Credentials Friday, April 29, 16

81. OTA Trust Framework for IoT Resource Guide continued From https://otalliance.org/system/ﬁles/ﬁles/initiative/documents/iot_trust_resource_guide_2-8.pdf Privacy, Transparency, & Disclosures Friday, April 29, 16

82. OTA Trust Framework for IoT Resource Guide continued From https://otalliance.org/system/ﬁles/ﬁles/initiative/documents/iot_trust_resource_guide_2-8.pdf Privacy, Transparency, & Disclosures (16 continued) Friday, April 29, 16

92. Open Web Application Security Project (OWASP) Friday, April 29, 16

93. SecurityNeedsfromOpenWebApplicationSecurityProject(OWASP) From https://www.owasp.org/images/7/71/Internet_of_Things_Top_Ten_2014-OWASP.pdf • The Internet of Things Device • The Cloud • The Mobile Application • The Network Interfaces • The Software • Use of Encryption • Use of Authentication • Physical Security • USB ports Friday, April 29, 16

94. OWASP Top Ten IoT Security Issues From https://www.owasp.org/images/7/71/Internet_of_Things_Top_Ten_2014-OWASP.pdf 1. Insecure Web Interface 2. Insufficient Authentication/Authorization 3. Insecure Network Services 4. Lack of Transport Encryption 5. Privacy Concerns 6. Insecure Cloud Interface 7. Insecure Mobile Interface 8. Insufficient Security Configurability 9. Insecure Software/Firmware 10. Poor Physical Security Friday, April 29, 16

95. 1. Insecure Web Interface From https://www.owasp.org/images/7/71/Internet_of_Things_Top_Ten_2014-OWASP.pdf Friday, April 29, 16

96. 2. Insufﬁcient Authentication/Authorization From https://www.owasp.org/images/7/71/Internet_of_Things_Top_Ten_2014-OWASP.pdf Friday, April 29, 16

97. 3. Insecure Network Services From https://www.owasp.org/images/7/71/Internet_of_Things_Top_Ten_2014-OWASP.pdf Friday, April 29, 16

98. 4. Lack of Transport Encryption From https://www.owasp.org/images/7/71/Internet_of_Things_Top_Ten_2014-OWASP.pdf Friday, April 29, 16

99. 5. Privacy Concerns From https://www.owasp.org/images/7/71/Internet_of_Things_Top_Ten_2014-OWASP.pdf Friday, April 29, 16

100. 6. Insecure Cloud Interface From https://www.owasp.org/images/7/71/Internet_of_Things_Top_Ten_2014-OWASP.pdf Friday, April 29, 16

101. 7. Insecure Mobile Interface From https://www.owasp.org/images/7/71/Internet_of_Things_Top_Ten_2014-OWASP.pdf Friday, April 29, 16

102. 8. Insufﬁcient Security Conﬁgurability From https://www.owasp.org/images/7/71/Internet_of_Things_Top_Ten_2014-OWASP.pdf Friday, April 29, 16

103. 9. Insecure Software/Firmware From https://www.owasp.org/images/7/71/Internet_of_Things_Top_Ten_2014-OWASP.pdf Friday, April 29, 16

104. 10. Poor Physical Security From https://www.owasp.org/images/7/71/Internet_of_Things_Top_Ten_2014-OWASP.pdf Friday, April 29, 16

105. CPS Use Cases Security Friday, April 29, 16

106. IoT Security Threats from Beecham Research From http://www.smartgridnews.com/story/iot-presents-utilities-myriad-security-challenges/2015-05-12 Friday, April 29, 16

107. Critical Cyber-Physical Systems Requiring Security From www.slideshare.net/DrDavidProbert/integrated-cybersecurity-and-the-internet-of-things Friday, April 29, 16

108. Security Incidents by Sector in FY 2013 from DHS From http://tinyurl.com/gv38c78 Friday, April 29, 16

109. IoT Use Case and Security from Infineon From http://www.slideshare.net/infineon/infineon-the-root-of-trust-for-the-internet-of-things Friday, April 29, 16

110. Cyber Threats to Critical Infrastructure from GAO From http://pserc.wisc.edu/documents/general_information/presentations/pserc_seminars/psercwebinars2012/Govindarasu_PSERC_Webinar_Slides_Feb_2012.pdf Friday, April 29, 16

111. Smart Grid Security = Info + Infrastructure + Application Security From http://pserc.wisc.edu/documents/general_information/presentations/pserc_seminars/psercwebinars2012/Govindarasu_PSERC_Webinar_Slides_Feb_2012.pdf Friday, April 29, 16

112. Attacks on Smart Grid Cyber-Physical Systems From http://pserc.wisc.edu/documents/general_information/presentations/pserc_seminars/psercwebinars2012/Govindarasu_PSERC_Webinar_Slides_Feb_2012.pdf Friday, April 29, 16

113. Smart City Multi-Layer Security Framework From www.slideshare.net/DrDavidProbert/integrated-cybersecurity-and-the-internet-of-things Friday, April 29, 16

114. References Inventory of all Bob Marcus CPS Slides on Slideshare http://www.slideshare.net/bobmarcus/inventory-of-my-cps-slide-sets Friday, April 29, 16

115. Reference Links (CPS Security) Designed-In Cybersecurity for CPS from Cyber-Security Research Alliance http://www.cybersecurityresearch.org/documents/CSRA_Workshop_Report.pdf Designed-in Security for CPS from IEEE Panel http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=6924670 Security of Cyber-Physical Systems Papers from CMU CyLab https://www.cylab.cmu.edu/research/projects/research-area/security-cyber-physical.html CPS Security Research at ADSC in Singapore http://publish.illinois.edu/cps-security/ NSF/Intel Partnership in CPS Security and Privacy http://www.nsf.gov/pubs/2014/nsf14571/nsf14571.htm Challenges for Securing Cyber-Physical Systems from Berkeley CHESS https://chess.eecs.berkeley.edu/pubs/601/cps-security-challenges.pdf Secure Control Towards Survivable CPS from Berkeley https://www.truststc.org/pubs/345/cardenas-SecureControl-v1.pdf Security Issues and Challenges for Cyber Physical Systems from China http://people.cis.ksu.edu/~danielwang/Investigation/CPS_Security_threat/05724910.pdf Challenges in Security from USC http://cimic.rutgers.edu/positionPapers/CPS-Neuman.pdf Systems Theoretic Approach to the Security Threats in CPS from MIT http://web.mit.edu/smadnick/www/wp/2014-13.pdf Friday, April 29, 16

116. Reference Links (CPS Security) CPS Security Challenges and Research Idea from BBN http://cimic.rutgers.edu/positionPapers/CPSS_BBN.pdf IoT Botnet http://internetofthingsagenda.techtarget.com/deﬁnition/IoT-botnet-Internet-of-Things-botnet Privacy Standards for IoT http://www.computerworld.com/article/3010626/internet-of-things/a-privacy-standard-for-internet-of-things-suppliers.html Building the Bionic Cloud http://www.digitalgovernment.com/media/Downloads/asset_upload_ﬁle194_5802.pdf How the Internet of Things could be fatal http://www.cnbc.com/2016/03/04/how-the-internet-of-things-could-be-fatal.html Hippocratic Oath for Medical Devices https://www.iamthecavalry.org/wp-content/uploads/2016/01/I-Am-The-Cavalry-Hippocratic-Oath-for-Connected-Medical-Devices.pdf Hierarchical Security Architecture for Cyber-Physical Systems https://inldigitallibrary.inl.gov/sti/5144319.pdf A Systematic View of Studies in Cyber-Physical System Security http://www.sersc.org/journals/IJSIA/vol9_no1_2015/17.pdf Why IoT Security is so Critical http://techcrunch.com/2015/10/24/why-iot-security-is-so-critical/#.j1xovjh:VRMg Open Web Application Security Project https://www.owasp.org/index.php/Main_Page PRPL Foundation http://prplfoundation.org/overview/ OpenWrt https://en.wikipedia.org/wiki/OpenWrt Friday, April 29, 16

117. Reference Links (CPS Security) continued Online Trust Alliance (OTA) IoT Initiatives https://otalliance.org/initiatives/internet-things TerraSwarm http://www.terraswarm.org/ Secure Internet of Things Project Publications http://iot.stanford.edu/pubs.html Internet of Things Privacy and Security in a Connected World Report from U.S. Federal Trade Commission(FTC) https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf Best Practices in CyberSecurity from the U.S. National Highway Traffic Safety Administration (NHTSA) http://tinyurl.com/zhpojlp Cybersecurity through Real-Time Distributed Control System http://web.ornl.gov/sci/electricdelivery/pdfs/ORNL_Cybersecurity_Through_Real-Time_Distributed_Control_Systems.pdf ISO/IEC 27108 Privacy Standard and Microsoft Support http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=61498 http://blogs.microsoft.com/on-the-issues/2015/02/16/microsoft-adopts-first-international-cloud-privacy-standard/ Surveillance through IoT http://www.theregister.co.uk/2016/02/09/clapper_says_iot_good_for_intel/ Nanotechnology, Ubiquitous Computing and the IoT - Challenges to the Rights of Privacy and Data Protection for Council of Europe https://www.coe.int/t/dghl/standardsetting/dataprotection/Reports/Miller%20Kearnes%20-%20Nano%20privacy%20Draft%20report%20%2017%2005%202013.pdf NIST supported research on IoT Security for Homes and Transit Systems by Galois https://galois.com/news/tozny-awarded-nist-grant-to-secure-iot-enabled-smart-homes-and-transit-systems/ Friday, April 29, 16

Security in Cyber-Physical Systems

Vous êtes en train de lire un aperçu.

Consultez-les par la suite

Security in Cyber-Physical Systems

Plus De Contenu Connexe

Diaporamas pour vous (20)

Similaire à Security in Cyber-Physical Systems (20)

Plus récents (20)