Enforcing Policy-Based Security Models for Embedded SoCs within the Internet of Things

Research output: Chapter in Book/Report/Conference proceedingConference contribution

35 Downloads (Pure)

Abstract

Within complex IoT ecosystems and network structures, hard to find vulnerabilities have potential to cause significant disruption and damage. In addition, device tampering and re-purposing can threaten business models of service providers. The vulnerability surface area of the ecosystem ranges across the entire system architecture, from the cloud to the IoT device. These can be introduced at any stage of the device life-cycle, including design, programming, manufacturing, integration, operation and maintenance of the device. While threat modelling during the design phase can alleviate some potential vulnerabilities, it is more difficult or even impossible to mitigate problems for devices already in the market. A policy-based device security model is proposed as an approach, that can be enforced using hardware and software security architectures.
This paper reflects on existing literature on threat modelling and how derived security models can influence the design phase. This contribution proposes that by using the threat modelling to define specific use case security policies within the security model, OEMs will be able to tailor their solution to conform to the user’s security requirements. Platform vendors, on the other hand, will have reduced design costs as they can offer generic solutions for differing levels of criticality.
An example scenario is provided using an industrial PLC as the attack target. While threat modelling can establish countermeasures for both the design process and policy defining, the policy can be introduced quickly, whereas the design method approach requires extensive modification to the system firmware.
Original languageEnglish
Title of host publicationIEEE International Conference on Secure and Dependable Systems: Proceedings
Place of PublicationKaohsiung, Taiwan
Publisher IEEE
Number of pages8
ISBN (Electronic)9781538657904
ISBN (Print)9781538657904
DOIs
Publication statusPublished - 24 Jan 2019
EventIEEE International Conference on Dependable and Secure Systems - Kaohsiung, Taiwan, Province of China
Duration: 10 Dec 201813 Dec 2018
https://dsc2018.nsysu.edu.tw/

Conference

ConferenceIEEE International Conference on Dependable and Secure Systems
Abbreviated titleDSC
CountryTaiwan, Province of China
CityKaohsiung
Period10/12/201813/12/2018
Internet address

Fingerprint

Ecosystems
Firmware
Programmable logic controllers
Internet of things
Life cycle
Hardware
Costs
Industry

Keywords

  • access control
  • attack trees
  • SDLC
  • Secure by design
  • Security Modelling
  • Security policy
  • SELinux
  • STRIDE
  • Threat Modelling
  • Trusted Computing

Cite this

@inproceedings{265d6100c7154dc49dff658f795a1772,
title = "Enforcing Policy-Based Security Models for Embedded SoCs within the Internet of Things",
abstract = "Within complex IoT ecosystems and network structures, hard to find vulnerabilities have potential to cause significant disruption and damage. In addition, device tampering and re-purposing can threaten business models of service providers. The vulnerability surface area of the ecosystem ranges across the entire system architecture, from the cloud to the IoT device. These can be introduced at any stage of the device life-cycle, including design, programming, manufacturing, integration, operation and maintenance of the device. While threat modelling during the design phase can alleviate some potential vulnerabilities, it is more difficult or even impossible to mitigate problems for devices already in the market. A policy-based device security model is proposed as an approach, that can be enforced using hardware and software security architectures.This paper reflects on existing literature on threat modelling and how derived security models can influence the design phase. This contribution proposes that by using the threat modelling to define specific use case security policies within the security model, OEMs will be able to tailor their solution to conform to the user’s security requirements. Platform vendors, on the other hand, will have reduced design costs as they can offer generic solutions for differing levels of criticality.An example scenario is provided using an industrial PLC as the attack target. While threat modelling can establish countermeasures for both the design process and policy defining, the policy can be introduced quickly, whereas the design method approach requires extensive modification to the system firmware.",
keywords = "access control, attack trees, SDLC, Secure by design, Security Modelling, Security policy, SELinux, STRIDE, Threat Modelling, Trusted Computing",
author = "Matthew Hagan and Siddiqui, {Fahad Manzoor} and Sakir Sezer and BooJoong Kang and Kieran McLaughlin",
year = "2019",
month = "1",
day = "24",
doi = "10.1109/DESEC.2018.8625140",
language = "English",
isbn = "9781538657904",
booktitle = "IEEE International Conference on Secure and Dependable Systems: Proceedings",
publisher = "IEEE",

}

Hagan, M, Siddiqui, FM, Sezer, S, Kang, B & McLaughlin, K 2019, Enforcing Policy-Based Security Models for Embedded SoCs within the Internet of Things. in IEEE International Conference on Secure and Dependable Systems: Proceedings. IEEE , Kaohsiung, Taiwan, IEEE International Conference on Dependable and Secure Systems, Kaohsiung, Taiwan, Province of China, 10/12/2018. https://doi.org/10.1109/DESEC.2018.8625140

Enforcing Policy-Based Security Models for Embedded SoCs within the Internet of Things. / Hagan, Matthew; Siddiqui, Fahad Manzoor; Sezer, Sakir; Kang, BooJoong; McLaughlin, Kieran.

IEEE International Conference on Secure and Dependable Systems: Proceedings. Kaohsiung, Taiwan : IEEE , 2019.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Enforcing Policy-Based Security Models for Embedded SoCs within the Internet of Things

AU - Hagan, Matthew

AU - Siddiqui, Fahad Manzoor

AU - Sezer, Sakir

AU - Kang, BooJoong

AU - McLaughlin, Kieran

PY - 2019/1/24

Y1 - 2019/1/24

N2 - Within complex IoT ecosystems and network structures, hard to find vulnerabilities have potential to cause significant disruption and damage. In addition, device tampering and re-purposing can threaten business models of service providers. The vulnerability surface area of the ecosystem ranges across the entire system architecture, from the cloud to the IoT device. These can be introduced at any stage of the device life-cycle, including design, programming, manufacturing, integration, operation and maintenance of the device. While threat modelling during the design phase can alleviate some potential vulnerabilities, it is more difficult or even impossible to mitigate problems for devices already in the market. A policy-based device security model is proposed as an approach, that can be enforced using hardware and software security architectures.This paper reflects on existing literature on threat modelling and how derived security models can influence the design phase. This contribution proposes that by using the threat modelling to define specific use case security policies within the security model, OEMs will be able to tailor their solution to conform to the user’s security requirements. Platform vendors, on the other hand, will have reduced design costs as they can offer generic solutions for differing levels of criticality.An example scenario is provided using an industrial PLC as the attack target. While threat modelling can establish countermeasures for both the design process and policy defining, the policy can be introduced quickly, whereas the design method approach requires extensive modification to the system firmware.

AB - Within complex IoT ecosystems and network structures, hard to find vulnerabilities have potential to cause significant disruption and damage. In addition, device tampering and re-purposing can threaten business models of service providers. The vulnerability surface area of the ecosystem ranges across the entire system architecture, from the cloud to the IoT device. These can be introduced at any stage of the device life-cycle, including design, programming, manufacturing, integration, operation and maintenance of the device. While threat modelling during the design phase can alleviate some potential vulnerabilities, it is more difficult or even impossible to mitigate problems for devices already in the market. A policy-based device security model is proposed as an approach, that can be enforced using hardware and software security architectures.This paper reflects on existing literature on threat modelling and how derived security models can influence the design phase. This contribution proposes that by using the threat modelling to define specific use case security policies within the security model, OEMs will be able to tailor their solution to conform to the user’s security requirements. Platform vendors, on the other hand, will have reduced design costs as they can offer generic solutions for differing levels of criticality.An example scenario is provided using an industrial PLC as the attack target. While threat modelling can establish countermeasures for both the design process and policy defining, the policy can be introduced quickly, whereas the design method approach requires extensive modification to the system firmware.

KW - access control

KW - attack trees

KW - SDLC

KW - Secure by design

KW - Security Modelling

KW - Security policy

KW - SELinux

KW - STRIDE

KW - Threat Modelling

KW - Trusted Computing

U2 - 10.1109/DESEC.2018.8625140

DO - 10.1109/DESEC.2018.8625140

M3 - Conference contribution

SN - 9781538657904

BT - IEEE International Conference on Secure and Dependable Systems: Proceedings

PB - IEEE

CY - Kaohsiung, Taiwan

ER -