Presentation is loading. Please wait.

Presentation is loading. Please wait.

IoTSec Taxonomy Proposal

Published bySofija Novak Modified over 5 years ago

Similar presentations

Presentation on theme: "IoTSec Taxonomy Proposal"— Presentation transcript:

1 IoTSec Taxonomy Proposal
Consortium meeting 11. October 2018 Rune Winther Øivind Berg Multiconsult Senior Researcher Energy Economics

2 Topics Background and goal Considerations Causes vs. consequences
About the proposal Practical issues The proposal

3 Background and goal We want to establish a trust case (explicit argument) for security, privacy and dependability in smart grids The starting point is the claim “Smart grid is adequately secure, private and dependable (SPD)” A convincing trust case requires a precise understanding of this claim Thus, we need a taxonomy for SPD, specifically suitable for building trust cases

4 Considerations No ambition to establish a «globally» accepted taxonomy
Focus is on our needs to formulate a precise claim in the trust case Should, as far as possible, be based on existing taxonomies «Pick and choose» The taxonomy must cover all of SPD, but also be usable for each of S, P and D separately Essential that the structure directly supports the construction of trust cases

5 Causes vs consequences
The difference between safety and security can be described as: Security: The effect the world has on a system Safety: The effect a system has on the world From the perspective of the system, this means that: Security is about causes Safety is about consequences When establishing the taxonomy we need to be conscious about whether we characterize causes, consequences, or both

6 Security – Can go both ways…
Security defined by the CIA triad Loss of confidentiality, integrity and availability can be interpreted as primarily being characterizations of consequences Security defined as “protection against threats” Focus is primarily on causes Neither is more correct, but we need to be consistent, and ensure that terms are understood in the same way by all stakeholders

7 About the taxonomy proposal
Primarily focused on characterizing consequences Sort of… Typically the loss of some characteristic Top-level claim will often be about the absence of negative effects Primarily based on Laprie et.al, “dependable and secure” PIPS-project Stallings, W. Cryptography and network security: principles and practice 

8 Practical issues Since the taxonomy is focused on consequences, we need to ensure that all relevant causes are included in the trust cases Whether unwanted events are intentional or unintentional should be explicitly addressed in the trust case Should we extend the taxonomy to address both causes and consequences? Confidentiality is in the taxonomy only associated with security, but is usually also part of dependability

9 The proposal - Overview

10 The taxonomy – Definitions - Security
Confidentiality The absence of unauthorized disclosure of information. Integrity (security) Absence of unauthorized system alterations. Note: Unauthorized system alterations can be internal or external, as well as intentional or unintentional. Availability (security) Availability for authorized actions only. Authenticity The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. This means verifying that users are who they say they are and that each input arriving at the system came from a trusted source. Accountability The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action. Because truly secure systems are not yet an achievable goal, we must keep records of their activities to permit later forensic analysis to trace security breaches or to aid in transaction disputes.

11 The taxonomy – Definitions - Privacy
Controlled collection The individual has control on what, and how, personal information is collected. Controlled processing The individual has control on how, and for what purpose, personal information is used. Controlled dissemination The individual has control on what, and how, personal information is disseminated. Invasion prevention Protection against disturbance/intrusion of an individual’s solitude or seclusion

12 The taxonomy – Definitions - Dependability
Availability (dependability) Readiness for correct service. Reliability Continuity of correct service. Safety Absence of catastrophic consequences on the user(s) and the environment. Integrity (dependability) For safety: The probability of a safety-related system satisfactorily performing the required safety functions under all the stated conditions within a stated period of time. General: Absence of improper system alterations. Maintainability Ability to undergo modifications and repairs.

Download ppt "IoTSec Taxonomy Proposal"

Similar presentations

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.

IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
Chapter 1 – Introduction

Chapter 1 – Introduction
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.

Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering.
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
C OMPUTER S ECURITY C ONCEPTS By: Qubilah D’souza 411109 TE computer.

C OMPUTER S ECURITY C ONCEPTS By: Qubilah D’souza TE computer.
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.

Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.
Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.

Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.
1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]

1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]
Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus - 2007.

Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus
Cryptography and Network Security

Cryptography and Network Security

Similar presentations

Ads by Google