Policy-Based Security Modelling and Enforcement Approach for Emerging Embedded Architectures

Research output: Contribution to conferencePaper

34 Downloads (Pure)

Abstract

Complex embedded systems often contain hard to find vulnerabilities which, when exploited, have potential to cause severe damage to the operating environment and the user. Given that threats and vulnerabilities can exist within any layer of the complex eco-system, OEMs face a major challenge to ensure security throughout the device life-cycle To lower the potential risk and damage that vulnerabilities may cause, OEMs typically perform application threat analysis and security modelling. This process typically provides a high level guideline to solving security problems which can then be implemented during design and development. However, this concept presents issues where new threats or unknown vulnerability has been discovered.
To address this issue, we propose a policy-based security modelling approach, which utilises a configurable policy engine to apply new policies that counter serious threats. By utilising this approach, the traditional security modelling approaches can be enhanced and the consequences of a new threat greatly reduced.
We present a realistic use case of connected car, applying several attack scenarios. By utilising STRIDE threat modelling and DREAD risk assessment model, adequate policies are derived to protect the car assets. This approach poses advantages over the standard approach, allowing a policy update to counter a new threat, which may have otherwise required a product redesign to alleviate the issue under the traditional approach.
Original languageEnglish
Publication statusAccepted - 16 Jul 2018
Event31st International IEEE System-on-Chip Conference - Washington, United States
Duration: 04 Sep 201807 Sep 2018
Conference number: 31
https://www.ieee-socc.org/

Conference

Conference31st International IEEE System-on-Chip Conference
Abbreviated titleIEEE SoCC
CountryUnited States
CityWashington
Period04/09/201807/09/2018
Internet address

Fingerprint

Railroad cars
Embedded systems
Risk assessment
Life cycle
Engines

Keywords

  • Secure by design
  • Security Modelling
  • Policy
  • Embedded Security
  • STRIDE
  • Threat Modelling

Cite this

Hagan, M., Siddiqui, F. M., & Sezer, S. (Accepted/In press). Policy-Based Security Modelling and Enforcement Approach for Emerging Embedded Architectures. Paper presented at 31st International IEEE System-on-Chip Conference, Washington, United States.
Hagan, Matthew ; Siddiqui, Fahad Manzoor ; Sezer, Sakir. / Policy-Based Security Modelling and Enforcement Approach for Emerging Embedded Architectures. Paper presented at 31st International IEEE System-on-Chip Conference, Washington, United States.
@conference{c23d4cbd0e9646fc8868c1cc98645a78,
title = "Policy-Based Security Modelling and Enforcement Approach for Emerging Embedded Architectures",
abstract = "Complex embedded systems often contain hard to find vulnerabilities which, when exploited, have potential to cause severe damage to the operating environment and the user. Given that threats and vulnerabilities can exist within any layer of the complex eco-system, OEMs face a major challenge to ensure security throughout the device life-cycle To lower the potential risk and damage that vulnerabilities may cause, OEMs typically perform application threat analysis and security modelling. This process typically provides a high level guideline to solving security problems which can then be implemented during design and development. However, this concept presents issues where new threats or unknown vulnerability has been discovered.To address this issue, we propose a policy-based security modelling approach, which utilises a configurable policy engine to apply new policies that counter serious threats. By utilising this approach, the traditional security modelling approaches can be enhanced and the consequences of a new threat greatly reduced.We present a realistic use case of connected car, applying several attack scenarios. By utilising STRIDE threat modelling and DREAD risk assessment model, adequate policies are derived to protect the car assets. This approach poses advantages over the standard approach, allowing a policy update to counter a new threat, which may have otherwise required a product redesign to alleviate the issue under the traditional approach.",
keywords = "Secure by design, Security Modelling, Policy, Embedded Security, STRIDE, Threat Modelling",
author = "Matthew Hagan and Siddiqui, {Fahad Manzoor} and Sakir Sezer",
year = "2018",
month = "7",
day = "16",
language = "English",
note = "31st International IEEE System-on-Chip Conference, IEEE SoCC ; Conference date: 04-09-2018 Through 07-09-2018",
url = "https://www.ieee-socc.org/",

}

Hagan, M, Siddiqui, FM & Sezer, S 2018, 'Policy-Based Security Modelling and Enforcement Approach for Emerging Embedded Architectures', Paper presented at 31st International IEEE System-on-Chip Conference, Washington, United States, 04/09/2018 - 07/09/2018.

Policy-Based Security Modelling and Enforcement Approach for Emerging Embedded Architectures. / Hagan, Matthew; Siddiqui, Fahad Manzoor; Sezer, Sakir.

2018. Paper presented at 31st International IEEE System-on-Chip Conference, Washington, United States.

Research output: Contribution to conferencePaper

TY - CONF

T1 - Policy-Based Security Modelling and Enforcement Approach for Emerging Embedded Architectures

AU - Hagan, Matthew

AU - Siddiqui, Fahad Manzoor

AU - Sezer, Sakir

PY - 2018/7/16

Y1 - 2018/7/16

N2 - Complex embedded systems often contain hard to find vulnerabilities which, when exploited, have potential to cause severe damage to the operating environment and the user. Given that threats and vulnerabilities can exist within any layer of the complex eco-system, OEMs face a major challenge to ensure security throughout the device life-cycle To lower the potential risk and damage that vulnerabilities may cause, OEMs typically perform application threat analysis and security modelling. This process typically provides a high level guideline to solving security problems which can then be implemented during design and development. However, this concept presents issues where new threats or unknown vulnerability has been discovered.To address this issue, we propose a policy-based security modelling approach, which utilises a configurable policy engine to apply new policies that counter serious threats. By utilising this approach, the traditional security modelling approaches can be enhanced and the consequences of a new threat greatly reduced.We present a realistic use case of connected car, applying several attack scenarios. By utilising STRIDE threat modelling and DREAD risk assessment model, adequate policies are derived to protect the car assets. This approach poses advantages over the standard approach, allowing a policy update to counter a new threat, which may have otherwise required a product redesign to alleviate the issue under the traditional approach.

AB - Complex embedded systems often contain hard to find vulnerabilities which, when exploited, have potential to cause severe damage to the operating environment and the user. Given that threats and vulnerabilities can exist within any layer of the complex eco-system, OEMs face a major challenge to ensure security throughout the device life-cycle To lower the potential risk and damage that vulnerabilities may cause, OEMs typically perform application threat analysis and security modelling. This process typically provides a high level guideline to solving security problems which can then be implemented during design and development. However, this concept presents issues where new threats or unknown vulnerability has been discovered.To address this issue, we propose a policy-based security modelling approach, which utilises a configurable policy engine to apply new policies that counter serious threats. By utilising this approach, the traditional security modelling approaches can be enhanced and the consequences of a new threat greatly reduced.We present a realistic use case of connected car, applying several attack scenarios. By utilising STRIDE threat modelling and DREAD risk assessment model, adequate policies are derived to protect the car assets. This approach poses advantages over the standard approach, allowing a policy update to counter a new threat, which may have otherwise required a product redesign to alleviate the issue under the traditional approach.

KW - Secure by design

KW - Security Modelling

KW - Policy

KW - Embedded Security

KW - STRIDE

KW - Threat Modelling

M3 - Paper

ER -

Hagan M, Siddiqui FM, Sezer S. Policy-Based Security Modelling and Enforcement Approach for Emerging Embedded Architectures. 2018. Paper presented at 31st International IEEE System-on-Chip Conference, Washington, United States.