Safe and Secure Cyber-Physical Systems and Internet-of-Things Systems (eBook)
X, 91 Seiten
Springer International Publishing (Verlag)
978-3-030-25808-5 (ISBN)
?This book provides the first comprehensive view of safe and secure CPS and IoT systems. The authors address in a unified manner both safety (physical safety of operating equipment and devices) and computer security (correct and sound information), which are traditionally separate topics, practiced by very different people.
- Offers readers a unified view of safety and security, from basic concepts through research challenges;
- Provides a detailed comparison of safety and security methodologies;
- Describes a comprehensive threat model including attacks, design errors, and faults;
- Identifies important commonalities and differences in safety and security engineering.
Dimitrios Serpanos holds a PhD in Computer Science from Princeton University since 1990. He received his Engineering Degree in Computer Engineering & Informatics from the University of Patras in 1985 and his MA in Computer Science from Princeton University in 1988. Between 1990 and 1996 he was a Research Staff Member (RSM) at IBM Research, T.J. Watson Research Center working in the area of systems architecture for high bandwidth systems. Between 1996 and 2000 he was faculty member at the University of Crete (Computer Science) and a researcher at ICS-FORTH. Since 2000 he has been a professor at the University of Patras, Dept. of Electrical & Computer Engineering, working in the area of computer architecture, embedded and cyber-physical systems with emphasis on cybersecurity, industrial systems, and network and multimedia systems. He is the Director of the Industrial Systems Institute/ATHENA, where he served as Director also during 2008-2013. He has served as President of the University of Western Greece. He has been working on computer architecture, embedded systems, and cybersecurity for more than 25 years, with special emphasis on building real systems and prototypes that are tested in the lab or in the field.
Marilyn Wolf received her bachelor's, master's, and doctoral degrees in electrical engineering from Stanford University in 1980, 1981, and 1984, respectively. She was with AT&T Bell Laboratories in Murray Hill, N.J. from 1984 to 1989 and was with Princeton University from 1989 until 2007. In 2007, Dr. Wolf joined Georgia Tech as the Rhesa 'Ray' S. Farmer, Jr. Distinguished Chair in Embedded Computing Systems and Georgia Research Alliance Eminent Scholar. Her research interests include embedded computing, cyber-physical and IoT systems, and embedded computer vision. She has received the IEEE Computer Society Goode Memorial Award, the ASEE Terman Award, and IEEE Circuits and Systems Society Education Award.
Preface 6
Contents 7
Chapter 1: The Safety and Security Landscape 9
1.1 Introduction 9
1.2 Case Studies 10
1.2.1 Cyber-Physical Systems Are Shockingly Easy to Attack 11
1.2.2 Cyber-Physical Systems Can Kill People 11
1.2.3 Cyber-Physical System Disruptions Require Extensive and Lengthy Repairs 12
1.2.4 Patch and Pray Considered Harmful 13
1.2.5 Folk Wisdom Is Untrustworthy 13
1.2.6 The IT/OT Boundary Is Soft 14
1.2.7 Design Processes Cannot Be Trusted 14
1.2.8 The V Model Is Inadequate 15
1.2.9 Privacy Is a Critical Requirement 15
1.3 Chapters in This Book 15
1.4 Summary 16
References 16
Chapter 2: Safety and Security Design Processes 19
2.1 Introduction 19
2.2 Risk Management 19
2.3 Fault Models and Hazard Analysis 21
2.4 Attack Models and Attack Analysis 25
2.5 Standards and Certification 27
2.6 Quality Management Systems 29
2.7 Safety Design Processes 30
2.8 Security Design Processes 33
2.9 Comparison and Contrast of Safety and Security Design Processes 37
References 39
Chapter 3: Threats and Threat Analysis 42
3.1 Introduction 42
3.2 Vulnerabilities, Hazards, and Threats 43
3.3 Compound Threats 43
3.4 Threat Analysis Models 44
3.5 Characteristics of Vulnerabilities and Threats 47
3.5.1 Improper Authorization Threats 48
3.5.2 Authorization Domains 49
3.5.3 Software Safety Threats 49
3.6 Iterative Threat Analysis Methodology 49
3.7 Threat Mitigation 50
3.7.1 Pre-deployment 51
3.7.2 Post-deployment 51
3.8 Summary 52
References 52
Chapter 4: Architectures 53
4.1 Introduction 53
4.2 Processor Security 53
4.2.1 Root-of-Trust 54
4.2.2 Side Channel Attacks 54
4.3 Model-Based Design 54
4.4 Architectural Threat Modeling 55
4.4.1 Attack Model 56
4.4.2 Example Attacks and Mitigations 59
4.5 Service-Oriented Architectures 60
4.6 Summary 62
References 62
Chapter 5: Security Testing and Run-Time Monitoring 64
5.1 Introduction 64
5.2 Security Testing 65
5.3 Fuzz Testing for Security 66
5.4 Fuzzing Industrial Control Network Systems 68
5.5 A Modbus TCP Fuzzer 69
5.6 Run-Time Monitoring 71
5.7 The ARMET Approach 72
References 74
Chapter 6: False Data Injection Attacks 78
6.1 Introduction 78
6.2 Vulnerability Analysis 79
6.3 Dynamic Monitoring 83
References 87
Index 89
| Erscheint lt. Verlag | 24.9.2019 |
|---|---|
| Zusatzinfo | X, 91 p. 23 illus., 16 illus. in color. |
| Sprache | englisch |
| Themenwelt | Mathematik / Informatik ► Informatik |
| Technik ► Elektrotechnik / Energietechnik | |
| Technik ► Nachrichtentechnik | |
| Schlagworte | Big data and IoT • IoT cloud integration • IoT low power design • IoT network security • Security and Privacy in Internet of Things |
| ISBN-10 | 3-030-25808-4 / 3030258084 |
| ISBN-13 | 978-3-030-25808-5 / 9783030258085 |
| Haben Sie eine Frage zum Produkt? |
PDF (Wasserzeichen)Größe: 2,4 MB
DRM: Digitales Wasserzeichen
Dieses eBook enthält ein digitales Wasserzeichen und ist damit für Sie personalisiert. Bei einer missbräuchlichen Weitergabe des eBooks an Dritte ist eine Rückverfolgung an die Quelle möglich.
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen dafür einen PDF-Viewer - z.B. den Adobe Reader oder Adobe Digital Editions.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen dafür einen PDF-Viewer - z.B. die kostenlose Adobe Digital Editions-App.
Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
