E-Book, Englisch, 95 Seiten
Wolf / Serpanos Safe and Secure Cyber-Physical Systems and Internet-of-Things Systems
1. Auflage 2019
ISBN: 978-3-030-25808-5
Verlag: Springer International Publishing
Format: PDF
Kopierschutz: 1 - PDF Watermark
E-Book, Englisch, 95 Seiten
ISBN: 978-3-030-25808-5
Verlag: Springer International Publishing
Format: PDF
Kopierschutz: 1 - PDF Watermark
?This book provides the first comprehensive view of safe and secure CPS and IoT systems. The authors address in a unified manner both safety (physical safety of operating equipment and devices) and computer security (correct and sound information), which are traditionally separate topics, practiced by very different people.
Offers readers a unified view of safety and security, from basic concepts through research challenges;Provides a detailed comparison of safety and security methodologies;Describes a comprehensive threat model including attacks, design errors, and faults;Identifies important commonalities and differences in safety and security engineering.
Dimitrios Serpanos holds a PhD in Computer Science from Princeton University since 1990. He received his Engineering Degree in Computer Engineering & Informatics from the University of Patras in 1985 and his MA in Computer Science from Princeton University in 1988. Between 1990 and 1996 he was a Research Staff Member (RSM) at IBM Research, T.J. Watson Research Center working in the area of systems architecture for high bandwidth systems. Between 1996 and 2000 he was faculty member at the University of Crete (Computer Science) and a researcher at ICS-FORTH. Since 2000 he has been a professor at the University of Patras, Dept. of Electrical & Computer Engineering, working in the area of computer architecture, embedded and cyber-physical systems with emphasis on cybersecurity, industrial systems, and network and multimedia systems. He is the Director of the Industrial Systems Institute/ATHENA, where he served as Director also during 2008-2013. He has served as President of the University of Western Greece. He has been working on computer architecture, embedded systems, and cybersecurity for more than 25 years, with special emphasis on building real systems and prototypes that are tested in the lab or in the field. Marilyn Wolf received her bachelor's, master's, and doctoral degrees in electrical engineering from Stanford University in 1980, 1981, and 1984, respectively. She was with AT&T Bell Laboratories in Murray Hill, N.J. from 1984 to 1989 and was with Princeton University from 1989 until 2007. In 2007, Dr. Wolf joined Georgia Tech as the Rhesa 'Ray' S. Farmer, Jr. Distinguished Chair in Embedded Computing Systems and Georgia Research Alliance Eminent Scholar. Her research interests include embedded computing, cyber-physical and IoT systems, and embedded computer vision. She has received the IEEE Computer Society Goode Memorial Award, the ASEE Terman Award, and IEEE Circuits and Systems Society Education Award.
Autoren/Hrsg.
Weitere Infos & Material
1;Preface;6
2;Contents;7
3;Chapter 1: The Safety and Security Landscape;9
3.1;1.1 Introduction;9
3.2;1.2 Case Studies;10
3.2.1;1.2.1 Cyber-Physical Systems Are Shockingly Easy to Attack;11
3.2.2;1.2.2 Cyber-Physical Systems Can Kill People;11
3.2.3;1.2.3 Cyber-Physical System Disruptions Require Extensive and Lengthy Repairs;12
3.2.4;1.2.4 Patch and Pray Considered Harmful;13
3.2.5;1.2.5 Folk Wisdom Is Untrustworthy;13
3.2.6;1.2.6 The IT/OT Boundary Is Soft;14
3.2.7;1.2.7 Design Processes Cannot Be Trusted;14
3.2.8;1.2.8 The V Model Is Inadequate;15
3.2.9;1.2.9 Privacy Is a Critical Requirement;15
3.3;1.3 Chapters in This Book;15
3.4;1.4 Summary;16
3.5;References;16
4;Chapter 2: Safety and Security Design Processes;19
4.1;2.1 Introduction;19
4.2;2.2 Risk Management;19
4.3;2.3 Fault Models and Hazard Analysis;21
4.4;2.4 Attack Models and Attack Analysis;25
4.5;2.5 Standards and Certification;27
4.6;2.6 Quality Management Systems;29
4.7;2.7 Safety Design Processes;30
4.8;2.8 Security Design Processes;33
4.9;2.9 Comparison and Contrast of Safety and Security Design Processes;37
4.10;References;39
5;Chapter 3: Threats and Threat Analysis;42
5.1;3.1 Introduction;42
5.2;3.2 Vulnerabilities, Hazards, and Threats;43
5.3;3.3 Compound Threats;43
5.4;3.4 Threat Analysis Models;44
5.5;3.5 Characteristics of Vulnerabilities and Threats;47
5.5.1;3.5.1 Improper Authorization Threats;48
5.5.2;3.5.2 Authorization Domains;49
5.5.3;3.5.3 Software Safety Threats;49
5.6;3.6 Iterative Threat Analysis Methodology;49
5.7;3.7 Threat Mitigation;50
5.7.1;3.7.1 Pre-deployment;51
5.7.2;3.7.2 Post-deployment;51
5.8;3.8 Summary;52
5.9;References;52
6;Chapter 4: Architectures;53
6.1;4.1 Introduction;53
6.2;4.2 Processor Security;53
6.2.1;4.2.1 Root-of-Trust;54
6.2.2;4.2.2 Side Channel Attacks;54
6.3;4.3 Model-Based Design;54
6.4;4.4 Architectural Threat Modeling;55
6.4.1;4.4.1 Attack Model;56
6.4.2;4.4.2 Example Attacks and Mitigations;59
6.5;4.5 Service-Oriented Architectures;60
6.6;4.6 Summary;62
6.7;References;62
7;Chapter 5: Security Testing and Run-Time Monitoring;64
7.1;5.1 Introduction;64
7.2;5.2 Security Testing;65
7.3;5.3 Fuzz Testing for Security;66
7.4;5.4 Fuzzing Industrial Control Network Systems;68
7.5;5.5 A Modbus TCP Fuzzer;69
7.6;5.6 Run-Time Monitoring;71
7.7;5.7 The ARMET Approach;72
7.8;References;74
8;Chapter 6: False Data Injection Attacks;78
8.1;6.1 Introduction;78
8.2;6.2 Vulnerability Analysis;79
8.3;6.3 Dynamic Monitoring;83
8.4;References;87
9;Index;89
