Policy-Based Security Modelling and Enforcement Approach for Emerging Embedded Architectures

Matthew Hagan; Fahad  Siddiqui; Sakir Sezer

doi:10.1109/SOCC.2018.8618544

Policy-Based Security Modelling and Enforcement Approach for Emerging Embedded Architectures

Matthew Hagan, Fahad Siddiqui, Sakir Sezer

School of Electronics, Electrical Engineering and Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Citation (Scopus)

423 Downloads (Pure)

Abstract

Complex embedded systems often contain hard to find vulnerabilities which, when exploited, have potential to cause severe damage to the operating environment and the user. Given that threats and vulnerabilities can exist within any layer of the complex eco-system, OEMs face a major challenge to ensure security throughout the device life-cycle To lower the potential risk and damage that vulnerabilities may cause, OEMs typically perform application threat analysis and security modelling. This process typically provides a high level guideline to solving security problems which can then be implemented during design and development. However, this concept presents issues where new threats or unknown vulnerability has been discovered.
To address this issue, we propose a policy-based security modelling approach, which utilises a configurable policy engine to apply new policies that counter serious threats. By utilising this approach, the traditional security modelling approaches can be enhanced and the consequences of a new threat greatly reduced.
We present a realistic use case of connected car, applying several attack scenarios. By utilising STRIDE threat modelling and DREAD risk assessment model, adequate policies are derived to protect the car assets. This approach poses advantages over the standard approach, allowing a policy update to counter a new threat, which may have otherwise required a product redesign to alleviate the issue under the traditional approach.

Original language	English
Title of host publication	2018 31st IEEE International System-on-Chip Conference (SOCC): Proceedings
Publisher	IEEE
Pages	84-89
Number of pages	6
ISBN (Electronic)	978-1-5386-1491-4
DOIs	https://doi.org/10.1109/SOCC.2018.8618544
Publication status	Published - 21 Jan 2019
Event	31st International IEEE System-on-Chip Conference - Washington, United States Duration: 04 Sep 2018 → 07 Sep 2018 Conference number: 31 https://www.ieee-socc.org/

Publication series

Name	IEEE International System-on-Chip Conference (SOCC): Proceedings
ISSN (Electronic)	2164-1706

Conference

Conference	31st International IEEE System-on-Chip Conference
Abbreviated title	IEEE SoCC
Country/Territory	United States
City	Washington
Period	04/09/2018 → 07/09/2018
Internet address	https://www.ieee-socc.org/

Keywords

Security Modelling
Policy-based Security
Embedded Security
Threat Modelling
Autonomous Car
Cyberphysical systems
System-on-chip

ASJC Scopus subject areas

Computer Science(all)
Engineering(all)
Architecture
Hardware and Architecture
Safety, Risk, Reliability and Quality

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1109/SOCC.2018.8618544Licence: Unspecified

Policy-Based Security Modelling and Enforcement Approach For Emerging Embedded Architectures
© 2019 The Authors. This work is made available online in accordance with the publisher’s policies. Please refer to any applicable terms of use of the publisher.
Final published version, 1.28 MBLicence: Unspecified

Cite this

@inproceedings{338a636d04d444199cc92cc03f11fa6c,

title = "Policy-Based Security Modelling and Enforcement Approach for Emerging Embedded Architectures",

abstract = "Complex embedded systems often contain hard to find vulnerabilities which, when exploited, have potential to cause severe damage to the operating environment and the user. Given that threats and vulnerabilities can exist within any layer of the complex eco-system, OEMs face a major challenge to ensure security throughout the device life-cycle To lower the potential risk and damage that vulnerabilities may cause, OEMs typically perform application threat analysis and security modelling. This process typically provides a high level guideline to solving security problems which can then be implemented during design and development. However, this concept presents issues where new threats or unknown vulnerability has been discovered.To address this issue, we propose a policy-based security modelling approach, which utilises a configurable policy engine to apply new policies that counter serious threats. By utilising this approach, the traditional security modelling approaches can be enhanced and the consequences of a new threat greatly reduced.We present a realistic use case of connected car, applying several attack scenarios. By utilising STRIDE threat modelling and DREAD risk assessment model, adequate policies are derived to protect the car assets. This approach poses advantages over the standard approach, allowing a policy update to counter a new threat, which may have otherwise required a product redesign to alleviate the issue under the traditional approach.",

keywords = "Security Modelling, Policy-based Security, Embedded Security, Threat Modelling, Autonomous Car, Cyberphysical systems, System-on-chip",

author = "Matthew Hagan and Fahad Siddiqui and Sakir Sezer",

year = "2019",

month = jan,

day = "21",

doi = "10.1109/SOCC.2018.8618544",

language = "English",

series = "IEEE International System-on-Chip Conference (SOCC): Proceedings",

publisher = " IEEE ",

pages = "84--89",

booktitle = "2018 31st IEEE International System-on-Chip Conference (SOCC): Proceedings",

note = "31st International IEEE System-on-Chip Conference, IEEE SoCC ; Conference date: 04-09-2018 Through 07-09-2018",

url = "https://www.ieee-socc.org/",

}

Hagan, M, Siddiqui, F & Sezer, S 2019, Policy-Based Security Modelling and Enforcement Approach for Emerging Embedded Architectures. in 2018 31st IEEE International System-on-Chip Conference (SOCC): Proceedings. IEEE International System-on-Chip Conference (SOCC): Proceedings, IEEE , pp. 84-89, 31st International IEEE System-on-Chip Conference, Washington, Virginia, United States, 04/09/2018. https://doi.org/10.1109/SOCC.2018.8618544

Policy-Based Security Modelling and Enforcement Approach for Emerging Embedded Architectures. / Hagan, Matthew; Siddiqui, Fahad ; Sezer, Sakir.

2018 31st IEEE International System-on-Chip Conference (SOCC): Proceedings. IEEE , 2019. p. 84-89 (IEEE International System-on-Chip Conference (SOCC): Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Policy-Based Security Modelling and Enforcement Approach for Emerging Embedded Architectures

AU - Hagan, Matthew

AU - Siddiqui, Fahad

AU - Sezer, Sakir

N1 - Conference code: 31

PY - 2019/1/21

Y1 - 2019/1/21

N2 - Complex embedded systems often contain hard to find vulnerabilities which, when exploited, have potential to cause severe damage to the operating environment and the user. Given that threats and vulnerabilities can exist within any layer of the complex eco-system, OEMs face a major challenge to ensure security throughout the device life-cycle To lower the potential risk and damage that vulnerabilities may cause, OEMs typically perform application threat analysis and security modelling. This process typically provides a high level guideline to solving security problems which can then be implemented during design and development. However, this concept presents issues where new threats or unknown vulnerability has been discovered.To address this issue, we propose a policy-based security modelling approach, which utilises a configurable policy engine to apply new policies that counter serious threats. By utilising this approach, the traditional security modelling approaches can be enhanced and the consequences of a new threat greatly reduced.We present a realistic use case of connected car, applying several attack scenarios. By utilising STRIDE threat modelling and DREAD risk assessment model, adequate policies are derived to protect the car assets. This approach poses advantages over the standard approach, allowing a policy update to counter a new threat, which may have otherwise required a product redesign to alleviate the issue under the traditional approach.

AB - Complex embedded systems often contain hard to find vulnerabilities which, when exploited, have potential to cause severe damage to the operating environment and the user. Given that threats and vulnerabilities can exist within any layer of the complex eco-system, OEMs face a major challenge to ensure security throughout the device life-cycle To lower the potential risk and damage that vulnerabilities may cause, OEMs typically perform application threat analysis and security modelling. This process typically provides a high level guideline to solving security problems which can then be implemented during design and development. However, this concept presents issues where new threats or unknown vulnerability has been discovered.To address this issue, we propose a policy-based security modelling approach, which utilises a configurable policy engine to apply new policies that counter serious threats. By utilising this approach, the traditional security modelling approaches can be enhanced and the consequences of a new threat greatly reduced.We present a realistic use case of connected car, applying several attack scenarios. By utilising STRIDE threat modelling and DREAD risk assessment model, adequate policies are derived to protect the car assets. This approach poses advantages over the standard approach, allowing a policy update to counter a new threat, which may have otherwise required a product redesign to alleviate the issue under the traditional approach.

KW - Security Modelling

KW - Policy-based Security

KW - Embedded Security

KW - Threat Modelling

KW - Autonomous Car

KW - Cyberphysical systems

KW - System-on-chip

UR - https://ieeexplore.ieee.org/document/8618544

U2 - 10.1109/SOCC.2018.8618544

DO - 10.1109/SOCC.2018.8618544

M3 - Conference contribution

T3 - IEEE International System-on-Chip Conference (SOCC): Proceedings

SP - 84

EP - 89

BT - 2018 31st IEEE International System-on-Chip Conference (SOCC): Proceedings

PB - IEEE

T2 - 31st International IEEE System-on-Chip Conference

Y2 - 4 September 2018 through 7 September 2018

ER -

Policy-Based Security Modelling and Enforcement Approach for Emerging Embedded Architectures

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

UN SDGs

Access to Document

Other files and links

Fingerprint

31st International IEEE System-on-Chip Conference

Cite this

Policy-Based Security Modelling and Enforcement Approach for Emerging Embedded Architectures

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

UN SDGs

Access to Document

Other files and links

Fingerprint

Activities

31st International IEEE System-on-Chip Conference

Cite this