building safe and secure systems...ait austrian institute of technology mobility systems...
TRANSCRIPT
BUILDING SAFE AND SECURE SYSTEMSWillibald Krenn
Vienna, 2018-04-26
Infrastructure Systems
Next Generation
Solutions
Applied ResearchSystem
Competence
bmvit
Tomorrow Today
Austria‘s largest
RTO
Federation ofAustrian Industries
Centers8employees
1.300over
m EUR total revenue
143Subsidiary
Enterprises2
AIT AUSTRIAN INSTITUTE OF TECHNOLOGY
2
Nuclear
Engineering
Seibersdorf
GmbH
Seibersdorf
Labor GmbH
AIT AUSTRIAN INSTITUTE OF TECHNOLOGY
3
AIT Austrian Institute of Technology
EnergyHealth &
Bioresources
Digital Safety &
Security
Vision, Automation &
Control
AIT Austrian Institute of Technology
Mobility SystemsLow-Emission
Transport
Technology
Experience
Innovation Systems &
Policy
• 181 experts (1/3 with PhD): 51% Scientists, 39% Engineers, 10% Admin
• 50% of new employees with international education
• 30+ EU running projects
• Strategic partners:
CENTER FOR DIGITAL SAFETY & SECURITY
Dependable Systems Engineering
Safety & Security Co-Engineering
Automated Test Case Generation
V&V of Complex Systems
Runtime Verification
Predictive System Health Monitoring
Late-stage software customization
Automated Backdoor Analysis
Adaptive Systems Analysis
Highest System Reliability
New Sensor Technologies
Intelligent Cameras & Video Analytics
Visual Surveillance & Insight
Digital Identity Management
Smart Sensor Solutions
Signal Processing & Pattern Analysis
Situational Awareness & Decision Support
Surveillance and Protection
Security for Industrial Control Systems
Cyber Attack Information System (CAIS)
Cyber Incident Information Sharing (CIIS)
Cloud Security
Risk Management
Security by Design
Cryptography
Cyber Range
Data Science
Machine Learning
Scalable Data Analytics
Blockchain Technologies
Physical Layer Security
Wireless M2M Communication
5G & Broadband Technologies
Optical Quantum Technologies
Crisis and Disaster Management
IoT Sensor Networks
Command & Control Systems
Community Engagement
Environmental Management
Cyber Security
Critical Cyber Infrastructures
4
5
2017: 30% increase in cyber crime in Austria, and
Advanced attacks (APTs) increase in scope and in frequency Source: Austrian Security Report 2017, Gridling, BVT, BMI, Vienna Cyber Security Week 2018, 29.1-2.2, Wien, Austria
£71 million lost by European firms due to ransomware downtime between
2016 and 2017 - businesses of all sizes
less than 33% of attacks are reported to the authorities
Microsoft: 1500 people focusing on security, 1 billion investment in cyber
security - without change of concept no cyber security is possible
Source: N. Malisevic, Microsoft, Vienna Cyber Security Week 2018, 29.1-2.2, Wien, Austria
Source: Data Inc. Study 2018, https://www.cbronline.com/news/ransomware-costs-smbs-71-million
Source: Adi Shamir, Financial Crypto Conference 2016, https://www.linkedin.com/pulse/adi-shamir-makes-
15-predictions-next-years-andreas-sfakianakis /
The Internet of Things (IoT) will be a security disaster.
Cyber warfare will be the norm rather than the exception in conflicts
Source: OSCE, Vienna Cyber Security Week 2018, 29.1-2.2, Wien, Austria
The biggest security crises since WW II
30 nations develop cyber war capabilities
Cyber Security - Status Quo & Predictions
HOW DO WE BUILD
SAFE & SECURE
NEXT GENERATION DIGITAL SYSTEMS?
CAIS
Cyber AttackInformation
System
CIIS
Cyber IncidentInformation
Sharing
Cyber Range Capacity building
Training
Threat Analysis Risk
Management
Privacy & Security by
Design,
Encryption
• Information exchange –
machine and human readable
• privacy, secret information,
laws
• Cyber Situational Awareness
• Threat catalogues
• Methodologies, models, tools
• Basis for specification of
minimum standards for CI
IT-Systems (log files)
Network Traffic
• Detection of the unknown unknown
by AI & machine learning
• Cyber Attack Information Systems
(CAIS)
Cyber Security Range
• Scenario validation, Compliance
• Test-Data Generation
• Training of employees + Stakeholders
• Austrian Cyber Security Cluster
• Austrian Security Hub
• Safety&Security Co-
Development
• New Data Privacy –
user control of data by
agile encryption ,
• Smart encryptio (IoT,
Cloud)
• Post-quantum
encryption
IoT
Cyber Security
Resilience
LEADINGVirtual currencies
Forensic
Run-time- verification
analog/digital CPSWE NEED A SOLUTION PORTFOLIO
8
Concept
Design
Implementation
Integration
Verification
& ValidationFMVEA
Requ. Modelling
Tools (MORETO)
Monitoring of Cyber-Physical Systems
Legacy Systems
Safe & Secure
Gateway Concept
Safe & Secure
Reference Architectures
Lifecycle Management and Workflow Support (WEFACT)
SAFETY & SECURITY BY DESIGNMODEL-BASED DESIGN & ENGINEERING
Automated Test Case
Generation
SafetyPrivacy&Security
Maschinen-Code
Analysis
Faultmodels
(Threats)
System Validation & Training
SYSTEM DESIGN
REQUIREMENTS MODELLING & FMVEA
105/2/2018
The Safety-Security Industry Problem for Digital and
Networked Systems
Safety Security
Missing methods and
tools to measure
incidents
Traditional View:
Safety and Security are
separate issues.
Fault models Attack models
Combined
failure and threat
models
Resilience measures:
- system architecture
- monitoring
- response
-
500k new
malware each
day!
Safety cannot be guaranteed without security, and
Security can be jeopardized by safety requirements.
11
02/05/2018
Atta
ck
/ Failu
re (c
au
se
) an
aly
sis
Failure / threat
mode(s)
Imp
act (e
ffect) a
na
lys
is
FailureAttack Step
Attacksurface
VulnerabilityAttacker
Security Safety
• Resilience measures
• Incident response procedures,
• System architectural measures,
• Monitoring measures.
Impact evaluation
Safety
requirements
Security
requirements
FM
VE
A to
ol s
up
po
rt
Safety & Security Co-Engineering FMVEA Failure Modes, Vulnerabilities and Effects Analysis – combined approach
Analyse and react on
intentional and unintentional
risks simultaneously
• Faster, more efficient
analysis
• Detect overlapping or
inconsistent measures
• Safety and security can
reinforce each other
• Identify conflicts in early
phases
• Combined demonstration
of achieved safety and
security
Intentional and unintentional
risks threaten the same
system properties
1202/05/2018
FMVEA EXAMPLE: COMMUNICATION-BASED
TRAIN CONTROL
Singapore - Security Analysis of Urban Railway Systems, ISSE Workshop 2015,
2nd International Workshop on the Integration of Safety and Security Engineering
ComponentFailure / Threat
ModeDirect Effect System Effect Cause
System
susceptibility
Threat
properties
Train Odometry
Attacker
manipulates data
from APR
(Absolute Position
Reference)
beacon
Train receives
wrong position
data from Train
Odometry
Wrong data can be detected
trough comparison witch tacho
data and track geometry;
affected train switches to fail-
safe state
Attacker spoofs
APR beacon
signal
3 3
ATS
Zone Controller
AWS
DMI
ATO
ATP
Tacho
Doppler
APR
Odometry
Train Data LMA
SchedulingSafety Checks
…
Safety Checks
Speed Control
Speed Control
Position& Speed
Position& Speed
Speed
Speed
Position
APR Beacon
Signaling Network
ZoneRadio
Zone Controller
RadioLAN
AWS
DMICBTC Bus
Tacho DopplerAPR
ATOATPOdometry
NetworkInterface
Servers / HMIs
ATSOCC LAN
TEST CASE GENERATION
AUTOMATION OF TESTING
• Supports highly complex models• >2300 parallel state machines
• e.g. railway station
• Working on integration with Enterprise-Architect UML editor
• Improvements over manual testing• shown on railway use case
• demonstrated on measurement device
• Test guaranteed to detect cert. bugs
14
VERIFICATION OF COMPLEX SYSTEMSMODEL-BASED TESTING APPROACH @ AIT
Hardware: 2x10 Core Intel Xeon E-2680v2, 192 GiB RAM
TE
ST
CA
SE
S
SEEDED FAULTS
Manual
MoMuT
Colour codes: Green – Test detects fault, Red – Other test in suite detects fault, Blue – Faulty model not
responsive (stuck in computation), White – Out of 4GiB RAM, Black – Faulty model not detected.
• Testing of security requirements –
• FMVEA und MORETO Requirements
MONITORING
PREDICTIVE MAINTENANCE
• Verification & Validation
is hard
• Automated test data
generation often
infeasible
• Slow simulation
• Unknown vulnerabilities
• State-of-the-practice
• Manual testing,
simulation
• Ad-hoc, error prone,
tedious
16
Vulnerabilities as Axiom of SW/System Development
„Side effects – 100% testing is not feaseable – “unknown unknown”
RUNTIME VERIFICATION & MONITORING
PREDICTIVE MAINENANCE
Predictive maintenance
Anomaly detection by
logfile analyses (AI)Mixed analog/digital
signal testing
We need a monitoring at runtime
SOLUTION PORTFOLIO
AUSTRIAN KEY COMPETENCES
TRAINING – INT. RELATIONSHIP
18Connected
Cars
Industry
4.0 EnergySmart
City
Digital
Transport
• 200 participants
• 10 Teams, 24 Critical Infr. organisations
• Governmental agencies – Austrian Strategy
for Cyber Security (ÖSCS)
• Game moderation
• 100+ virtual machines + ICS+Cyber Tools
AUSTRIAN CYBER EXERCISE FRO CRITICAL
INFRASTRUCTURE OPERATORS, NOV. 6-7, 2017
1902/05/2018
Cyber crime Cyber espionage Cyber terrorism Cyber sabotage Cyber war
diplomacy technology
trainingconference exhibition
41 Countries
Vienna Cyber Security Week 2018
Multi stake-holder conference, training & exhibition
02/05/2018
Mo
del
based
En
gin
eeri
ng
Pri
vac
y &
Safe
ty &
Secu
rity
Develo
pm
en
t
• CISO, CEO, CIO, CERT, ISO 2700x, …
• Compliance
• Scenario validation
• Test-Data Generation
• Training of employees + Stakeholders –
Cyber Range
Training und System Validation
“digital twins” (AIT Cyber Range)
EN
50128
ISO
27001
ISO
26262
ISO
21434
IEC
62443…
AIT
Threat
Libraries
FMVEA S&S Architecture
DesignMORETO
Safety &
Security
Require-
ments
S&S Automatische
Testfallgenerierung (MoMuT)Code Analyse &
Verification
A/D Signal
Monitoring
Anomalie-
erkennung (AI)
Legacy System
Architecture
Safety &
Security
Monitors
Capacity
skills
Requ.
Structured
Arguments
(auto gen.)
• System Architect
• System Developer
Safe & Secure Systems – Tool Support @ AIT
Connected
Cars
Industry
4.0Energy
QUESTIONS?Please ask our experts!
Dr. WILLIBALD KRENNThematic Coordinator
Dependable Systems Engineering
Center for Digital Safety & Security
AIT Austrian Institute of Technology GmbH
Giefinggasse 4 |1210 Wien, Austria
T +43 50550-4109 | M +43 664 8251222 | F +43 50550-4150
[email protected] | www.ait.ac.at