This document describes a threat analysis tool called cp/TARA that was originally developed under a Japanese government research project on automotive cybersecurity. cp/TARA provides a common platform to integrate various threat analysis methods and risk assessment criteria using models. It supports threat analysis and risk assessment based on attack trees. cp/TARA models security features using extended SysML diagrams and can identify assets, attack surfaces, threats and derive security requirements to analyze threats in an automotive system.
This is the presentation slides on the paper "Safe & Sec Case Patterns" at ASSURE 2015. This research investigate how to integrate safety and security from process patterns and show an integrated assurance case for both.
Verification of IVI Over-The-Air using UML/OCLSeungjoo Kim
Verification of IVI Over-The-Air using UML/OCL @ ICCC 2019 (International Common Criteria Conference), which is a major conference for the community of experts involved in security evaluation
Assurance-Level Driven Method for Integrating Security into SDLC ProcessSeungjoo Kim
Sooyoung Kang, Seungyeon Jeong, and Seungjoo Kim, "Assurance-Level Driven Method for Integrating Security into SDLC Process”, Proc. of The 18th CCUF Workshop 2020, The 18th Common Criteria Users Forum Workshop, Virtual (online) Conference, November 12, 2020.
Information Technology Security Techniques Evaluation Criteria For It Secrit...Vishnu Kesarwani
This document describes Part 3 of ISO/IEC 15408 (Common Criteria), which defines security assurance requirements. It establishes evaluation criteria for Protection Profiles and Security Targets, and presents Evaluation Assurance Levels (EALs) from EAL1 to EAL7 that define the ISO/IEC 15408 assurance scale. The document outlines the objectives, components, and increasing assurance provided at each EAL. The goal is to provide consumers, developers and evaluators a standard way to express and evaluate assurance requirements for IT systems and products.
This is the presentation slides on the paper "Safe & Sec Case Patterns" at ASSURE 2015. This research investigate how to integrate safety and security from process patterns and show an integrated assurance case for both.
Verification of IVI Over-The-Air using UML/OCLSeungjoo Kim
Verification of IVI Over-The-Air using UML/OCL @ ICCC 2019 (International Common Criteria Conference), which is a major conference for the community of experts involved in security evaluation
Assurance-Level Driven Method for Integrating Security into SDLC ProcessSeungjoo Kim
Sooyoung Kang, Seungyeon Jeong, and Seungjoo Kim, "Assurance-Level Driven Method for Integrating Security into SDLC Process”, Proc. of The 18th CCUF Workshop 2020, The 18th Common Criteria Users Forum Workshop, Virtual (online) Conference, November 12, 2020.
Information Technology Security Techniques Evaluation Criteria For It Secrit...Vishnu Kesarwani
This document describes Part 3 of ISO/IEC 15408 (Common Criteria), which defines security assurance requirements. It establishes evaluation criteria for Protection Profiles and Security Targets, and presents Evaluation Assurance Levels (EALs) from EAL1 to EAL7 that define the ISO/IEC 15408 assurance scale. The document outlines the objectives, components, and increasing assurance provided at each EAL. The goal is to provide consumers, developers and evaluators a standard way to express and evaluate assurance requirements for IT systems and products.
Application of theorem proving for safety-critical vehicle softwareAdaCore
The document discusses applying formal verification techniques like theorem proving to automotive software for safety-critical functions. It provides background on software safety requirements and discusses fault avoidance versus fault tolerance approaches. The document then presents a case study where theorem proving is used to verify a software function for autonomous vehicle control. It explains the process of breaking the software into portions and verifying each portion using logical proofs of pre and post conditions. The document highlights benefits of theorem proving over testing in providing a logical proof that software is bug-free, but also notes limitations like not verifying timing behavior.
This document discusses the Common Criteria standard for information technology security evaluation (SNI ISO/IEC 15408). It provides an overview of the speaker's background and experience in information security standards. It then explains the Common Criteria standard, including the different parts that make up the ISO 15408 series (functional requirements, assurance requirements, etc.). It also discusses other related standards that could be included in Indonesia's national standards, such as frameworks for assurance and evaluation methodology.
Securing the Future of Safety and Security of Embedded SoftwareAdaCore
Daniel Rohrer, VP of Software Product Security at NVIDIA, discussed NVIDIA's journey to adopting the SPARK subset of the Ada programming language and the AdaCore tooling for improving software security and safety. NVIDIA was motivated by increasing complexity of systems, criticality of failures, and limitations of existing techniques. They selected SPARK and AdaCore due to the decidable nature of the language, credible ecosystem, emphasis on provability over testing, ability to scale, and responsiveness of AdaCore. NVIDIA piloted the use of SPARK on firmware to gain security and safety benefits while targeting a small codebase. The presentation covered benefits of SPARK for verification and alternatives considered.
An approach towards sotif with ansys medini analyzeBernhard Kaiser
This presentation motivates what's so different about safety for automated vehicles and introduces the concept of SOTIF (Safety of the Intended Functionality) and the upcoming first industry standard PAS 21448 on SOTIF. After that, some ideas are given how the lessons from this new discipline can be put into an industry-applicable development process for automated driving functions, and how the safety engineering tool medini analyze can help engineers succeeding in their practical work. After the first set of intended safety analysis realisations in medini analyze has been presented, the slide show concludes with an outlook on possible future extensions, also involving a close integration of medin analyze with ANSYS' simulation capabilities for automated driving functions.
Spark / Ada for Safe and Secure Firmware DevelopmentAdaCore
The document discusses using SPARK for secure and safe firmware development. It notes that firmware is written mostly in C, which is prone to security vulnerabilities. SPARK aims to address this by using formal verification methods, improved static analysis, and developer contracts to find and prevent bugs. The document outlines NVIDIA's usage of SPARK for security processors and safety-critical code. While SPARK faces challenges regarding adoption due to its differences from C, NVIDIA is taking a phased approach to adoption by starting with proof of concepts and increasing usage over time for its most critical firmware components.
Industrial Control System Security Taxonomic Framework with Application to a ...M Mehdi Ahmadian
we have proposed Hierarchical Taxonomic Framework (HTF) with 16 required characteristics for classifying attacks and security incidents in ICSs.
This framework has proper characteristics such as completeness, unambiguity, repeatability, usefulness, appropriateness, and applicability.
We provided semi-formal and standardized definitions of threats, events, incidents, non-incidents, non-security incidents, non-attack security incidents, and attacks
This proposed taxonomy with various parameters and sub-parameters prepares an expandable hierarchical framework for any organization's requirements.
In this paper, we present minimal parameters and sub-parameters for classification. Parameters and sub-parameters of the HTF can be changed, expanded, and revised for other applications that need more customization.
we also classified and analyzed 268 security incidents on ICSs. Based on the HTF, we proposed the statistical analytical study to show the useful patterns and key points for threat intelligence in ICSs and critical infrastructures. These patterns and key points lead us to improve ICSs and critical infrastructures security by being aware of cyber-attacks trends.
Please cite this article as: Mohammad Mehdi Ahmadian , Mehdi Shajari , Mohammad Ali Shafiee , Industrial Control System Security Taxonomic Framework with Application to a Comprehensive Incidents Survey, International Journal of Critical Infrastructure Protection (2020), doi:https://doi.org/10.1016/j.ijcip.2020.100356
Would you like to know how SOTIF addresses possible hazards caused by intended behavior? Discuss the first draft of the SOTIF standard with international working group members and functional safety experts during the SOTIF Conference. Find out more here: http://bit.ly/SOTIF_Agenda_2019
Isaca career paths - the highest paying certifications in the industryInfosec
The document discusses various ISACA certifications such as CISA, CISM, CRISC, CGEIT, and CDPSE. It provides an overview of each certification including what types of roles they are designed for, average salaries, and key statistics. It also promotes ISACA training resources available through Infosec Skills which provides online courses and practice exams to help candidates prepare for ISACA certifications.
The document discusses combining functional safety and industrial cyber security standards. It notes that IEC 61511 (functional safety) and IEC 62443 (industrial cyber security) take similar risk assessment and risk reduction approaches. The standards both use risk matrices and define target and achieved security/safety levels. The document suggests a combined approach could assess risks and close gaps to meet both safety and security targets together. Taking a unified view of both helps address new regulatory requirements linking the two domains.
CompTIA Security+: Everything you need to know about the SY0-601 updateInfosec
CompTIA’s Security+, the most popular cybersecurity certification in the world, is getting an overhaul! The updated exam (from SY0-501 to SY0-601) re-aligns the certification to match the most in-demand entry-level cybersecurity skills and trends heading into 2021.
Join Patrick Lane, Director of Products at CompTIA, to learn how the Security+ certification is evolving so it remains the “go-to” certification for anyone trying to break into cybersecurity. You’ll learn about:
Evolving Security+ domain areas and job skills
Common job roles for Security+ holders
SY0-501 and SY0-601 exam timelines
Tips to pass the updated Security+ exam
Plus Security+ questions from live viewers
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...Seungjoo Kim
"Using the CGC's Fully Automated Vulnerability Detection Tools in Security Evaluation and Its Effectiveness - Are Tools Good for Hackers Good for Security Evaluators? -" @ CODE BLUE 2016, Tokyo, Japan (October 20, 2016)
This document is NIST Special Publication 800-53 Revision 4 which provides a catalog of security and privacy controls for federal information systems. It aims to protect operations, assets, individuals and organizations from threats. The controls are customizable and part of an organization-wide risk management process. It also describes developing specialized control overlays for specific environments. Finally, it addresses security from functionality and assurance perspectives to ensure systems are sufficiently trustworthy.
This document provides an overview of the DIAMONDS project, which aimed to develop and apply multi-domain security testing technologies. It describes eight industrial case studies conducted across six domains to evaluate different security testing techniques, including risk analysis, fuzz testing, active testing, and autonomous monitoring. The case studies are evaluated using Security Testing Improvement Profiles (STIP) to analyze progress across key areas like risk assessment, test design, and test automation. The document highlights improvements achieved in all case studies and the project's contributions to research, commercialization, and standardization.
BGA SOME/SOC Etkinliği - Kurumsal SOME’ler için SOC Modeli Nasıl Olmalı?BGA Cyber Security
A CSIRT and SOC provide cyber security incident response and monitoring. A CSIRT handles incidents like malware, DDoS attacks, and data breaches, while a SOC proactively monitors networks for threats. Best practices for establishing these teams include obtaining management support, developing strategic plans, designing team structures, implementing capabilities, and evaluating effectiveness. Key roles for a SOC include prevention, detection, analysis, response, and reporting on security issues.
امنیت سیستم های کنترل صنعتی : طبقه بندی رخدادهای امنیت سایبری سیستم های کنتر...M Mehdi Ahmadian
در این ارائه به شکل مختصر به معرفی و بهکارگیری چارچوب طبقهبندی رخدادهای امنیت سایبری سیستمهای کنترل صنعتی و اسکادا میپردازیم. علاوه بر متخصصین، پژوهشگران امنیت سامانه های کنترل صنعتی، به کلیه علاقمندان حوزه امنیت سایبری که به مباحث مدل سازی تهدیدات، حملات و رخدادهای امنیتی علاقه دارند توصیه می کنم این آموزش را مشاهده کنند.
توضیحات بیشتر و فیلم این ارائه در :
http://ahmadian.blog.ir/post/ICSSecurityTaxonomicFramework
Industrial Control Cyber Security Europe 2015 James Nesbitt
The Industrial Control Cybersecurity conference consists of presentations and debate from some of the energy industry’s leading end users from Operational and IT backgrounds, Government influencers, leading cybersecurity authorities and some of the world’s most influential solution providers.
Key topics of discussion will pivot on convergence of operational and information technology transformation, design, implementation, integration and risks associated with enterprise facing architecture.
Further review includes the development of policy, operational and cultural considerations, maturity models, public and private information sharing and the adoption of cybersecurity controls.
2015 will provide further insight into how industry can further develop organisational priorities, effective methodologies, benchmark return on investment for cybersecurity procurement, supplier relationships and how to effectively deploy defense in-depth strategies.
We will introduce discussion on the latest attacks and hear from those who are responsible for identifying them. The conference will further address penetration testing, the art of detection and threat monitoring, incident response and recovery.
This document provides an overview of functional safety and the IEC 61511 standard. It discusses key aspects of IEC 61511 like safety integrity levels (SIL) which help provide protection against random and systematic failures. The document also summarizes exida, an expert in functional safety certification, and explains their various tools and services. It introduces the IEC 61511 safety lifecycle which includes phases for management and planning, analysis, realization, and operation and maintenance.
The document discusses safety instrumentation and safety integrity levels (SILs). It provides examples of major industrial accidents from 1974 to 2005 and their causes. These include failures of safety systems and instrumentation. The document then discusses key aspects of safety instrumented systems (SIS) such as their hardware components, separation from process controls, definition, and role in risk reduction. It introduces SIL ratings from 1 to 4 which define the reliability of a SIS based on its risk reduction factor and probability of failure on demand.
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
Cyber Security is one of the major challenges facing organisations within all industries. This presentation will examine the integration of an Enterprise Architecture approach with an Enterprise Security Architecture approach (TOGAF and SABSA) and propose a generic framework.
Download this presentation at http://opengroup.co.za/presentations
ASHBURN, Va. – At its core, trusted-computing works to ensure that computing systems operate safely, securely, and correctly every time. Trusted computing matters at every level of operation, whether it be the processor level, software level, or system level. Each layer of a computing system ensures that a system can operate securely. Because malicious attackers are able to poke at all layers of a system, securing only one single layer often is not the most effective use of resources.
.italo operates an Essential Service by connecting more than 100 million people annually across Italy with its super fast and secure railway. And CISO Enrico Maresca has been on a whirlwind journey of his own.
Formerly a Cyber Security Engineer, Enrico started at .italo as an IT Security Manager. One year later, he was promoted to CISO and tasked with building out – and significantly increasing the maturity level – of the SOC. The result was a huge step forward for .italo.
So how did he successfully achieve this ambitious ask? Join Enrico as he reveals the key insights and lessons learned in his SOC journey, including:
Top challenges faced in improving security posture
Key KPIs implemented in order to measure success
Strategies and approaches applied in the SOC
How MITRE ATT&CK and Splunk Enterprise Security were utilised
Next steps in their maturity journey ahead
Application of theorem proving for safety-critical vehicle softwareAdaCore
The document discusses applying formal verification techniques like theorem proving to automotive software for safety-critical functions. It provides background on software safety requirements and discusses fault avoidance versus fault tolerance approaches. The document then presents a case study where theorem proving is used to verify a software function for autonomous vehicle control. It explains the process of breaking the software into portions and verifying each portion using logical proofs of pre and post conditions. The document highlights benefits of theorem proving over testing in providing a logical proof that software is bug-free, but also notes limitations like not verifying timing behavior.
This document discusses the Common Criteria standard for information technology security evaluation (SNI ISO/IEC 15408). It provides an overview of the speaker's background and experience in information security standards. It then explains the Common Criteria standard, including the different parts that make up the ISO 15408 series (functional requirements, assurance requirements, etc.). It also discusses other related standards that could be included in Indonesia's national standards, such as frameworks for assurance and evaluation methodology.
Securing the Future of Safety and Security of Embedded SoftwareAdaCore
Daniel Rohrer, VP of Software Product Security at NVIDIA, discussed NVIDIA's journey to adopting the SPARK subset of the Ada programming language and the AdaCore tooling for improving software security and safety. NVIDIA was motivated by increasing complexity of systems, criticality of failures, and limitations of existing techniques. They selected SPARK and AdaCore due to the decidable nature of the language, credible ecosystem, emphasis on provability over testing, ability to scale, and responsiveness of AdaCore. NVIDIA piloted the use of SPARK on firmware to gain security and safety benefits while targeting a small codebase. The presentation covered benefits of SPARK for verification and alternatives considered.
An approach towards sotif with ansys medini analyzeBernhard Kaiser
This presentation motivates what's so different about safety for automated vehicles and introduces the concept of SOTIF (Safety of the Intended Functionality) and the upcoming first industry standard PAS 21448 on SOTIF. After that, some ideas are given how the lessons from this new discipline can be put into an industry-applicable development process for automated driving functions, and how the safety engineering tool medini analyze can help engineers succeeding in their practical work. After the first set of intended safety analysis realisations in medini analyze has been presented, the slide show concludes with an outlook on possible future extensions, also involving a close integration of medin analyze with ANSYS' simulation capabilities for automated driving functions.
Spark / Ada for Safe and Secure Firmware DevelopmentAdaCore
The document discusses using SPARK for secure and safe firmware development. It notes that firmware is written mostly in C, which is prone to security vulnerabilities. SPARK aims to address this by using formal verification methods, improved static analysis, and developer contracts to find and prevent bugs. The document outlines NVIDIA's usage of SPARK for security processors and safety-critical code. While SPARK faces challenges regarding adoption due to its differences from C, NVIDIA is taking a phased approach to adoption by starting with proof of concepts and increasing usage over time for its most critical firmware components.
Industrial Control System Security Taxonomic Framework with Application to a ...M Mehdi Ahmadian
we have proposed Hierarchical Taxonomic Framework (HTF) with 16 required characteristics for classifying attacks and security incidents in ICSs.
This framework has proper characteristics such as completeness, unambiguity, repeatability, usefulness, appropriateness, and applicability.
We provided semi-formal and standardized definitions of threats, events, incidents, non-incidents, non-security incidents, non-attack security incidents, and attacks
This proposed taxonomy with various parameters and sub-parameters prepares an expandable hierarchical framework for any organization's requirements.
In this paper, we present minimal parameters and sub-parameters for classification. Parameters and sub-parameters of the HTF can be changed, expanded, and revised for other applications that need more customization.
we also classified and analyzed 268 security incidents on ICSs. Based on the HTF, we proposed the statistical analytical study to show the useful patterns and key points for threat intelligence in ICSs and critical infrastructures. These patterns and key points lead us to improve ICSs and critical infrastructures security by being aware of cyber-attacks trends.
Please cite this article as: Mohammad Mehdi Ahmadian , Mehdi Shajari , Mohammad Ali Shafiee , Industrial Control System Security Taxonomic Framework with Application to a Comprehensive Incidents Survey, International Journal of Critical Infrastructure Protection (2020), doi:https://doi.org/10.1016/j.ijcip.2020.100356
Would you like to know how SOTIF addresses possible hazards caused by intended behavior? Discuss the first draft of the SOTIF standard with international working group members and functional safety experts during the SOTIF Conference. Find out more here: http://bit.ly/SOTIF_Agenda_2019
Isaca career paths - the highest paying certifications in the industryInfosec
The document discusses various ISACA certifications such as CISA, CISM, CRISC, CGEIT, and CDPSE. It provides an overview of each certification including what types of roles they are designed for, average salaries, and key statistics. It also promotes ISACA training resources available through Infosec Skills which provides online courses and practice exams to help candidates prepare for ISACA certifications.
The document discusses combining functional safety and industrial cyber security standards. It notes that IEC 61511 (functional safety) and IEC 62443 (industrial cyber security) take similar risk assessment and risk reduction approaches. The standards both use risk matrices and define target and achieved security/safety levels. The document suggests a combined approach could assess risks and close gaps to meet both safety and security targets together. Taking a unified view of both helps address new regulatory requirements linking the two domains.
CompTIA Security+: Everything you need to know about the SY0-601 updateInfosec
CompTIA’s Security+, the most popular cybersecurity certification in the world, is getting an overhaul! The updated exam (from SY0-501 to SY0-601) re-aligns the certification to match the most in-demand entry-level cybersecurity skills and trends heading into 2021.
Join Patrick Lane, Director of Products at CompTIA, to learn how the Security+ certification is evolving so it remains the “go-to” certification for anyone trying to break into cybersecurity. You’ll learn about:
Evolving Security+ domain areas and job skills
Common job roles for Security+ holders
SY0-501 and SY0-601 exam timelines
Tips to pass the updated Security+ exam
Plus Security+ questions from live viewers
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...Seungjoo Kim
"Using the CGC's Fully Automated Vulnerability Detection Tools in Security Evaluation and Its Effectiveness - Are Tools Good for Hackers Good for Security Evaluators? -" @ CODE BLUE 2016, Tokyo, Japan (October 20, 2016)
This document is NIST Special Publication 800-53 Revision 4 which provides a catalog of security and privacy controls for federal information systems. It aims to protect operations, assets, individuals and organizations from threats. The controls are customizable and part of an organization-wide risk management process. It also describes developing specialized control overlays for specific environments. Finally, it addresses security from functionality and assurance perspectives to ensure systems are sufficiently trustworthy.
This document provides an overview of the DIAMONDS project, which aimed to develop and apply multi-domain security testing technologies. It describes eight industrial case studies conducted across six domains to evaluate different security testing techniques, including risk analysis, fuzz testing, active testing, and autonomous monitoring. The case studies are evaluated using Security Testing Improvement Profiles (STIP) to analyze progress across key areas like risk assessment, test design, and test automation. The document highlights improvements achieved in all case studies and the project's contributions to research, commercialization, and standardization.
BGA SOME/SOC Etkinliği - Kurumsal SOME’ler için SOC Modeli Nasıl Olmalı?BGA Cyber Security
A CSIRT and SOC provide cyber security incident response and monitoring. A CSIRT handles incidents like malware, DDoS attacks, and data breaches, while a SOC proactively monitors networks for threats. Best practices for establishing these teams include obtaining management support, developing strategic plans, designing team structures, implementing capabilities, and evaluating effectiveness. Key roles for a SOC include prevention, detection, analysis, response, and reporting on security issues.
امنیت سیستم های کنترل صنعتی : طبقه بندی رخدادهای امنیت سایبری سیستم های کنتر...M Mehdi Ahmadian
در این ارائه به شکل مختصر به معرفی و بهکارگیری چارچوب طبقهبندی رخدادهای امنیت سایبری سیستمهای کنترل صنعتی و اسکادا میپردازیم. علاوه بر متخصصین، پژوهشگران امنیت سامانه های کنترل صنعتی، به کلیه علاقمندان حوزه امنیت سایبری که به مباحث مدل سازی تهدیدات، حملات و رخدادهای امنیتی علاقه دارند توصیه می کنم این آموزش را مشاهده کنند.
توضیحات بیشتر و فیلم این ارائه در :
http://ahmadian.blog.ir/post/ICSSecurityTaxonomicFramework
Industrial Control Cyber Security Europe 2015 James Nesbitt
The Industrial Control Cybersecurity conference consists of presentations and debate from some of the energy industry’s leading end users from Operational and IT backgrounds, Government influencers, leading cybersecurity authorities and some of the world’s most influential solution providers.
Key topics of discussion will pivot on convergence of operational and information technology transformation, design, implementation, integration and risks associated with enterprise facing architecture.
Further review includes the development of policy, operational and cultural considerations, maturity models, public and private information sharing and the adoption of cybersecurity controls.
2015 will provide further insight into how industry can further develop organisational priorities, effective methodologies, benchmark return on investment for cybersecurity procurement, supplier relationships and how to effectively deploy defense in-depth strategies.
We will introduce discussion on the latest attacks and hear from those who are responsible for identifying them. The conference will further address penetration testing, the art of detection and threat monitoring, incident response and recovery.
This document provides an overview of functional safety and the IEC 61511 standard. It discusses key aspects of IEC 61511 like safety integrity levels (SIL) which help provide protection against random and systematic failures. The document also summarizes exida, an expert in functional safety certification, and explains their various tools and services. It introduces the IEC 61511 safety lifecycle which includes phases for management and planning, analysis, realization, and operation and maintenance.
The document discusses safety instrumentation and safety integrity levels (SILs). It provides examples of major industrial accidents from 1974 to 2005 and their causes. These include failures of safety systems and instrumentation. The document then discusses key aspects of safety instrumented systems (SIS) such as their hardware components, separation from process controls, definition, and role in risk reduction. It introduces SIL ratings from 1 to 4 which define the reliability of a SIS based on its risk reduction factor and probability of failure on demand.
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
Cyber Security is one of the major challenges facing organisations within all industries. This presentation will examine the integration of an Enterprise Architecture approach with an Enterprise Security Architecture approach (TOGAF and SABSA) and propose a generic framework.
Download this presentation at http://opengroup.co.za/presentations
ASHBURN, Va. – At its core, trusted-computing works to ensure that computing systems operate safely, securely, and correctly every time. Trusted computing matters at every level of operation, whether it be the processor level, software level, or system level. Each layer of a computing system ensures that a system can operate securely. Because malicious attackers are able to poke at all layers of a system, securing only one single layer often is not the most effective use of resources.
.italo operates an Essential Service by connecting more than 100 million people annually across Italy with its super fast and secure railway. And CISO Enrico Maresca has been on a whirlwind journey of his own.
Formerly a Cyber Security Engineer, Enrico started at .italo as an IT Security Manager. One year later, he was promoted to CISO and tasked with building out – and significantly increasing the maturity level – of the SOC. The result was a huge step forward for .italo.
So how did he successfully achieve this ambitious ask? Join Enrico as he reveals the key insights and lessons learned in his SOC journey, including:
Top challenges faced in improving security posture
Key KPIs implemented in order to measure success
Strategies and approaches applied in the SOC
How MITRE ATT&CK and Splunk Enterprise Security were utilised
Next steps in their maturity journey ahead
This document summarizes key information from a presentation on security architecture in the IoT age. It discusses the risks of vulnerabilities being exploited in embedded devices, as seen with Stuxnet. It recommends resources for credible cybersecurity information, including the Information Assurance Support Environment site. The document also summarizes guidance on the Risk Management Framework and Security Technical Implementation Guides.
IntroductionThe capstone project is a �structured walkthrough� pen.pdffantasiatheoutofthef
Introduction
The capstone project is a structured walkthrough penetration test of a fictional
company, Artemis, Incorporated (Artemis). A structured walkthrough is an
organized procedure for a group of peers to review and discuss the technical
aspects of various IT, IT Security, and IT Audit work products. The major objectives
of a structured walkthrough are to find errors and to improve the quality of the
product or service to be delivered.
This document provides a comprehensive overview of the project and the expected
deliverables.
Overview
You work for a firm specializing in cybersecurity consulting, namely penetration tests,
vulnerability assessments, and regulatory compliance. Artemis has hired your firm to
perform an external penetration test. In preparation for this engagement, you must lead
your team of new pen-testers in a structured walkthrough of the entire test so that:
a) Everyone on the team knows what to do.
b) The amount of time allotted for the actual test is utilized as efficiently as
possible.
c) The clients expectations are met or exceeded.
To accomplish this task, you must perform the following five phases:
1. Perform simulated reconnaissance of the client.
2. Simulate target identification and scans against the external network.
3. Simulate the identification of vulnerabilities.
4. Based on the above, assess the threats and make recommendations.
5. Create two mock reports for the client: An Executive Summary for the clients
senior management, and a Detailed Technical Report for the clients IT staff.
This project is an excellent addition to your portfolio as it demonstrates your
understanding of critical security issues and your skills in identifying and analyzing
threats and vulnerabilities. The project also allows you to speak knowledgeably about
the entire process of performing a pen test, using your project as a reference point.
Each phase will include its own deliverable(s). A full description of what is required can
be found under each phase.
Directions
When planning penetration tests, consulting firms always sit down with the clients key
stakeholders to confirm scope and approach, identify the clients concerns, and set
expectations regarding the outcome. To this end, you have been provided with an
overview of the client and an overview of the clients IT environment. This information is
critical because all risks must be evaluated within their context. The example below
illustrates this concept:
Technically Accurate Artemis web application does not restrict or filter user uploads
by file type. This is a vulnerability that could allow threat actors to connect remotely,
execute arbitrary code, and then elevate their privileges within the application.
With context Artemis RFQ/RFP web application does not restrict or filter user uploads
by file type. This is a vulnerability that could allow threat actors to connect remotely,
execute arbitrary code, and then elevate their privileges within the application. In this
instan.
Safety Architect – a Model-Based Safety Analysis Tool Benefiting from Sirius ...Obeo
Safety Architect is a Model-Based Safety Analysis (MBSA) tool which automates the creation of safety artefacts required to carry out safety analysis such as: FMEA tables or fault trees. Safety Architect proposes a graphical editor to safety engineers allowing them to manipulate safety concepts in a more comfortable way than with tabular sheets. On the other hand, Safety Architect also ensures consistency between system design and safety analysis by interfacing with Model-Based System Engineering (MBSE) tools such as Capella. Safety Architect leverages Sirius technology to support dedicated graphical representations, specific functionalities and custom mechanisms for safety engineering.
JONATHAN DUMONT, All4Tec
JEAN GODOT, All4Tec
Advance security in cloud computing for military weaponsIRJET Journal
This document proposes a system to securely transmit military weapon launch codes through cloud storage using multiple security techniques. The system uses steganography to hide launch codes in image captchas. Visual cryptography is then used to split the captcha images into shares distributed to authorized users. Each share undergoes image encryption and watermarking before being sent via email. To obtain the launch code, users decrypt their shares, verify the watermarks through de-watermarking, and use visual cryptography to reconstruct the original captcha and extract the hidden launch code text. The proposed multi-layered approach aims to securely transmit sensitive military information through cloud storage.
This document provides an overview of Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS), including fundamentals, evolution over time, vulnerabilities, security frameworks, good practices, and resources. It defines SCADA/ICS, describes how they have become more interconnected, lists vulnerabilities like outdated systems and remote access, outlines security standards like NIST and NERC, recommends practices like segmentation and patching, and provides example frameworks and resources.
20160914 EuroSPI: "Automotive Security: Challenges, Standards and Solutions"Alexander Much
The document discusses automotive security challenges, standards, and solutions. It notes that security needs to be balanced with safety, reliability, and availability. Standards for automotive security processes are needed similar to ISO 26262. Both safety and security are system aspects requiring coordination between experts and systems engineering processes. Security also requires extension of the traditional product lifecycle to include ongoing monitoring and updates in the field.
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Mobodexter
BlackHat USA 2015 got recently concluded and we head a bunch of news around how BlackHat brought to light various security vulnerabilities in day-to-day life like ZigBee protocol, Device for stealing keyless cars & ATM card skimmers. However the presenters, who are also ethical hackers, also gave a bunch of tools to help software community to detect & prevent security holes in the hardware & software while the product is ready for release. We have reviewed all the presentations from the conference and give you here a list of Top 10 tools/utilities that helps in security vulnerability detection & prevention.
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptxInfosectrain3
The CompTIA Cybersecurity Analyst (CySA+) certification is the industry standard for demonstrating that cybersecurity professionals can analyze data and interpret the results to detect vulnerabilities, threats, and risks to an organization.
Satellite communication provides a secure and reliable solution for connected vehicles. It offers several key benefits:
High security due to fewer entry points than terrestrial networks. Updates can be distributed securely via private satellite broadcast networks.
Global coverage allows vehicles to be updated anywhere instantly and reliably without terrestrial dependencies. The network can scale globally as needed.
Comprehensive security programs throughout development and operation, including reducing attack surfaces, authentication, monitoring for threats, and fast global remediation for any issues discovered help ensure safety.
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...Draup3
Cyber threat analytics, cyber threat detection, and cybersecurity for data privacy & protection are the most common use cases across industries. Download the report to read about the regional hotspots, associated players, cybersecurity ecosystems, and more.
This curriculum vitae is for Varsharani K, an Information Security Analyst with 2 years of experience in SIEM, vulnerability management, and Symantec. She has worked with tools like IBM Q-Radar, AlienVault SIEM, Qualys Guard, and Symantec Endpoint Protection. Her current role is with Capgemini India where she monitors Q-Radar health, analyzes logs for vulnerabilities, and notifies teams to remediate issues. She also has experience managing vulnerabilities for Warner Brothers through Qualys Guard and providing recommendations based on scan reports.
Digital Security by Design: Imperas’ Interests - Simon Davidmann, Imperas Sof...KTN
KTN ran a collaborators' workshop on 26 September 2019 in London to explain more about the Digital Security by Design Challenge announced by the government.
The Digital Security by Design challenge has been recently announced by the Department for Business, Energy & Industrial Strategy (BEIS). This challenge, amounting to £70 million of government funding over 5 years, was delivered by UK Research and Innovation (UKRI) through the Industrial Strategy Challenge Fund (ISCF).
This Collaborators' Workshop provides an opportunity to hear more details of the challenge and forthcoming competitions.
A Scoping Workshop for this challenge was held on 30th May: http://ow.ly/oz6230pHlGl
Find out more about the Defence and Security Interest Group at https://ktn-uk.co.uk/interests/defence-security
Join the Defence and Security Interest Group at https://www.linkedin.com/groups/8584397 or Follow KTN_UK Defence group on Twitter https://twitter.com/KTNUK_Defence
Security architecture - Perform a gap analysisCarlo Dapino
This document discusses security architecture and strategies for evaluating security posture. It describes how security strategies have changed from perimeter-based to zero-trust models. It also summarizes differences between securing on-premises versus cloud environments, and recommends evaluating security using a layered analysis approach. Lastly, it provides tips for threat modeling, incident response, and ensuring security architecture is integrated with enterprise architecture.
Security shifting left addressed earlier security concerns in the software development life-cycle (that is, left in a left-to-right schedule diagram). The question is "Are the security concerns in software development life-cycle sufficient?". This presentation will introduce "Shifting Leftmost in Security" which focusing in Security Architecture. Software implementation in medium and large enterprise environments requires well defined architecture especially in security requirements. The scope in this presentation will cover secure application infrastructure and secure application design.
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...apidays
INTERFACE by apidays 2023
APIs for a “Smart” economy. Embedding AI to deliver Smart APIs and turn into an exponential organization
June 28 & 29, 2023
Security Exposure Management in API First World
Sandeep Nain, VP Security and Trust at Carta
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Expanding Access to Affordable At-Home EV Charging by Vanessa WarheitForth
Vanessa Warheit, Co-Founder of EV Charging for All, gave this presentation at the Forth Addressing The Challenges of Charging at Multi-Family Housing webinar on June 11, 2024.
EV Charging at MFH Properties by Whitaker JamiesonForth
Whitaker Jamieson, Senior Specialist at Forth, gave this presentation at the Forth Addressing The Challenges of Charging at Multi-Family Housing webinar on June 11, 2024.
Charging Fueling & Infrastructure (CFI) Program Resources by Cat PleinForth
Cat Plein, Development & Communications Director of Forth, gave this presentation at the Forth and Electrification Coalition CFI Grant Program - Overview and Technical Assistance webinar on June 12, 2024.
Implementing ELDs or Electronic Logging Devices is slowly but surely becoming the norm in fleet management. Why? Well, integrating ELDs and associated connected vehicle solutions like fleet tracking devices lets businesses and their in-house fleet managers reap several benefits. Check out the post below to learn more.
Understanding Catalytic Converter Theft:
What is a Catalytic Converter?: Learn about the function of catalytic converters in vehicles and why they are targeted by thieves.
Why are They Stolen?: Discover the valuable metals inside catalytic converters (such as platinum, palladium, and rhodium) that make them attractive to criminals.
Steps to Prevent Catalytic Converter Theft:
Parking Strategies: Tips on where and how to park your vehicle to reduce the risk of theft, such as parking in well-lit areas or secure garages.
Protective Devices: Overview of various anti-theft devices available, including catalytic converter locks, shields, and alarms.
Etching and Marking: The benefits of etching your vehicle’s VIN on the catalytic converter or using a catalytic converter marking kit to make it traceable and less appealing to thieves.
Surveillance and Monitoring: Recommendations for using security cameras and motion-sensor lights to deter thieves.
Statistics and Insights:
Theft Rates by Borough: Analysis of data to determine which borough in NYC experiences the highest rate of catalytic converter thefts.
Recent Trends: Current trends and patterns in catalytic converter thefts to help you stay aware of emerging hotspots and tactics used by thieves.
Benefits of This Presentation:
Awareness: Increase your awareness about catalytic converter theft and its impact on vehicle owners.
Practical Tips: Gain actionable insights and tips to effectively prevent catalytic converter theft.
Local Insights: Understand the specific risks in different NYC boroughs, helping you take targeted preventive measures.
This presentation aims to equip you with the knowledge and tools needed to protect your vehicle from catalytic converter theft, ensuring you are prepared and proactive in safeguarding your property.
Charging Fueling & Infrastructure (CFI) Program by Kevin MillerForth
Kevin Miller, Senior Advisor, Business Models of the Joint Office of Energy and Transportation gave this presentation at the Forth and Electrification Coalition CFI Grant Program - Overview and Technical Assistance webinar on June 12, 2024.
Dahua provides a comprehensive guide on how to install their security camera systems. Learn about the different types of cameras and system components, as well as the installation process.
Charging and Fueling Infrastructure Grant: Round 2 by Brandt HertensteinForth
Brandt Hertenstein, Program Manager of the Electrification Coalition gave this presentation at the Forth and Electrification Coalition CFI Grant Program - Overview and Technical Assistance webinar on June 12, 2024.
1. copyright@2019 CAV Technologies Co., Ltd. all rights reserved.
Security First
CAV Technologies
AutoSec China 2019
Mission Possible: Advanced Threat Analysis Tool for All
KENJI TAGUCHI
CAV TECHNOLOGIES CO. LTD
SEPT/18/2019
Joint Work with A. Ohba (Japan Automotive Research Institute)
2. copyright@2019 CAV Technologies Co., Ltd. all rights reserved.
About this presentation
• This presentation overviews the threat analysis tool called cp/TARA which is originally
developed under Japanese government research project on cybersecurity of automotive
systems by Ministry of Economy, Trade and Industry (METI) and Ministry of Land, Infrastructure,
Transport and Tourism (MLIT).
• This presentation is co-authored by A. Ohba (Japan Automotive Research Institute) .
• The following reports published from METI summarize the outcome of the research project and
includes the summary of the design and adopted threat analysis methods of the cp/TARA, which
will be explained in this presentation:
• https://www.meti.go.jp/meti_lib/report/H29FY/000362.pdf (Japanese only)
• https://www.meti.go.jp/meti_lib/report/H30FY/000350.pdf (Japanese only)
3. copyright@2019 CAV Technologies Co., Ltd. all rights reserved.
Research Project: Cybersecurity for automotive systems
Layer 1 Mobility society
Layer 2 Vehicle
TCU
Bluetooth
Wi-Fi
V2X
PLC
cloud
smartphone
V2X
Charging station
GW
Diag tool
ADAS
H/U
XXX
Steer Break
Air-con DoorLayer 3 In-vehicle
Locator
Multi-media
ADAS
Powertrain
Chassis
Body
Layer 4 Component
• The whole landscape of security issues for automotive domain can be illustrated by Layer 1 to
Layer 4.
• The theme of the project was security issues on layer 2, i.e., vehicle itself, and focuses on 1)
threat analysis and threat library, 2) evaluation methods and criteria for countermeasures and 3)
light weight digital signature for V2X.
• This presentation is focused on the first part of 1).
Layer 1
Outside communication
+Encryption
+Digital signature
+Access control
(Authenticatio, filtering)
Layer 2
GW
+Access control (filtering)
+ Key management
+ ECU authentication
+ Anomaly detection
+ Secure log
Layer 3
In-vehicle network
+ Detection of Msg Spoofing
+ Encryption
Layer 4
ECU
+ Secure programming
+ Secure storage
+ Secure boot
4. copyright@2019 CAV Technologies Co., Ltd. all rights reserved.
Why do we need threat analysis in the first place?
Black Hat 2016
Tesla Model S
Black Hat 2015
Jeep Cherokee
Sound and robust cryptographic foundations.
+ Message authentication
+ FOTA
+ Secure boot
+ Hardware security module
+ Intrusion detection and protection
+ Secure Diagnostic Service (UDS)
…
Secure architecture and mechanisms
How do we design optimal secure
architecture and how we can be
confident of their robustness against
potential threats?
Defcon 2019 GPS Tracking
App, MyCar
Many PoC demonstrations by white hackers!
Possible solutions
Threat analysis at an early stage of the
development
Key to the problem
Relay Station Attack (RSA)
(Wikipedia)
(No picture)
5. copyright@2019 CAV Technologies Co., Ltd. all rights reserved.
Necessary ingredients for threat analysis
Multiple methods are necessary to capture all necessary ingredients for threat analysis.
TCU
Bluetooth
Wi-Fi
V2X
PLC
cloud
smartphone
V2X
Charging station
GW
Diag tool
ADAS
H/U
XXX
Steer Break
Air-con Door
Locator
Multi-media
ADAS
Powertrain
Chassis
Body
Where an attack comes from? What should be protected?What attack is possible?
How can we protect it?How can an attack reach its target?
Where should be protected?
6. copyright@2019 CAV Technologies Co., Ltd. all rights reserved.
Multiple methods for threat analysis and existing methods
• The following architectural information helps analyze potential threats:
• Assets what should be protected from attacks?
• Entry points/IF where an attack comes from?
• Attack path/threat scenario how can an attack reach its target?
• trust boundary/security perimeter how to recognize the surface/boundary exposed to attacks?
• Security boundary where should be protected?
Zone and conduit (IEC 62443)
Trust boundary (MS Threat Modeling Tool)
Security perimeter (DO-356)
Assets (ISO 27005)
Threat scenario (DO-356)
(HEAVENS, Security models D2, ver. 2.0, March 18, 2016)
(RTCA DO-356: Airworthiness Security Methods and Considerations, 2014)
Zone X Zone YConduit
(No picture)
7. copyright@2019 CAV Technologies Co., Ltd. all rights reserved.
Threat analysis tool based on attack trees: Seculia
• SecuLia is a threat analysis
tool jointly developed with
Gaio technology.
‒ Addin application of Enterprise
Architect (EA)
Sparx Systems Co., Ltd.
• Main functionalities
‒ Fault Tree Analysis
‒ Attack Tree Analysis
Risk assessment a la
EVITA,
Minimal cut set
‒ FT-AT Analysis
Analysis on interference of
security against safety (I/F
for HARA and TARA)
‒ Extendable risk assessment
Risk assessment is
programmable
Enterprise Architect (EA) (Sparx systems Co. , Ltd)
Adin application
FT-AT diagram
AT diagram
8. copyright@2019 CAV Technologies Co., Ltd. all rights reserved.
Necessary ingredients for threat analysis
SecuLia only supports detailed analysis on attacks. The remaining parts should be developed .
? ?
? ? ?
9. copyright@2019 CAV Technologies Co., Ltd. all rights reserved.
Its Initiation
• cp/TARA is developed under Japanese government research project on cybersecurity of automotive systems by
METI and MLIT.
cp/TARA (Common Platform for TARA) Overview
• Threat analysis tool for automotive systems
• Refer to its initiation.
• Integrated platform
• Provides a common platform to integrate various threat analysis methods and risk assessment criteria
• Secure MBD (Model Based Development)
• Supports SysML based Model Based Development (Block definition diagrams and requirements diagrams are
conservatively extended to model security features)
• Compliance to standards/guidelines
• Can be accommodated to comply with several security standards/guidelines
• Advanced methodologies
• TARA for multi-staged attacks and associated defense in depth
• Built-in security features as architectural components
• Detailed threat analysis and risk assessment based on attack trees a la EVITA
• Flexibility
• Any additional new programs/features can be easily integrated as an add-on program thanks to extension facility
of Enterprise Architect (Sparx Systems Pty Ltd.)
• In fact, cp/TARA is integrated ad-on programs of Enterprise Architect
TARA (Threat Analysis and Risk Assessment)
10. copyright@2019 CAV Technologies Co., Ltd. all rights reserved.
Wide variety of analysis techniques in cp/TARA
• Block definition diagrams and
Requirements diagrams are extended
to model critical security features.
• Conservative extension
(existing SysML specification is
preserved)
• Substantial security features
are added to those diagrams.
Secure Block Definition Diagrams (SysML)
Attack Tree Diagrams(SecuLia)
Security Requirements Diagrams (SysML)
Enterprise Architect(EA)/SysML
• Attack analysis tool SecuLia (Gaio
Technology Co., Ltd) is integrated
into cp/TARA to support ATA.
• System level threat analysis
diagrams are newly developed to
model multi-stage attacks and
associate defense in depth.
System level threat analysis Diagrams (New)
(Sparx Systems Pty Ltd.)
Threat analysis on architecture information Counter measure analysis
Detailed analysis on attacks Attack paths
11. copyright@2019 CAV Technologies Co., Ltd. all rights reserved.
Necessary ingredients for threat analysis: solved!
SecuLia supports detailed analysis on attacks. The remaining parts are developed in cp/TARA.
These are all add-in programs of EA
12. copyright@2019 CAV Technologies Co., Ltd. all rights reserved.
What is SysML?
• SysML (Systems Modeling Language) is a general-purpose graphical modeling language for specifying,
analyzing, designing, and verifying complex systems that may include hardware, software, information,
personnel, procedures, and facilities
• from OMG SysML page: http://www.omgsysml.org/what-is-sysml.htm
• As the picture below shows, SysML diagrams can be classified under behavior diagrams such as state
machine diagram, and requirement diagram, and structure diagram such as block definition diagram.
• SysML can be modified thanks to extension mechanisms such as stereotypes and tagged-values from
UML (Unified Modeling Language).
(from http://www.omgsysml.org/what-is-sysml.htm)
13. copyright@2019 CAV Technologies Co., Ltd. all rights reserved.
Threat analysis baseline process: Overview
• Architecture Information, functional module list,
network I/F information as preliminary info on the
system.
• Usage of the system as use cases
• Attackers’ profile, organizational security policies,
risk assessment criteria, etc.
• Identify assets from architecture info.
• Identify attack surfaces.
• Identify threats from attack surfaces.
• Detailed analysis of identified threats using attack
trees.
• Assess risks of identified threats.
• Derive security requirements against identified threats.
stm [package] Secure Process Ba...
Preliminary Information
(Architecture Info, Use
cases, Attacker's Profile,
Security Policies, etc)
Threat Analysis
Identification of
assets
Identification of
attack surfaces
Identification of
threats
Detailed analysis of
threats
Risk assessment of
identified threats
Derivation of
security
requirements
14. copyright@2019 CAV Technologies Co., Ltd. all rights reserved.
Threat analysis baseline process: supporting diagrams
The following figure shows which phase is supported by which diagram.
Architecture info(SysML Block Def. Diag.)
Use cases(Use cases DB)
Assets(Secure Block Def. Diag.)
Attack Surfaces(Secure Block Def. Diag.)
Threats(Secure Block Def. Diag.)
Detailed analysis on threats (Attack Trees)
Risk assessment(Attack Trees)
Security Requirements(Security Req. Diag.)
bdd [package] Concept-Phase-Architecture [Concept-Phase-LKAS-ECU]
«attack
surface»
AS.01
«attack
surface»
AS.03
«attack
surface»
AS.02
«block,security zone»
Gateway
«attack
surface»
AS.01
«attack
surface»
AS.03
«attack
surface»
AS.02
«block»
Gateway::転送機能
«block,asset»
Gateway::転送機能::ルーティングテーブル
Port38
«block,functional asset»
Gateway::リプロ機能
Port38
«block,asset,inf...
Gateway::リプロ機能::
ファームウェア
Port37
«block,functional asset»
Gateway::診断機能
Port37
«block,asset,i...
Gateway::診断機
能::診断情報
Port23
«block»
DLC
Port23
Port34
«block,functional asset»
Gateway::転送機能::Security-CAN 転送機能
Port34
Port22
«block,functional asset»
Gateway::転送機能::DLC-CAN転送機能
Port22
Port32
«block,functional asset»
Gateway::転送機能::Ext-CAN転送機能
Port32
«block»
NAVI等
Port25
«block»
正規診断機
Port25 Port24
«block»
不正機器
Port24
«block»
LKAS
«block»
LKAS::LKAS 制御
«block»
LKAS::Camera
Port35
«block»
Steering
Port35
stm [package] Secure Process Ba...
Preliminary Information
(Architecture Info, Use
cases, Attacker's Profile,
Security Policies, etc)
Threat Analysis
Identification of
assets
Identification of
attack surfaces
Identification of
threats
Detailed analysis of
threats
Risk assessment of
identified threats
Derivation of
security
requirements
15. copyright@2019 CAV Technologies Co., Ltd. all rights reserved.
Extended threat analysis process: Overview
• Architecture Information, functional module list, network
I/F information as preliminary info on the system.
• Usage of the system as use cases
• Attackers’ profile, organizational security policies, risk
assessment criteria.
• Identify assets from architecture info.
• Identify attack surfaces.
• Identify threat in a system component along the identified
attack path.
• Derivation of security requirements against identified
threat.
• Detailed analysis on threats and assess their risks by
attack trees.
• Detailed analysis of security requirements.
• Validate appropriateness between identified threats and
security requirements against them.
• Identify an attack path from an attack surface up to an
asset.
stm [package] Secure Process Extended [Secure Process Extended]
Preliminary Information
(Architecture Info, Use cases,
Attacker's Profile, Security Policies,
etc)
Threat analysis
Identification of
assets
Identification of
attack surfaces
Identification of
threats
Detailed analysis of
threats
Risk assessment of
threats
Detailed analysis of
security requirements
Identification of attack
paths
Derivation of security
requirements
Validation of threats and
security requirements
16. copyright@2019 CAV Technologies Co., Ltd. all rights reserved.
Threat analysis extended process: supporting diagrams
The following picture illustrates which phase is supported by which diagram.
Architecture info(SysML Block Def. Diag.)
Use cases(Use cases DB)
Assets(Secure Block Def. Diag.)
Attack Surfaces(Secure Block Def. Diag.)
Detailed analysis on threats (Attack Trees Diag.)
Risk Assessment(Attack Trees Diag.)
Detailed Analysis on Security Req.
(Security Req. Diag.)
Validation on Threats and Security Req.
(Attack Trees)
bdd [package] Concept-Phase-Architecture [Concept-Phase-LKAS-ECU]
«attack
surface»
AS.01
«attack
surface»
AS.03
«attack
surface»
AS.02
«block,security zone»
Gateway
«attack
surface»
AS.01
«attack
surface»
AS.03
«attack
surface»
AS.02
«block»
Gateway::転送機能
«block,asset»
Gateway::転送機能::ルーティングテーブル
Port38
«block,functional asset»
Gateway::リプロ機能
Port38
«block,asset,inf...
Gateway::リプロ機能::
ファームウェア
Port37
«block,functional asset»
Gateway::診断機能
Port37
«block,asset,i...
Gateway::診断機
能::診断情報
Port23
«block»
DLC
Port23
Port34
«block,functional asset»
Gateway::転送機能::Security-CAN 転送機能
Port34
Port22
«block,functional asset»
Gateway::転送機能::DLC-CAN転送機能
Port22
Port32
«block,functional asset»
Gateway::転送機能::Ext-CAN転送機能
Port32
«block»
NAVI等
Port25
«block»
正規診断機
Port25 Port24
«block»
不正機器
Port24
«block»
LKAS
«block»
LKAS::LKAS 制御
«block»
LKAS::Camera
Port35
«block»
Steering
Port35
Attack Paths
( Secure Block Def. Diag. , System Level Diag.)
Threats and Security Requirements
(System Level Diag. )
stm [package] Secure Process Extended [Secure Process Extended]
Preliminary Information
(Architecture Info, Use cases,
Attacker's Profile, Security Policies,
etc)
Threat analysis
Identification of
assets
Identification of
attack surfaces
Identification of
threats
Detailed analysis of
threats
Risk assessment of
threats
Detailed analysis of
security requirements
Identification of attack
paths
Derivation of security
requirements
Validation of threats and
security requirements
17. copyright@2019 CAV Technologies Co., Ltd. all rights reserved.
Interface characteristics: Security requirements diagram
Original I/F for SysML Requirements Diagrams I/F of cp/TARA for Security Requirements Diagram
J3061
Compliant
+
General
Security
Requirements
Extended Menu
Original Menu
18. copyright@2019 CAV Technologies Co., Ltd. all rights reserved.
Interface characteristics: Secure block definition diagram
Original I/F for SysML I/F of cp/TARA for Secure Block Definition Diagram
Extended Menu
Original Menu
19. copyright@2019 CAV Technologies Co., Ltd. all rights reserved.
Identification of assets and attack surface
(Secure block definition diagram)
Architecture Information Analysis on attack surface and assets
Architecture information is an essential factor for threat analysis.
class autosec-china-pre-model
Port2
«block»
GW
Port2
«block»
Routing table
«block»
Firmware
«block»
Config Data
Port1
«block»
TCU
Port1
CAN
class autosec-china-post-model
«attack
surface»
Port2
«block»
GW
«attack
surface»
Port2
«block,information asset»
Routing table
«block,functional asset»
Firmware
«block,information asset»
Config Data
Port1
«block»
TCU
Port1
CAN
Functional/information assets and potential attack surface are analyzed.
20. copyright@2019 CAV Technologies Co., Ltd. all rights reserved.
Secure block definition diagram: model elements
Feature Icon Meaning
Asset The asset is an entity which should be protected from attacks. This is
realized by adding a stereotype “asset” to the block.
Attack Surface The attack surface is an entry point for attacks, which is realized as a
port (i.e., I/F to a block). The stereotype “attack surface” is added to the
port.
Related attacks
(Attack Surface)
The attack surface has an attribute “related-attacks” which can store
attack names associated with that attack surface.
Security Zone The security zone represents the boundary where it is protected from
attacks. This is realized by adding a stereotype “security zone” to the
block.
Trust Boundary/
Trust level
The trust boundary represents the boundary where it can be trusted.
This is realized by adding a stereotype “trust zone” to the block. Each
trust boundary has an attribute the trust level where any level of trust for
that boundary can be stored.
Trust-ability Each port may have the trusted attribute, which indicates whether the
port and associated link is trustable.
Vulnerability Each block has an attribute which stores its vulnerabilities and their IDs.
22. copyright@2019 CAV Technologies Co., Ltd. all rights reserved.
System level threat analysis diagram: example
• Multi-staged attacks and defense in depth can be analyzed at the same time.
‒ Attack path consisting of security zones and their associated attacks and defense can be analyze.
‒ Risk assessment can be done based on two risk models; decremental risk model and internal hiding
risk model.
Multi-staged attack
Defense in depth
Attack Path
(Attack)
(Defense)
(Detection)
(Security Zone)
(link to attack)
(multi attack)
23. copyright@2019 CAV Technologies Co., Ltd. all rights reserved.
System level threat analysis: detailed analyses
Detailed analyses on identified attacks and countermeasures will be carried out on
attack tree diagrams and security requirements diagrams respectively.
Security requirements diagram
req [package] 不審な通信トラフィックを監視する [不審な通信トラフィックを監視する]
«requirement»
不審な通信トラフィックを監視する
id = "SecR-03-2"
text = "不審な通信トラフィックの監視を行う"
«requirement»
通信ログ
id = "SecR-03-02-01"
text = "通信トラフィックのログを取る"
«requirement»
通信ログの分析
id = "SecR-03-02-02"
text = "ログの分析を行い、不正な通信を検査する"
«deriveReqt» «deriveReqt»
Attack tree diagram
24. copyright@2019 CAV Technologies Co., Ltd. all rights reserved.
What would happen when an attacker penetrated your system?
• Most of attackers who penetrated the system will remain in the system for about several months.
‒ E.g., It is believed that an attacker of Ukrainian power grid stayed there for about half a year.
One of reports on Ukrainian power-grid attack
Is it plausible that nested architecture could help prevent attacks?
system
Safety-critical ECUs
25. copyright@2019 CAV Technologies Co., Ltd. all rights reserved.
Risk models of system level threat analysis diagram
Risk is reduced due to multiple defense lines.
Risk is increased once an attacker intruded in the system.
Risk Reduction rate
Risk Reduction rate
2) Internal hiding risk model
‒ The risk of attack is increased once an
attacker intruded the system.
1) Decremental risk model
‒ The more sub-networks/barriers/defenses are
introduced, the more risk is reduced.
RTCA DO-356 introduces this risk model.
26. copyright@2019 CAV Technologies Co., Ltd. all rights reserved.
Risk assessment results
1) Decremental risk model
2) Internal hiding risk model
Risk assessment is carried out using CC/CEM and Evita.
Attack Potential Attack Probability
Basic 5
Enhanced Basic 4
Moderate 3
High 2
Beyond High 1
CC/CEM
(Common Methodology for Information Technology
Security Evaluation, Evaluation methodology)
Standard value
Standard value
High
LowDecremented value
Incremented value
Attack Probability
(Deliverable D2.3: Security requirements for
automotive on-board networks based on dark-side
scenarios, 2008)
27. copyright@2019 CAV Technologies Co., Ltd. all rights reserved.
cp/TARA road map
Current version
• Part of it is explained in this presentation.
System requirements:
• Enterprise architect (v. 13)
• SecuLia (v.1)
2019 2020 onward
Future Plan:
• Data exchanges between diagrams
• Automatic attack path analysis (between attack
surfaces and assets)
• Automatic analysis on attack surfaces with
associated attacks
28. copyright@2019 CAV Technologies Co., Ltd. all rights reserved.
Final remarks
• This presentation is to report on a research outcome of the research project on security of
automotive systems.
• A threat analysis tool called cp/TARA was developed to support threat analysis and threat
library in that project.
• cp/TARA is developed as ad-in programs of Enterprise Architect and supports multiple
analysis methods for
• identifying assets, attack surfaces, security boundaries from architecture information
• detailed analysis on attacks and countermeasures (security requirements) and
• multi-stage attacks and associated defense measures (defense in depth).
• For the future plan of cp/TARA includes
• data exchanges between diagrams
• automatic attack path analysis (between attack surfaces and assets)
• automatic analysis on attack surface with associated attacks