Diversity, Safety and Security in Embedded Systems: Modelling Adversary Effort and Supply Chain Risks

Gashi, Ilir; Povyakalo, Andrey; Strigini, Lorenzo

doi:10.1109/edcc.2016.27

Cited by 7 publications

(5 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Others, instead, concentrated on architectural solutions for specific application domains, smart grids (Babay et al, 2018), autonomous driving (Vöelp and Verissimo, 2018), or web servers (Saidane et al, 2009). Specific security architectures tailored to problems generated by specific vulnerabilities are the subject of the works of Gorbenko et al (2020) and Garcia et al (2014), while investigations on trade-offs between competing requirements are conducted by Gashi et al (2016).…”

Section: 2mentioning

confidence: 99%

“…Notice, though, that scattering data and code among on-premises and/or commercial data centers may degrade confidentiality, depending on the accessibility conditions to the chosen diverse sites (see the works of Gashi et al (2016) or Khan and Babay (2021) for specific examples). Thus, side effects of location diversity have to be carefully analyzed and managed.…”

Section: 21mentioning

confidence: 99%

“…In this paper, two layers of protection will be considered, indicated as L 0 , L 1 , where L 0 is the most stringent one, as also done in other studies (e.g., Rodriguez et al, 2015;Gashi et al, 2016;Hardekopf et al, 2001). Of course, a higher number of protection levels could be needed, to properly address requirements of specific contexts/application domains.…”

Section: Access Control Policiesmentioning

confidence: 99%

See 2 more Smart Citations

Redundancy-based intrusion tolerance approaches moving from classical fault tolerance methods

Di Giandomenico,

Masetti,

Chiaradonna

2022

International Journal of Applied Mathematics and Computer Scien

View full text Add to dashboard Cite

Borrowing from well known fault tolerant approaches based on redundancy to mask the effect of faults, redundancybased intrusion tolerance schemes are proposed in this paper, where redundancy of ICT components is exploited as a first defense line against a subset of compromised components within the redundant set, due to cyberattacks. Features to enhance defense and tolerance capabilities are first discussed, covering diversity-based redundancy, confusion techniques, protection mechanisms, locality policies and rejuvenation phases. Then, a set of intrusion tolerance variations of classical fault tolerant schemes (including N Version Programming and Recovery Block, as well as a few hybrid approaches) is proposed, by enriching each original scheme with one or more of the previously introduced defense mechanisms. As a practical support to the system designer in making an appropriate choice among the available solutions, for each developed scheme a schematic summary is provided, in terms of resources and defense facilities needed to tolerate f value failures and k omission failures, as well as observations regarding time requirements. To provide an example of more detailed analysis, useful to set up an appropriate intrusion tolerance configuration, a trade-off study between cost and additional redundancy employed for confusion purposes is also carried out.

show abstract

Section: 2mentioning

confidence: 99%

Section: 21mentioning

confidence: 99%

Section: Access Control Policiesmentioning

confidence: 99%

See 1 more Smart Citation

Redundancy-based intrusion tolerance approaches moving from classical fault tolerance methods

Di Giandomenico,

Masetti,

Chiaradonna

2022

International Journal of Applied Mathematics and Computer Scien

View full text Add to dashboard Cite

show abstract

“…The CLEARSY Safety Platform is made up of a hardware execution platform, an IDE enabling the generation of diverse binaries from a single B model, and a certification kit describing its safety features as well as the safety constraints exported to the hosting system. Diversity intentional differences between redundant components, to reduce the likelihood of common failures due to systematic causes that would reduce the benefit of redundancy [3].…”

Section: Terminologymentioning

confidence: 99%

Programming the CLEARSY Safety Platform with B

Lecomte¹

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

The CLEARSY Safety Platform (CSSP) is aimed at easing the development and the deployment of safety critical applications, up to the safety integrity level 4 (SIL4). It relies on the smart integration of the B formal method, redundant code generation and compilation, and a hardware platform that ensures a safe execution of the software. This paper exposes the programming model of the CSSP used to develop control & command applications based on digital I/Os.

show abstract

“…─ Diversity: Each system of the set of systems is implemented in a different language or technology. A set composed of a C++ application, a JAVA application and a Python application highly supports diversity property [24]. ─ Redundancy: Each system of the set of systems offers the same functions.…”

Section: Processing Proximity Includesmentioning

confidence: 99%

Characterizing Sets of Systems: Representation and Analysis of Across-Systems Properties

Bouzekri

Canny

Martinie

et al. 2020

Beyond Interactions

View full text Add to dashboard Cite

System quality is assessed with respect to the value of relevant properties of that system. The level of abstraction of these properties can be very high (e.g. usability) or very low (e.g. all the "Ok" buttons in the application have the same size). These properties can be generic and thus applicable to a large group of systems (e.g. all the interactive systems should be usable) or very specific to a system (e.g. the "Quit" button in my application should always be visible). While properties identification and verification is at the core of interactive systems engineering, much less attention is paid to properties that aims at characterizing a pair (or more) of systems. In this paper, we propose to study such properties (defined as across-systems properties) and propose a notation for representing them. We propose a process for the analysis of such properties using the proposed notation. This process and analysis can be used during systems design or integration. We also present several examples of across-systems properties and demonstrate their importance and use on a simple example of aircraft cockpits buttons.

show abstract

Diversity, Safety and Security in Embedded Systems: Modelling Adversary Effort and Supply Chain Risks

Cited by 7 publications

References 18 publications

Redundancy-based intrusion tolerance approaches moving from classical fault tolerance methods

Redundancy-based intrusion tolerance approaches moving from classical fault tolerance methods

Programming the CLEARSY Safety Platform with B

Characterizing Sets of Systems: Representation and Analysis of Across-Systems Properties

Contact Info

Product

Resources

About