Computer security aspects in


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Computer security aspects in

  1. 1. Computer Security Aspects inIndustrial Instrumentation and Measurements<br />Vishnu <br />S7 CS<br />Roll no 30<br />1<br />
  2. 2. INTRODUCTION<br />Industrial Control Systems (ICS), formerly isolated proprietary systems.<br />Now they are giving place to highly-connected systems.<br />Implemented using widespread operating systems and network protocols in public networks.<br />It also opens the door to security <br />threats.<br />2<br />
  3. 3. This seminar presents the main concepts of security in conventional computing systems, <br />Discusses their mapping on dependability aspects of ICS, <br />And exposes some considerations about security aspects of a standard-based control board typically used in industrial applications.<br />3<br />
  4. 4. BASIC CONCEPTS<br />Security properties:<br /><ul><li>Confidentiality
  5. 5. Integrity
  6. 6. Availability</li></ul>Security Threats<br /><ul><li>Threat to confidentiality
  7. 7. Threat to integrity
  8. 8. Threat to availability
  9. 9. Security principles</li></ul>4<br />
  10. 10. Security principles<br />Minimum privilege<br />Complete mediation<br />Secure default<br />Mechanism economy<br />Minimum sharing<br />5<br />
  11. 11. (Cont…)<br />Open project<br />Adequate protection<br />Ease of use<br />Efficiency<br />Weakest link<br />6<br />
  12. 12. Security Vulnerabilities<br />Examples:<br /><ul><li>an error in the implementation of a file sharing service that allows unauthorized users to access files remotely from a computer.
  13. 13. a user account without password, or with a factory default password, allowing unauthorized users to access the system.
  14. 14. empty disk quotas, allowing a user to fill the entire disk and thus to prevent other users to use the system.</li></ul>7<br />
  15. 15. Attacks<br />Interruption<br />Interception<br />Modification<br />Fabrication<br />Security infrastructure<br />Authentication<br />Access control<br />Auditing<br />8<br />
  16. 16. SECURITY ASPECTS IN INDUSTRIAL CONTROL SYSTEMS<br />In industrial processes, many kinds of ICS are used as, for example, <br />Supervisory Control and Data Acquisition (SCADA) systems,<br />Distributed Control Systems (DCS),<br />Programmable Logic Controllers (PLC)<br />9<br />
  17. 17. The following incidents on ICS are possible:<br />Corrupted information may be sent to the system operators.<br />Delay of information flow through the ICS network.<br />Instruction, command, and code corruption, or similar integrity problems.<br />Unwanted and not managed change in ICS software configuration, settings, and operational parameters.<br />10<br />
  18. 18. ICS software infected with malware, opening doors for several kinds of active or passive security problems.<br />Malicious actions may have an impact on the system output.<br />Attacks may even have dramatic consequences on the system safety.<br />11<br />
  19. 19. Many approaches are conceivable to overcome the aforementioned incidents:<br />A network architecture which includes firewalls<br />Separate authentication mechanisms and credentials for users in the corporate and ICS networks, as dictated by the minimum privilege and the adequate protection principles.<br />12<br />
  20. 20. Using a network topology with multiple layers.<br />Restricting physical access to the ICS network and related devices.<br />Protecting individual ICS components from exploitation.<br />In case of adverse security conditions the system should be able to maintain the correct functionality or to drive itself back to a secure condition.<br />A consideration is here mandatory: incidents are often inevitable.<br />13<br />
  21. 21. wireless networks are becoming a reality in distributed measurement and control systems.<br />physical access to a wireless network is much easier. Due to this, wireless networks are more vulnerable to confidentiality risks,Integrity risks, Availability risks.<br />14<br />
  22. 22. CONCLUSION<br />As industrial instrumentation and measurement systems evolve, they aggregate more sophisticate software, both applications and operating systems. <br />Security threats traditionally present only in corporate/personal computing now represent a real menace for such systems. <br />In this seminar, a parallel between conventional computer security concepts and industrial systems’ dependability have been presented.<br />15<br />
  23. 23. THANKYOU<br />16<br />