SlideShare a Scribd company logo

Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems

FAST-Lab. Factory Automation Systems and Technologies Laboratory, Tampere University of Technology
FAST-Lab. Factory Automation Systems and Technologies Laboratory, Tampere University of Technology

Conference: 43rd Annual Conference of the IEEE Industrial Electronics Society (IECON2017) 29 October – 1 November, 2017 China National Convention Center, Beijing, China Title of the paper: Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems Authors: Borja ramis Ferrer, Samuel Olaiya Afolaranmi, Jose Luis Martinez Lastra

Technology
1 of 26
Download to read offline
Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems Date: October 2017 Contact Information Tampere University of Technology FAST Laboratory P.O. Box 600, FIN-33101 Tampere Finland Email: fast@tut.fi www.tut.fi/fast Conference: 43rd Annual Conference of the IEEE Industrial Electronics Society (IECON2017) 29 October – 1 November, 2017 China National Convention Center, Beijing, China Title of the paper: Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems Authors: Borja ramis Ferrer, Samuel Olaiya Afolaranmi, Jose Luis Martinez Lastra if you would like to recieve a reprint of the original paper, please contact us. 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 1
Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems Authors: Borja ramis Ferrer, Samuel Olaiya Afolaranmi, Jose Luis Martinez Lastra {borja.ramisferrer, samuel.afolaranmi, jose.lastra}@tut.fi Tampere University of Technology, FAST-Lab. 43rd Annual Conference of the IEEE Industrial Electronics Society (IECON2017) 31st October 2017, China National Convention Center, Beijing, China
Outline • Introduction • Motivation and main objective • Background • Techniques for enhancing security • The Use Case • Use Case TM & RA • Discussion • Conclusions • Further work 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 3
Introduction (1/3) • The connectivity of industrial automation domain systems has been enhanced by the employment of information and communication technologies 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 4 https://en.wikipedia.org/wiki/Industry_4.0
Introduction (2/3) • Industry is continuously moving towards the employment and exploitation of semantic technologies due to diverse enterprise needs, such as: –cross-domain interoperability, –system modeling, –categorization of information, –model validation and –data reasoning 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 5 Source: Borja Ramis Ferrer and J. L. Martinez Lastra, “Private local automation clouds built by CPS: Potential and challenges for distributed reasoning,” Adv. Eng. Inform., vol. 32, pp. 113–125, Apr. 2017.
Introduction (3/3) • New semantic-based approaches for implementing industrial systems that are: –flexible, –self-descriptive, –dynamic and –interoperable with other systems that are already deployed in the field 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 6
Motivation and main objective • There is already a great success on implementing CPS and efficient M2M and M2H interactions through semantics • However, presented solutions are not always validated in terms of security • This article suggests threat modeling and risk assessment for protecting solutions from attacks and malicious access. 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 7
Background • Distributed systems and semantics in the industry • Ontologies and the Semantic Web for industrial systems • Security of distributed automation systems 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 8
Techniques for enhancing security (1/3) • It becomes imperative to perform security assessment and analysis of DAS from the design phase • This involves the security evaluation of all the DAS components in order to: 1. Identify security issues (risk or threat), 2. specify security requirements, 3. specify (or identify) security controls and countermeasures 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 9
Techniques for enhancing security (2/3) • This research suggests the Thread Modelling (TM) and Risk Assessment (RA) • It is a process that enables effective security analysis of an application –the recognition, rating and mitigation of threats –systematic addressing of security issues • The result of the process is a threat model, which presents the security information of the application or system 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 10
Techniques for enhancing security (3/3) • Process steps: 1. System component identification 2. Component threat identification and ranking 3. Security requirements specification 4. Selection of Security Controls • The result of this process is a threat model document, which provides information about the identified threats per component together with the risks associated with each of the threats 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 11
The Use Case (1/3) 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 12 • A knowledge-based solution as a test bed for TM & RA
The Use Case (2/3) • Ontology model hosted by each device 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 13
The Use Case (3/3) • Distributing reasoning process in the knowledge-based use case 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 14
Use Case TM & RA (1/5) • System component identification – Components: User-Interface, Admin-Interface, devices with KBs, equipment (e.g., robots, conveyors and sensors) and PLCs – Entry points: HTTP, MODBUS TCP, RS232, IP – Trust Levels: Operator, Administrator, DAS components 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 15 Components Description Trust Level Entry Points Operator Interface WebUI for Operator interaction with DAS Operator HTTP Port, IP Admin Interface WebUI for Administrator interaction with DAS Administrator HTTP Port, IP Devices Stores, processes and encapsulates KBs) Administrator, Operator, DAS components HTTP Port, IP Controllers (PLCs) Processes logic for performing operations Operator, Devices MODBUS, IP TCP, RS232 Equipment Performs operations Operator, Devices RS232
Use Case TM & RA (2/5) • Component threat identification and ranking 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 16
Use Case TM & RA (3/5) • Security requirements specification – ISA-99 (Security for Industrial Automation and Control Systems) standards was used to identify these requirements – ISA-62443-1-1 specifies the foundational requirements for IACS, which are Identification & Authorization control, Use control, System Integrity, Data Confidentiality, Restricted Data Flow, Timely response to events and Resource availability – ISA-62443-4-2 further provides component requirements and guidelines needed to fulfill the foundational requirements in IACS components 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 17
Use Case TM & RA (4/5) • Selection of Security Controls –Selected security controls (1/2): 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 18 Threats Security Control Spoofing Strong Authentication, Secret data protection Tampering Integrity, Strong Authorization, Use of digital signatures, Use of Tamper-resistant protocols Repudiation Use of digital signatures, Audit and Logging Information disclosure Confidentiality, Authorization, Use of privacy-enhanced protocols, Strong Encryption, Non-storage of passwords in plain texts Denial of Service Availability, Authorization, Authentication, Validate and filter input Elevation of Privilege Authorization (Use of Access Control Lists), Use of least privilege service to run processes and access resources
Use Case TM & RA (5/5) • Selection of Security Controls –Selected security controls (2/2): 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 19 Security Requirements Security Control Identification and authentication control Multifactor authentication (for Humans and devices), Use of Strong passwords, PKI certificates and tokens, System use notification User Control Authorization enforcement, Session control, Session lock, Audit records, digital signatures and timestamps System Integrity Cryptographic integrity protection, communication link protection, input validation, session integrity Data Confidentiality Information confidentiality, use of cryptography Restricted Data Flow Network segmentation, Boundary protection Timely Response to events Audit log accessibility and continuous monitoring Resource Availability Denial of Service protection, System Backup
Discussion (1/3) • Tampering with data (1/2) 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 20
Discussion (2/3) • Tampering with data (2/2) 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 21
Discussion (3/3) • Denial of Service (DoS) attacks pose a high risk on the devices and may occur if there is a congestion of the network as a result of high amounts of requests (or queries) sent to the devices • The actual impact of this attack depends on the number of devices because it grows with smaller number of devices in the network • An effective way to guard against this attack is through authentication and authorization 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 22
Conclusions 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 23 • A knowledge-based solution is used to argue that security for developments that manage semantic descriptions should be considered at design phase • This article claims that different type of attacks to assets that are common in semantic-based solutions can be analyzed within TM and RA techniques • In order to achieve an optimal result, an expert on security should assess the probability of different attacks and the designer of the solution should value the impact
Further work 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 24 • A ”futuristic” challenge… how such techniques could be included in ontologies so that designers would use ontological models to assess automatically the probability, impact and possible threats to the system • This would reduce time and efforts in performing TM and RA assessment
24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 25 • The project leading to this paper has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement n° 644429 correspondent to the project shortly entitled MUSA, Multi- cloud Secure Applications Acknowledgement
THANK YOU! Any questions? youtube.com/user/fastlaboratory facebook.com/fast.laboratory slideshare.net/fastlaboratory twitter.com/FAST_Lab 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 26

Recommended

Security technologies
Security technologiesSecurity technologies
Security technologiesDhani Ahmad
 
02.security systems
02.security systems02.security systems
02.security systemsSri Lanka Institute of Information Technology
 
Privacy Protection in Distributed Industrial System
Privacy Protection in Distributed Industrial SystemPrivacy Protection in Distributed Industrial System
Privacy Protection in Distributed Industrial Systemiosrjce
 
Security patterns and model driven architecture
Security patterns and model driven architectureSecurity patterns and model driven architecture
Security patterns and model driven architecturebdemchak
 
Chapter006
Chapter006Chapter006
Chapter006Jeanie Delos Arcos
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models7wounders
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architectureamiable_indian
 
Internal security on an ids based on agents
Internal security on an ids based on agentsInternal security on an ids based on agents
Internal security on an ids based on agentscsandit
 

Recommended

Security technologies
Security technologiesSecurity technologies
Security technologiesDhani Ahmad
 
02.security systems
02.security systems02.security systems
02.security systemsSri Lanka Institute of Information Technology
 
Privacy Protection in Distributed Industrial System
Privacy Protection in Distributed Industrial SystemPrivacy Protection in Distributed Industrial System
Privacy Protection in Distributed Industrial Systemiosrjce
 
Security patterns and model driven architecture
Security patterns and model driven architectureSecurity patterns and model driven architecture
Security patterns and model driven architecturebdemchak
 
Chapter006
Chapter006Chapter006
Chapter006Jeanie Delos Arcos
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models7wounders
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architectureamiable_indian
 
Internal security on an ids based on agents
Internal security on an ids based on agentsInternal security on an ids based on agents
Internal security on an ids based on agentscsandit
 
Building a Product Security Practice in a DevOps World
Building a Product Security Practice in a DevOps WorldBuilding a Product Security Practice in a DevOps World
Building a Product Security Practice in a DevOps WorldArun Prabhakar
 
TESEM: A Tool for Verifying Security Design Pattern Applications
TESEM: A Tool for Verifying Security Design Pattern ApplicationsTESEM: A Tool for Verifying Security Design Pattern Applications
TESEM: A Tool for Verifying Security Design Pattern ApplicationsHironori Washizaki
 
Kb2417221726
Kb2417221726Kb2417221726
Kb2417221726IJERA Editor
 
Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture, Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture, MITDaveMillaar
 
A method for detecting abnormal program behavior on embedded devices
A method for detecting abnormal program behavior on embedded devicesA method for detecting abnormal program behavior on embedded devices
A method for detecting abnormal program behavior on embedded devicesRaja Ram
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+DesignAlfred Ouyang
 
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENTEMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENTIJNSA Journal
 
Employee trust based industrial device
Employee trust based industrial deviceEmployee trust based industrial device
Employee trust based industrial deviceIJNSA Journal
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringaizazhussain234
 
Security models
Security models Security models
Security models LJ PROJECTS
 
IRJET- 3 Juncture based Issuer Driven Pull Out System using Distributed Servers
IRJET- 3 Juncture based Issuer Driven Pull Out System using Distributed ServersIRJET- 3 Juncture based Issuer Driven Pull Out System using Distributed Servers
IRJET- 3 Juncture based Issuer Driven Pull Out System using Distributed ServersIRJET Journal
 
A BAYESIAN CLASSIFICATION ON ASSET VULNERABILITY FOR REAL TIME REDUCTION OF F...
A BAYESIAN CLASSIFICATION ON ASSET VULNERABILITY FOR REAL TIME REDUCTION OF F...A BAYESIAN CLASSIFICATION ON ASSET VULNERABILITY FOR REAL TIME REDUCTION OF F...
A BAYESIAN CLASSIFICATION ON ASSET VULNERABILITY FOR REAL TIME REDUCTION OF F...IJNSA Journal
 
Multi agents system service based platform in telecommunication security inci...
Multi agents system service based platform in telecommunication security inci...Multi agents system service based platform in telecommunication security inci...
Multi agents system service based platform in telecommunication security inci...Luxembourg Institute of Science and Technology
 
CIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCloudIDSummit
 
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...IJNSA Journal
 
INTERNAL SECURITY ON AN IDS BASED ON AGENTS
INTERNAL SECURITY ON AN IDS BASED ON AGENTSINTERNAL SECURITY ON AN IDS BASED ON AGENTS
INTERNAL SECURITY ON AN IDS BASED ON AGENTSIJNSA Journal
 
THE THREE DIMENSION-BASED PHYSICAL ACCESS CONTROL DETECTION SYSTEM, THE NATUR...
THE THREE DIMENSION-BASED PHYSICAL ACCESS CONTROL DETECTION SYSTEM, THE NATUR...THE THREE DIMENSION-BASED PHYSICAL ACCESS CONTROL DETECTION SYSTEM, THE NATUR...
THE THREE DIMENSION-BASED PHYSICAL ACCESS CONTROL DETECTION SYSTEM, THE NATUR...International Journal of Technical Research & Application
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standartnewbie2019
 
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...Shakeel Ali
 
Software Security in the Real World
Software Security in the Real WorldSoftware Security in the Real World
Software Security in the Real WorldMark Curphey
 
Cyber Tekes Safety and Security programme 2013
Cyber Tekes Safety and Security programme 2013Cyber Tekes Safety and Security programme 2013
Cyber Tekes Safety and Security programme 2013Turvallisuus2013
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxRunning Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxhealdkathaleen
 

More Related Content

What's hot

Building a Product Security Practice in a DevOps World
Building a Product Security Practice in a DevOps WorldBuilding a Product Security Practice in a DevOps World
Building a Product Security Practice in a DevOps WorldArun Prabhakar
 
TESEM: A Tool for Verifying Security Design Pattern Applications
TESEM: A Tool for Verifying Security Design Pattern ApplicationsTESEM: A Tool for Verifying Security Design Pattern Applications
TESEM: A Tool for Verifying Security Design Pattern ApplicationsHironori Washizaki
 
Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture, Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture, MITDaveMillaar
 
A method for detecting abnormal program behavior on embedded devices
A method for detecting abnormal program behavior on embedded devicesA method for detecting abnormal program behavior on embedded devices
A method for detecting abnormal program behavior on embedded devicesRaja Ram
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+DesignAlfred Ouyang
 
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENTEMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENTIJNSA Journal
 
Employee trust based industrial device
Employee trust based industrial deviceEmployee trust based industrial device
Employee trust based industrial deviceIJNSA Journal
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringaizazhussain234
 
Security models
Security models Security models
Security models LJ PROJECTS
 
IRJET- 3 Juncture based Issuer Driven Pull Out System using Distributed Servers
IRJET- 3 Juncture based Issuer Driven Pull Out System using Distributed ServersIRJET- 3 Juncture based Issuer Driven Pull Out System using Distributed Servers
IRJET- 3 Juncture based Issuer Driven Pull Out System using Distributed ServersIRJET Journal
 
A BAYESIAN CLASSIFICATION ON ASSET VULNERABILITY FOR REAL TIME REDUCTION OF F...
A BAYESIAN CLASSIFICATION ON ASSET VULNERABILITY FOR REAL TIME REDUCTION OF F...A BAYESIAN CLASSIFICATION ON ASSET VULNERABILITY FOR REAL TIME REDUCTION OF F...
A BAYESIAN CLASSIFICATION ON ASSET VULNERABILITY FOR REAL TIME REDUCTION OF F...IJNSA Journal
 
CIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCloudIDSummit
 
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...IJNSA Journal
 
INTERNAL SECURITY ON AN IDS BASED ON AGENTS
INTERNAL SECURITY ON AN IDS BASED ON AGENTSINTERNAL SECURITY ON AN IDS BASED ON AGENTS
INTERNAL SECURITY ON AN IDS BASED ON AGENTSIJNSA Journal
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standartnewbie2019
 

What's hot (18)

Building a Product Security Practice in a DevOps World
Building a Product Security Practice in a DevOps WorldBuilding a Product Security Practice in a DevOps World
Building a Product Security Practice in a DevOps World
 
TESEM: A Tool for Verifying Security Design Pattern Applications
TESEM: A Tool for Verifying Security Design Pattern ApplicationsTESEM: A Tool for Verifying Security Design Pattern Applications
TESEM: A Tool for Verifying Security Design Pattern Applications
 
Kb2417221726
Kb2417221726Kb2417221726
Kb2417221726
 
Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture, Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture,
 
A method for detecting abnormal program behavior on embedded devices
A method for detecting abnormal program behavior on embedded devicesA method for detecting abnormal program behavior on embedded devices
A method for detecting abnormal program behavior on embedded devices
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+Design
 
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENTEMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
 
Employee trust based industrial device
Employee trust based industrial deviceEmployee trust based industrial device
Employee trust based industrial device
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
 
Security models
Security models Security models
Security models
 
IRJET- 3 Juncture based Issuer Driven Pull Out System using Distributed Servers
IRJET- 3 Juncture based Issuer Driven Pull Out System using Distributed ServersIRJET- 3 Juncture based Issuer Driven Pull Out System using Distributed Servers
IRJET- 3 Juncture based Issuer Driven Pull Out System using Distributed Servers
 
A BAYESIAN CLASSIFICATION ON ASSET VULNERABILITY FOR REAL TIME REDUCTION OF F...
A BAYESIAN CLASSIFICATION ON ASSET VULNERABILITY FOR REAL TIME REDUCTION OF F...A BAYESIAN CLASSIFICATION ON ASSET VULNERABILITY FOR REAL TIME REDUCTION OF F...
A BAYESIAN CLASSIFICATION ON ASSET VULNERABILITY FOR REAL TIME REDUCTION OF F...
 
Multi agents system service based platform in telecommunication security inci...
Multi agents system service based platform in telecommunication security inci...Multi agents system service based platform in telecommunication security inci...
Multi agents system service based platform in telecommunication security inci...
 
CIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control Convergence
 
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...
 
INTERNAL SECURITY ON AN IDS BASED ON AGENTS
INTERNAL SECURITY ON AN IDS BASED ON AGENTSINTERNAL SECURITY ON AN IDS BASED ON AGENTS
INTERNAL SECURITY ON AN IDS BASED ON AGENTS
 
THE THREE DIMENSION-BASED PHYSICAL ACCESS CONTROL DETECTION SYSTEM, THE NATUR...
THE THREE DIMENSION-BASED PHYSICAL ACCESS CONTROL DETECTION SYSTEM, THE NATUR...THE THREE DIMENSION-BASED PHYSICAL ACCESS CONTROL DETECTION SYSTEM, THE NATUR...
THE THREE DIMENSION-BASED PHYSICAL ACCESS CONTROL DETECTION SYSTEM, THE NATUR...
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standart
 

Similar to Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems

Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...Shakeel Ali
 
Software Security in the Real World
Software Security in the Real WorldSoftware Security in the Real World
Software Security in the Real WorldMark Curphey
 
Cyber Tekes Safety and Security programme 2013
Cyber Tekes Safety and Security programme 2013Cyber Tekes Safety and Security programme 2013
Cyber Tekes Safety and Security programme 2013Turvallisuus2013
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxRunning Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxhealdkathaleen
 
New enterprise application and data security challenges and solutions apr 2...
New enterprise application and data security challenges and solutions apr 2...New enterprise application and data security challenges and solutions apr 2...
New enterprise application and data security challenges and solutions apr 2...Ulf Mattsson
 
G03503036044
G03503036044G03503036044
G03503036044theijes
 
Systematic Review Automation in Cyber Security
Systematic Review Automation in Cyber SecuritySystematic Review Automation in Cyber Security
Systematic Review Automation in Cyber SecurityYogeshIJTSRD
 
David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson
 
Security Introspection for Software Reuse
Security Introspection for Software ReuseSecurity Introspection for Software Reuse
Security Introspection for Software ReuseIRJET Journal
 
Witdom overview 2016
Witdom overview 2016Witdom overview 2016
Witdom overview 2016Elsa Prieto
 
A 2020 Security strategy for Health Care Providers
A 2020 Security strategy for Health Care ProvidersA 2020 Security strategy for Health Care Providers
A 2020 Security strategy for Health Care ProvidersFeisal Nanji
 
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENTEMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENTIJNSA Journal
 
Implementation of Secured Network Based Intrusion Detection System Using SVM ...
Implementation of Secured Network Based Intrusion Detection System Using SVM ...Implementation of Secured Network Based Intrusion Detection System Using SVM ...
Implementation of Secured Network Based Intrusion Detection System Using SVM ...IRJET Journal
 
TSSG Security research unit May11_zdooly
TSSG Security research unit May11_zdoolyTSSG Security research unit May11_zdooly
TSSG Security research unit May11_zdoolyzdooly
 
Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilitiesNirmal Thaliyil
 
IRJET-Analyzing user Behavior using Keystroke Dynamics
IRJET-Analyzing user Behavior using Keystroke DynamicsIRJET-Analyzing user Behavior using Keystroke Dynamics
IRJET-Analyzing user Behavior using Keystroke DynamicsIRJET Journal
 
Cyber security applied to embedded systems
Cyber security applied to embedded systemsCyber security applied to embedded systems
Cyber security applied to embedded systemsTonex
 
Dynamic Value Engineering Method Optimizing the Risk on Real Time Operating S...
Dynamic Value Engineering Method Optimizing the Risk on Real Time Operating S...Dynamic Value Engineering Method Optimizing the Risk on Real Time Operating S...
Dynamic Value Engineering Method Optimizing the Risk on Real Time Operating S...ijeei-iaes
 

Similar to Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems (20)

Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
 
Software Security in the Real World
Software Security in the Real WorldSoftware Security in the Real World
Software Security in the Real World
 
Cyber Tekes Safety and Security programme 2013
Cyber Tekes Safety and Security programme 2013Cyber Tekes Safety and Security programme 2013
Cyber Tekes Safety and Security programme 2013
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxRunning Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docx
 
New enterprise application and data security challenges and solutions apr 2...
New enterprise application and data security challenges and solutions apr 2...New enterprise application and data security challenges and solutions apr 2...
New enterprise application and data security challenges and solutions apr 2...
 
G03503036044
G03503036044G03503036044
G03503036044
 
Systematic Review Automation in Cyber Security
Systematic Review Automation in Cyber SecuritySystematic Review Automation in Cyber Security
Systematic Review Automation in Cyber Security
 
David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016
 
Security Introspection for Software Reuse
Security Introspection for Software ReuseSecurity Introspection for Software Reuse
Security Introspection for Software Reuse
 
Witdom overview 2016
Witdom overview 2016Witdom overview 2016
Witdom overview 2016
 
A 2020 Security strategy for Health Care Providers
A 2020 Security strategy for Health Care ProvidersA 2020 Security strategy for Health Care Providers
A 2020 Security strategy for Health Care Providers
 
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENTEMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
 
Implementation of Secured Network Based Intrusion Detection System Using SVM ...
Implementation of Secured Network Based Intrusion Detection System Using SVM ...Implementation of Secured Network Based Intrusion Detection System Using SVM ...
Implementation of Secured Network Based Intrusion Detection System Using SVM ...
 
Only Abstract
Only AbstractOnly Abstract
Only Abstract
 
TSSG Security research unit May11_zdooly
TSSG Security research unit May11_zdoolyTSSG Security research unit May11_zdooly
TSSG Security research unit May11_zdooly
 
Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilities
 
IRJET-Analyzing user Behavior using Keystroke Dynamics
IRJET-Analyzing user Behavior using Keystroke DynamicsIRJET-Analyzing user Behavior using Keystroke Dynamics
IRJET-Analyzing user Behavior using Keystroke Dynamics
 
Cyber security applied to embedded systems
Cyber security applied to embedded systemsCyber security applied to embedded systems
Cyber security applied to embedded systems
 
F017223742
F017223742F017223742
F017223742
 
Dynamic Value Engineering Method Optimizing the Risk on Real Time Operating S...
Dynamic Value Engineering Method Optimizing the Risk on Real Time Operating S...Dynamic Value Engineering Method Optimizing the Risk on Real Time Operating S...
Dynamic Value Engineering Method Optimizing the Risk on Real Time Operating S...
 

Recently uploaded

[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 

Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems

  • 1. Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems Date: October 2017 Contact Information Tampere University of Technology FAST Laboratory P.O. Box 600, FIN-33101 Tampere Finland Email: fast@tut.fi www.tut.fi/fast Conference: 43rd Annual Conference of the IEEE Industrial Electronics Society (IECON2017) 29 October – 1 November, 2017 China National Convention Center, Beijing, China Title of the paper: Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems Authors: Borja ramis Ferrer, Samuel Olaiya Afolaranmi, Jose Luis Martinez Lastra if you would like to recieve a reprint of the original paper, please contact us. 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 1
  • 2. Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems Authors: Borja ramis Ferrer, Samuel Olaiya Afolaranmi, Jose Luis Martinez Lastra {borja.ramisferrer, samuel.afolaranmi, jose.lastra}@tut.fi Tampere University of Technology, FAST-Lab. 43rd Annual Conference of the IEEE Industrial Electronics Society (IECON2017) 31st October 2017, China National Convention Center, Beijing, China
  • 3. Outline • Introduction • Motivation and main objective • Background • Techniques for enhancing security • The Use Case • Use Case TM & RA • Discussion • Conclusions • Further work 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 3
  • 4. Introduction (1/3) • The connectivity of industrial automation domain systems has been enhanced by the employment of information and communication technologies 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 4 https://en.wikipedia.org/wiki/Industry_4.0
  • 5. Introduction (2/3) • Industry is continuously moving towards the employment and exploitation of semantic technologies due to diverse enterprise needs, such as: –cross-domain interoperability, –system modeling, –categorization of information, –model validation and –data reasoning 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 5 Source: Borja Ramis Ferrer and J. L. Martinez Lastra, “Private local automation clouds built by CPS: Potential and challenges for distributed reasoning,” Adv. Eng. Inform., vol. 32, pp. 113–125, Apr. 2017.
  • 6. Introduction (3/3) • New semantic-based approaches for implementing industrial systems that are: –flexible, –self-descriptive, –dynamic and –interoperable with other systems that are already deployed in the field 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 6
  • 7. Motivation and main objective • There is already a great success on implementing CPS and efficient M2M and M2H interactions through semantics • However, presented solutions are not always validated in terms of security • This article suggests threat modeling and risk assessment for protecting solutions from attacks and malicious access. 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 7
  • 8. Background • Distributed systems and semantics in the industry • Ontologies and the Semantic Web for industrial systems • Security of distributed automation systems 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 8
  • 9. Techniques for enhancing security (1/3) • It becomes imperative to perform security assessment and analysis of DAS from the design phase • This involves the security evaluation of all the DAS components in order to: 1. Identify security issues (risk or threat), 2. specify security requirements, 3. specify (or identify) security controls and countermeasures 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 9
  • 10. Techniques for enhancing security (2/3) • This research suggests the Thread Modelling (TM) and Risk Assessment (RA) • It is a process that enables effective security analysis of an application –the recognition, rating and mitigation of threats –systematic addressing of security issues • The result of the process is a threat model, which presents the security information of the application or system 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 10
  • 11. Techniques for enhancing security (3/3) • Process steps: 1. System component identification 2. Component threat identification and ranking 3. Security requirements specification 4. Selection of Security Controls • The result of this process is a threat model document, which provides information about the identified threats per component together with the risks associated with each of the threats 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 11
  • 12. The Use Case (1/3) 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 12 • A knowledge-based solution as a test bed for TM & RA
  • 13. The Use Case (2/3) • Ontology model hosted by each device 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 13
  • 14. The Use Case (3/3) • Distributing reasoning process in the knowledge-based use case 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 14
  • 15. Use Case TM & RA (1/5) • System component identification – Components: User-Interface, Admin-Interface, devices with KBs, equipment (e.g., robots, conveyors and sensors) and PLCs – Entry points: HTTP, MODBUS TCP, RS232, IP – Trust Levels: Operator, Administrator, DAS components 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 15 Components Description Trust Level Entry Points Operator Interface WebUI for Operator interaction with DAS Operator HTTP Port, IP Admin Interface WebUI for Administrator interaction with DAS Administrator HTTP Port, IP Devices Stores, processes and encapsulates KBs) Administrator, Operator, DAS components HTTP Port, IP Controllers (PLCs) Processes logic for performing operations Operator, Devices MODBUS, IP TCP, RS232 Equipment Performs operations Operator, Devices RS232
  • 16. Use Case TM & RA (2/5) • Component threat identification and ranking 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 16
  • 17. Use Case TM & RA (3/5) • Security requirements specification – ISA-99 (Security for Industrial Automation and Control Systems) standards was used to identify these requirements – ISA-62443-1-1 specifies the foundational requirements for IACS, which are Identification & Authorization control, Use control, System Integrity, Data Confidentiality, Restricted Data Flow, Timely response to events and Resource availability – ISA-62443-4-2 further provides component requirements and guidelines needed to fulfill the foundational requirements in IACS components 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 17
  • 18. Use Case TM & RA (4/5) • Selection of Security Controls –Selected security controls (1/2): 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 18 Threats Security Control Spoofing Strong Authentication, Secret data protection Tampering Integrity, Strong Authorization, Use of digital signatures, Use of Tamper-resistant protocols Repudiation Use of digital signatures, Audit and Logging Information disclosure Confidentiality, Authorization, Use of privacy-enhanced protocols, Strong Encryption, Non-storage of passwords in plain texts Denial of Service Availability, Authorization, Authentication, Validate and filter input Elevation of Privilege Authorization (Use of Access Control Lists), Use of least privilege service to run processes and access resources
  • 19. Use Case TM & RA (5/5) • Selection of Security Controls –Selected security controls (2/2): 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 19 Security Requirements Security Control Identification and authentication control Multifactor authentication (for Humans and devices), Use of Strong passwords, PKI certificates and tokens, System use notification User Control Authorization enforcement, Session control, Session lock, Audit records, digital signatures and timestamps System Integrity Cryptographic integrity protection, communication link protection, input validation, session integrity Data Confidentiality Information confidentiality, use of cryptography Restricted Data Flow Network segmentation, Boundary protection Timely Response to events Audit log accessibility and continuous monitoring Resource Availability Denial of Service protection, System Backup
  • 20. Discussion (1/3) • Tampering with data (1/2) 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 20
  • 21. Discussion (2/3) • Tampering with data (2/2) 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 21
  • 22. Discussion (3/3) • Denial of Service (DoS) attacks pose a high risk on the devices and may occur if there is a congestion of the network as a result of high amounts of requests (or queries) sent to the devices • The actual impact of this attack depends on the number of devices because it grows with smaller number of devices in the network • An effective way to guard against this attack is through authentication and authorization 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 22
  • 23. Conclusions 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 23 • A knowledge-based solution is used to argue that security for developments that manage semantic descriptions should be considered at design phase • This article claims that different type of attacks to assets that are common in semantic-based solutions can be analyzed within TM and RA techniques • In order to achieve an optimal result, an expert on security should assess the probability of different attacks and the designer of the solution should value the impact
  • 24. Further work 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 24 • A ”futuristic” challenge… how such techniques could be included in ontologies so that designers would use ontological models to assess automatically the probability, impact and possible threats to the system • This would reduce time and efforts in performing TM and RA assessment
  • 25. 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 25 • The project leading to this paper has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement n° 644429 correspondent to the project shortly entitled MUSA, Multi- cloud Secure Applications Acknowledgement
  • 26. THANK YOU! Any questions? youtube.com/user/fastlaboratory facebook.com/fast.laboratory slideshare.net/fastlaboratory twitter.com/FAST_Lab 24.10.2017 Principles and risk assessment of managing distributed ontologies hosted by embedded devices for controlling industrial systems 26