CPSC 875 John D. McGregor Security-2. A medical platform.

Slides:



Advertisements
Similar presentations
Technology Drivers Traditional HPC application drivers – OS noise, resource monitoring and management, memory footprint – Complexity of resources to be.
Advertisements

1 Integration Testing CS 4311 I. Burnstein. Practical Software Testing, Springer-Verlag, 2003.
Chapter 6 Security Kernels.
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
Introduction to Operating Systems CS-2301 B-term Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.
Informatics 43 – May 7, Restatement of Goals for Testing Want to verify software’s correctness  Need to test  Need to decide on test cases  No.
Term Project Teams of ~3 students Pick a system (discuss choice with me)  Want simple functionality, security issues, whole system (e. g., client and.
Chapter 1 Software Development. Copyright © 2005 Pearson Addison-Wesley. All rights reserved. 1-2 Chapter Objectives Discuss the goals of software development.
Information Systems Security Security Architecture Domain #5.
©Ian Sommerville 2006Critical Systems Slide 1 Critical Systems Engineering l Processes and techniques for developing critical systems.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 2 Slide 1 Systems engineering 1.
Software System Integration
Group 5 Alain J. Percial Paula A. Ortiz Francis X. Ruiz.
Chapter 13 & 14 Software Testing Strategies and Techniques
CPSC 872 John D. McGregor Session 12 Software Design, cont’d.
Secure Software Development SW Penetration Testing Chapter 6 Rasool Jalili & M.S. Dousti Dept. of Computer Engineering Fall 2010.
Standards John D. McGregor. But first… SECIE-Safety-in-Software-and-Human- Intensive-Systems-Leveson-brief.pdf.
UNIX System Administration OS Kernal Copyright 2002, Dr. Ken Hoganson All rights reserved. OS Kernel Concept Kernel or MicroKernel Concept: An OS architecture-design.
Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.
CPSC 873 John D. McGregor Session 1 Introduction.
1 Software testing. 2 Testing Objectives Testing is a process of executing a program with the intent of finding an error. A good test case is in that.
SOFTWARE DESIGN AND ARCHITECTURE LECTURE 07. Review Architectural Representation – Using UML – Using ADL.
Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.
System Test Methods TESTTEME The Test Challenge Bottom Up Testing Strategy Integration Test System Test Types of Testing Unit Test = Code-based Testing.
Software Architectural Styles Andrew Midwinter, Mark Mullen, Kevin Wong, Matt Jones 1.
CPSC 871 John D. McGregor M9S1 Next Steps. Challenges Relating Requirements and Architectures Moving to Evidence-based Practice Engineering Scalability.
CPSC 871 John D. McGregor Module 2 Session 4 CMMI & assignment.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 3.
AP Computer Science Programming Conventions. Why coding conventions? 80% of the lifetime cost of a piece of software goes to maintenance. Hardly any.
Service Oriented Architecture CCT355H5 Professor Michael Jones Suezan Makkar.
CPSC 372 John D. McGregor Module 3 Session 1 Architecture.
John D. McGregor Class 4 – Initial decomposition
Effort.vs. Software Product “Quality” Effort Product “Quality” Which curve? - linear? - logarithmic? - exponential?
© 2001 Objective Interface Systems, Inc. Common Expressions/Languages for Protection Profiles Bill Beckwith Objective Interface Systems,
Class Welcome Seminars – Monday 12:00 – 1:00PM EST Seminars not every week. Verify with syllabus Weeks 1, 5, & 9 Class Organization –Seminar Alternate.
Graciela Saunders.  Introduction / Review  Challenges to Embedded Security  Approaches to Embedded Security  Security Analysis & Attack Taxonomy 
CPSC 873 John D. McGregor Session 9 Testing Vocabulary.
CPSC 875 John D. McGregor C15 – Variation in architecture.
Fall 2015CISC/CMPE320 - Prof. McLeod1 CISC/CMPE320 Lecture Videos will no longer be posted. Assignment 3 is due Sunday, the 8 th, 7pm. Today: –System Design,
Threaded Programming Lecture 1: Concepts. 2 Overview Shared memory systems Basic Concepts in Threaded Programming.
CPSC 871 John D. McGregor Module 8 Session 3 Assignment.
On Hierarchical Design of Computer Systems for Critical Applications Peter Gabriel Neumann Presented by Bo Cui.
Object-Oriented Design Concepts University of Sunderland.
CPSC 875 John D. McGregor Feedback Control Loop architecture Class 6.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
CPSC 875 John D. McGregor Quality Attribute Design.
Course Book Course Objective - The student will be able to describe various operating system concepts as they are applied to memory, process, file system.
1 Security Architecture and Designs  Security Architecture Description and benefits  Definition of Trusted Computing Base (TCB)  System level and Enterprise.
A Brief Introduction to Architectural Modeling Using AADL and Collaborative, Adaptive Cruise Control John D. McGregor Roselane S. Silva.
CPSC 875 John D. McGregor C8 - Tactics. Everything is a plugin.
The Software Lifecycle Stuart Faulk. Definition Software Life Cycle: evolution of a software development effort from concept to retirement Life Cycle.
CPSC 875 John D. McGregor Wrap-up. Ultimate goal Encapsulate uncertainty, risk, and change We analyze and measure to determine where to form modules.
John D. McGregor C10 – Error architecture
Methodologies and Algorithms
John Backes, Rockwell Collins Dan DaCosta, Rockwell Collins
Chapter ? Quality Assessment
John D. McGregor Session 5 Domain Analysis, cont’d
Chapter 13 & 14 Software Testing Strategies and Techniques
John D. McGregor Session 9 Testing Vocabulary
Chapter 4: Switched Networks
John D. McGregor C8 - Tactics
John D. McGregor Session 9 Testing Vocabulary
Design Model Like a Pyramid Component Level Design i n t e r f a c d s
How to Mitigate the Consequences What are the Countermeasures?
Chapter 10 – Software Testing
John D. McGregor Design Concept C5
Wide Area Workload Management Work Package DATAGRID project
John Backes, Rockwell Collins Dan DaCosta, Rockwell Collins
John D. McGregor C15 – Variation in architecture
Chapter 13 & 14 Software Testing Strategies and Techniques 1 Software Engineering: A Practitioner’s Approach, 6th edition by Roger S. Pressman.
Presentation transcript:

CPSC 875 John D. McGregor Security-2

A medical platform

System boundaries

Integrated Clinical Environment

Actual architecture

Different view

Threads

Producer/Consumer with directory

In the context of Quality attributes must be understood in the context of its use It is not realistic to expect the same depth of analysis in financial software as in aircraft navigation

With respect to Even within the same context the quality attribute value may vary from one part of the architecture to another For example a piece of software may be secure with respect to one type of attack but not with respect to another Risk and cost are used to factors in deciding the breadth of the verification

As complexity goes up As complexity goes up so does the probability of a vulnerability being inserted Security is a system property but has to be addressed at the module level before the complexity gets too great

Security system hierarchy

NEAT criteria Non-bypassable—security functions cannot be circumvented. Evaluatable—the size and complexity of the security functions allow them to be verified and evaluated. Always invoked—security functions are invoked each and every time without exceptions. The reference monitor concept can be used by the system architecture to enforce this for critical applications. Tamperproof—subversive code cannot alter the function of the security functions by exhausting resources, overrunning buffers, or other forms of making the security software fail.

Multiple Independent Levels of Security (MILS) architecture

Levels of security SLS—Single-Level Secure component; only processes data at one security level MSLS—Multiple Single-Level Secure component; processes data at multiple levels, but maintains separations between classes of data MLS—Multi-Level Secure component; processes data at multiple levels simultaneously

Security policies Data isolation – data is local to a partition Control of information flow – the source of information from one partition to another is authenticated Periods processing – no leaking of information from CPU to outside Fault isolation – no propagation into another partition

Hierarchical control structure Vehicle speed and acceleration CACC (controller) Driver (controller) actuators sensors Hazard (Hit vehicle) Ramussen Model Human Mental Model STPA Model Distractions Weather conditions

Multiple system boundaries Vehicle speed and acceleration CACC (controller) Driver (controller) actuators sensors Hazard (Hit vehicle)

content/uploads/2015/03/2015-Procter- Using-STPA-for-RM-in-Interoperable-Medical- Systems.pdf

Here’s what you are going to do… Put everything together in one neat package. Fix it up based on in-class discussions. There have been 11 assignments at 1 point a piece. This final turn in will count 14 points. Submit zip via usual route plus mail an additional copy to Submit by Wednesday, April22 at 11:59pm.

Feedback/control loop Vehicle speed and acceleration CACC (controller) Driver (controller) actuators sensors Hazard (Hit vehicle)

Message Bus

Service Oriented Architecture

N-tier architecture

Event-driven

Blackboard

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.