Writing Secure Code
A Practical Secret Voting Scheme for Large Scale Elections
ASIACRYPT '92 Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Software Deployment, Updating, and Patching
Software Deployment, Updating, and Patching
Civitas: Toward a Secure Voting System
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
A break in the clouds: towards a cloud definition
ACM SIGCOMM Computer Communication Review
Experimental Security Analysis of a Modern Automobile
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
An architectural systems engineering methodology for addressing cyber security
Systems Engineering
ITNG '11 Proceedings of the 2011 Eighth International Conference on Information Technology: New Generations
SP 800-30. Risk Management Guide for Information Technology Systems
SP 800-30. Risk Management Guide for Information Technology Systems
Hi-index | 0.00 |
As exemplified in the 2010 Stuxnet attack on an Iranian nuclear facility, attackers have the capabilities to embed infections in equipment that is employed in nuclear power systems. In this paper, a new systems engineering focused approach for mitigating such risks is described. This approach involves the development of a security architectural formulation that integrates a set of reusable security services as an architectural solution that is an embedded component of the system to be protected. The System-Aware architectural approach embeds security components into the system to be protected. The architecture includes services that (1) collect and assess real-time security relevant measurements from the system being protected, (2) perform security analysis on those measurements, and (3) execute system security control actions as required. This architectural formulation results in a defense that is referred to as System-Aware Cyber Security. This includes (1) the integration of a diverse set of dynamically interchangeable redundant subsystems involving hardware and software components provided from multiple vendors to significantly increase the difficulty for adversaries by avoiding a monoculture environment, (2) the development of subsystems that are capable of rapidly changing their attack surface through hardware and software reconfiguration (configuration hopping) in response to perceived threats, (3) data consistency checking services (e.g., intelligent voting mechanisms) for isolating faults and permitting moving surface control actions to avoid operations in a compromised configuration, and (4) forensic analysis techniques for rapid post-attack categorization of whether a given fault is more likely the result of an infected embedded hardware or software component (i.e., cyber attack) or a natural failure. In this paper we present these key elements of the System-Aware Cyber Security architecture and show, including an application example, how they can be integrated to mitigate the risks of insider and supply chain attacks. In addition, this paper outlines an initial vision for a security analysis framework to compare alternative System-Aware security architectures. Finally, we summarize future research that is necessary to facilitate implementation across additional domains critical to the nation's interest. © 2012 Wiley Periodicals, Inc. Syst Eng © 2012 Wiley Periodicals, Inc.