A Secure Update Architecture for High Assurance Mixed-Criticality System Don Kuzhiyelil Dr. Sergey Tverdyshev SYSGO AG
|
|
- Loreen Matthews
- 5 years ago
- Views:
Transcription
1 A Secure Update Architecture for High Assurance Mixed-Criticality System Don Kuzhiyelil Dr. Sergey Tverdyshev SYSGO AG SYSGO AG 1
2 Secure Software Update Unified Diagnostic Services DiagnosticsSessionControl (0x10) SYSGO AG 2
3 Secure Software Update SYSGO AG 3
4 Secure Software Update SYSGO AG 4
5 Secure Software Update SYSGO AG 5
6 Secure Software Update on Mixed-Criticality ECUs Consolidation of Vehicular Functions Characteristics Multiple security domains Multiple safety levels ADAS, Diagnosis Navigation Media Player Requires different runtime environments Autosar POSIX Map Data Android e.g. AUTOSAR, Linux (Genivi, Yocto) System on Chip Consolidation Challenge: Sharing of Resources e.g. memory, time, devices, cores.. SYSGO AG 6
7 Secure Software Update on Mixed-Criticality ECUs Consolidation of Vehicular Functions Solution: Separation Kernel 1. Spatial Separation 2. Temporal Separation ADAS, Diagnosis Navigation Map Data Media Player 3. Secure Communication Channels Autosar POSIX Android Partitions/Containers with controlled information flow PikeOS Separation Kernel System on Chip SYSGO AG 7
8 Secure Software Update on Mixed-Criticality ECUs ADAS, Diagnosis Navigation Media Player Map Data Autosar POSIX Android PikeOS Separation Kernel System on Chip SYSGO AG 8
9 Secure Software Update on Mixed-Criticality ECUs Agenda Software Update use-cases Secure Update architecture based on Separation Kernel Mapping of Security and Safety functionality ADAS, Diagnosis Navigation Map Data Media Player Design decisions Certification perspective Autosar POSIX Android PikeOS Separation Kernel System on Chip SYSGO AG 9
10 Secure Software Update on Mixed-Criticality ECUs Use cases 1. Platform Update 2. Partition Update 3. Application Update ADAS, Diagnosis Navigation Media Player Map Data Autosar POSIX Android PikeOS Separation Kernel System on Chip SYSGO AG 10
11 Secure Software Update on Mixed-Criticality ECUs Use cases 1. Platform Update 2. Partition Update 3. Application Update ADAS, Diagnosis Navigation Media Player Map Data Autosar POSIX Android PikeOS Separation Kernel System on Chip SYSGO AG 11
12 Secure Software Update on Mixed-Criticality ECUs Use cases 1. Platform Update 2. Partition Update 3. Application Update ADAS, Diagnosis Navigation Media Player Map Data Autosar POSIX Android PikeOS Separation Kernel System on Chip SYSGO AG 12
13 Secure Update: Security Requirements Req 1: Secure and Authenticated Communication + Client-Server Authentication + Encrypted Channel + Message Integrity SYSGO AG 13
14 Secure Update: Security Requirements Req 1: Secure and Authenticated Communication + Client-Server Authentication + Encrypted Channel + Message Integrity TLSv1.2 using OpenSSL TPM for client key storage and random number generation SYSGO AG 14
15 Secure Update: Security Requirements Req 1: Secure and Authenticated Communication + Client-Server Authentication + Encrypted Channel + Message Integrity TLSv1.2 using OpenSSL TPM for client key storage and random number generation SYSGO AG 15
16 Secure Update: Security Requirements Req 1: Secure and Authenticated Communication + Client-Server Authentication + Encrypted Channel + Message Integrity TLSv1.2 using OpenSSL TPM for client key storage and random number generation SYSGO AG 16
17 Secure Update: Security Requirements Req 2: Integrity Measurement and Reporting + Before providing the update, UpdateServer needs to verify that the ECU is not tampered Implemented using two approaches towards booting the system 1. Secure Boot 2. Measured Boot SYSGO AG 17
18 Secure Update: Security Requirements Req 2: Integrity Measurement and Reporting Secure Boot Measured Boot SYSGO AG 18
19 Secure Update: Security Requirements Req 2: Integrity Measurement and Reporting Secure Boot Measured Boot SYSGO AG 19
20 Secure Update: Security Requirements Req 3: Secure Sharing of GUI Why: User consent is taken before the update using the GUI that is shared with a vulnerable application UI can be DoSed/Hijacked by a compromised Android App SYSGO AG 20
21 Secure Update: Security Requirements Req 3: Secure Sharing of GUI How: Partitioning of Graphics and Touchscreen device by a trusted component SYSGO AG 21
22 Secure Update: Safety Functionality + Global and ECU state management + Interference free update process with guaranteed access to resources + Error handling and recovery + Reprogramming Implemented in UpdateManager Partition with highest privileges SYSGO AG 22
23 Secure Update: Sequence Diagram 0. Initiate Update SYSGO AG 24
24 Secure Update: Sequence Diagram 0. Initiate Update 1. Establish Secure Channel SYSGO AG 25
25 Secure Update: Sequence Diagram 0. Initiate Update 1. Establish Secure Channel 2. Integrity Reporting SYSGO AG 26
26 Secure Update: Sequence Diagram 0. Initiate Update 1. Establish Secure Channel 2. Integrity Reporting 3. State Management 4. User Consent SYSGO AG 27
27 Secure Update: Sequence Diagram 0. Initiate Update 1. Establish Secure Channel 2. Integrity Reporting 3. State Management 4. User Consent 5. Integrity Checking SYSGO AG 28
28 Secure Update: Sequence Diagram 0. Initiate Update 1. Establish Secure Channel 2. Integrity Reporting 3. State Management 4. User Consent 5. Integrity Checking 6. Reprogramming 7. Partition Restart 8. Acknowledgement SYSGO AG 29
29 Secure Update: Design with Least Privileges Components implemented as Separated Partitions Partitions given the minimum privileges required for the functioning (resources, communication rights,.. ) SYSGO AG 30
30 Secure Update: Design with Least Privileges Components implemented as Separated Partitions Partitions given the minimum privileges required for the functioning (resources, communication rights,.. ) Privacy Fault containment SYSGO AG 31
31 Secure Update: Separation of Concerns - Safety and Security Security functions UpdateDownloader Safety functions UpdateManager User partition with minimum privileges required Uses large libraries (e.g. OpenSSL, TrouSerS) and runtime environment (Linux) Only certified for Security Vulnerabilities may exist System partition with highest privileges Native PikeOS application with small codebase Certified for Safety at the highest level High probability of being error free Reduced attack surface Multiple independent security checks ( Defense-in-depth ) Fault containment Reduced Certification Costs SYSGO AG 32
32 Secure Update: Certification Perspective For a Common Criteria certified product, Secure Update is a part in the process (flaw remediation component ALC_FLR.3) to stay certified Independent update of separated domains, e.g. applying Hot-fixes, without affecting other partitions Independent update of separated domains without the need of costly recertification of the whole product SYSGO AG 33
33 Secure Update: Take Home Messages Software Update process for mixed-critical consolidated system shall satisfy certain special requirements e.g. secure sharing of GUI A good architecture will have separated safety and security functionality A partitioned system provides security by design that enables reducing the recertification costs safe deployment of Hot-fixes SYSGO AG 34
34 Thank you for your attention! Questions? SYSGO AG 35
Using a Certified Hypervisor to Secure V2X communication
SYSGO AG PUBLIC 1 Using a Certified Hypervisor to Secure V2X communication Author(s): Date: Version Chris Berg 08/05/2017 v1.1 SYSGO AG PUBLIC 2 Protecting Assets People started protecting their assets
More informationSafety and Security for Automotive using Microkernel Technology
Informationstag "Das Automobil als IT-Sicherheitsfall" Berlin, 11.05.2012 Safety and Security for Automotive using Microkernel Technology Dr.-Ing. Matthias Gerlach OpenSynergy TwoBirds withonestone Safety
More informationViryaOS RFC: Secure Containers for Embedded and IoT. A proposal for a new Xen Project sub-project
ViryaOS RFC: Secure Containers for Embedded and IoT A proposal for a new Xen Project sub-project Stefano Stabellini @stabellinist The problem Package applications for the target Contain all dependencies
More informationHypervisor Market Overview. Franz Walkembach. for GENIVI AMM, April 19 th, 2018 (Munich) SYSGO AG Public
Franz Walkembach for GENIVI AMM, April 19 th, 2018 (Munich) SYSGO AG Public 2018-04-19 1 What you can expect Quick introduction of SYSGO AG What are the market trends for hypervisor? Market size and main
More informationSecurity: The Key to Affordable Unmanned Aircraft Systems
AN INTEL COMPANY Security: The Key to Affordable Unmanned Aircraft Systems By Alex Wilson, Director of Business Development, Aerospace and Defense WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY
More information10 th AUTOSAR Open Conference
10 th AUTOSAR Open Conference Dr. Moritz Neukirchner Elektrobit Automotive GmbH Building Performance ECUs with Adaptive AUTOSAR AUTOSAR Nov-2017 Major market trends and their impact Trends Impact on E/E
More informationScalable and Flexible Software Platforms for High-Performance ECUs. Christoph Dietachmayr Sr. Engineering Manager, Elektrobit November 8, 2018
Scalable and Flexible Software Platforms for High-Performance ECUs Christoph Dietachmayr Sr. Engineering Manager, November 8, Agenda A New E/E Architectures and High-Performance ECUs B Non-Functional Aspects:
More informationSIMPLIFYING THE CAR. Helix chassis. Helix chassis. Helix chassis WIND RIVER HELIX CHASSIS WIND RIVER HELIX DRIVE WIND RIVER HELIX CARSYNC
W I N D R I V E R H E L I X C H A S S I S SIMPLIFYING THE WIND RIVER HELIX CHASSIS Helix Chassis brings together software, technologies, tools, and services to help automotive manufacturers unify, simplify,
More informationAutonomous Driving needs Safety & Security. Embedded World 2018 Dr. Ciwan Gouma
Autonomous Driving needs Safety & Security Embedded World 2018 Dr. Ciwan Gouma Autonomous Driving The Vision The vision is not new. Picture left (maybe you have seen this in other presentations) but why
More informationSECURIFY: A COMPOSITIONAL APPROACH OF BUILDING SECURITY VERIFIED SYSTEM
1 SRIFY: A COMPOSITIONAL APPROACH OF BUILDING SRITY VERIFIED SYSTEM Liu Yang, Associate Professor, NTU SG-CRC 2018 28 March 2018 2 Securify Approach Compositional Security Reasoning with Untrusted Components
More informationSecure automotive on-board networks
Secure automotive on-board networks Basis for secure vehicle-to-x communication Dr.-Ing. Olaf Henniger Fraunhofer SIT / Darmstadt 2 December 2010 Presentation overview EVITA project overview Security challenges
More informationTrusted Platform Modules Automotive applications and differentiation from HSM
Trusted Platform Modules Automotive applications and differentiation from HSM Cyber Security Symposium 2017, Stuttgart Martin Brunner, Infineon Technologies Axiom: Whatever is connected can (and will)
More informationSecurity and Performance Benefits of Virtualization
Security and Performance Benefits of Virtualization Felix Baum mentor.com/embedded Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions. Linux is the registered
More informationBlackBerry UEM + Samsung Knox
Datasheet BlackBerry UEM + Samsung Knox Comprehensive EMM Management + Together, Samsung and BlackBerry secure and enable key enterprise workflows, from the boardroom to the battlefield, exceeding the
More informationImproving Security in Embedded Systems Felix Baum, Product Line Manager
Improving Security in Embedded Systems Felix Baum, Product Line Manager The Challenge with Embedded Security Business Imperatives Security Imperatives I need to keep my production expenses as low as possible.
More informationAUTOBEST: A microkernel-based system (not only) for automotive applications. Marc Bommert, Alexander Züpke, Robert Kaiser.
AUTOBEST: A microkernel-based system (not only) for automotive applications Marc Bommert, Alexander Züpke, Robert Kaiser vorname.name@hs-rm.de Outline Motivation AUTOSAR ARINC 653 AUTOBEST Architecture
More informationMASP Chapter on Safety and Security
MASP Chapter on Safety and Security Daniel Watzenig Graz, Austria https://artemis.eu MASP Chapter on Safety & Security Daniel Watzenig daniel.watzenig@v2c2.at Francois Tuot francois.tuot@gemalto.com Antonio
More informationSecuring the future of mobility
Kaspersky Transportation System Security AVL Software and Functions Securing the future of mobility www.kaspersky.com #truecybersecurity Securing the future of mobility Connected car benefits The need
More informationAdding value to your MS customers
Securing Microsoft Adding value to your MS customers Authentication - Identity Protection Hardware Security Modules DataSecure - Encryption and Control Disc Encryption Offering the broadest range of authentication,
More informationThe Safe State: Design Patterns and Degradation Mechanisms for Fail- Operational Systems
The Safe State: Design Patterns and Degradation Mechanisms for Fail- Operational Systems Alexander Much 2015-11-11 Agenda About EB Automotive Motivation Comparison of different architectures Concept for
More informationUsing the MPU with an RTOS to Enhance System Safety and Security
Using the MPU with an RTOS to Enhance System Safety and Security By Stephen Ridley 10 December, 2016 www.highintegritysystems.com WITTENSTEIN WITTENSTEIN high integrity systems: A World Leading RTOS Ecosystem
More informationUsing a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles
Safety & Security for the Connected World Using a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles 16 th June 2015 Mark Pitchford, Technical Manager, EMEA Today
More informationPKI Credentialing Handbook
PKI Credentialing Handbook Contents Introduction...3 Dissecting PKI...4 Components of PKI...6 Digital certificates... 6 Public and private keys... 7 Smart cards... 8 Certificate Authority (CA)... 10 Key
More informationSmart Antennas and Hypervisor: Enabling Secure Convergence. July 5, 2017
Smart Antennas and : Enabling Secure Convergence July 5, 2017 About OpenSynergy OpenSynergy develops software solutions for embedded automotive systems. OpenSynergy s product portfolio includes key software
More informationTerra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)
Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006) Trusted Computing Hardware What can you do if you have
More informationIntroduction to Adaptive AUTOSAR. Dheeraj Sharma July 27, 2017
Introduction to Adaptive AUTOSAR Dheeraj Sharma July 27, 2017 Overview Software Platform and scope of Adaptive AUTOSAR Adaptive AUTOSAR architecture and roadmap EB Adaptive Platform and Prototyping solution
More informationAdaptive AUTOSAR. Ready for Next Generation ECUs V
Adaptive AUTOSAR Ready for Next Generation ECUs V0.4 2017-10-18 Introduction Being Prepared for the Next-Generation of ECUs Additional, high performance ECUs hosting applications for upcoming use cases
More informationWindows IoT Security. Jackie Chang Sr. Program Manager
Windows IoT Security Jackie Chang Sr. Program Manager Rest Physical access to a device will not give access to data Data & Control Execution Data owner has full control over data processing Motion Transport
More information10 th AUTOSAR Open Conference
10 th AUTOSAR Open Conference Yuchen Zhou, Thomas E Fuhrman, Prathap Venugopal General Motors Scheduling Techniques for Automated Driving Systems using the AUTOSAR Adaptive Platform AUTOSAR Nov-2017 Agenda
More informationManufacturing Tools in the UEFI Secure Boot Environment
Manufacturing Tools in the UEFI Secure Boot Environment Presented by Stefano Righi presented by UEFI Plugfest May 2014 Agenda Introduction Transition of Manufacturing Tools to UEFI Manufacturing Tools
More informationCommunication Patterns in Safety Critical Systems for ADAS & Autonomous Vehicles Thorsten Wilmer Tech AD Berlin, 5. March 2018
Communication Patterns in Safety Critical Systems for ADAS & Autonomous Vehicles Thorsten Wilmer Tech AD Berlin, 5. March 2018 Agenda Motivation Introduction of Safety Components Introduction to ARMv8
More informationCompTIA A+ Certification ( ) Study Guide Table of Contents
CompTIA A+ Certification (220-902) Study Guide Table of Contents Course Introduction About This Course About CompTIA Certifications Module 1 / Supporting Windows 1 Module 1 / Unit 1 Windows Operating System
More informationSecuring the Connected Car. Eystein Stenberg CTO Mender.io
Securing the Connected Car Eystein Stenberg CTO Mender.io The software defined car Electronics Telematics Infotainment Connected Assisted driving Autonomous Hardware enabled Software enabled Software defined
More informationDesigning Security & Trust into Connected Devices
Designing Security & Trust into Connected Devices Rob Coombs Security Marketing Director TechCon 11/10/15 Agenda Introduction Security Foundations on Cortex-M Security Foundations on Cortex-A Use cases
More informationCERT Secure Coding Initiative. Define security requirements. Model Threats 11/30/2010
Secure Coding Practices COMP620 CERT Secure Coding Initiative Works with software developers and software development organizations to reduce vulnerabilities resulting from coding errors Many of the slides
More informationCountermeasures against Cyber-attacks
Countermeasures against Cyber-attacks Case of the Automotive Industry Agenda Automotive Basics ECU, domains, CAN Automotive Security Motivation, trends Hardware and Software Security EVITA, SHE, HSM Secure
More informationBringing Android to Secure SDRs
Bringing Android to Secure SDRs David Kleidermacher Frank Vandenberg SDR 11 WinnComm - Europe Agenda Overview Why Android in SDR? Android Security Proposed Architecture Typical red-black architecture for
More informationVendor: CompTIA. Exam Code: Exam Name: CompTIA A+ Certification Exam (902) Version: Demo
Vendor: CompTIA Exam Code: 220-902 Exam Name: CompTIA A+ Certification Exam (902) Version: Demo DEMO QUESTION 1 Which of the following best practices is used to fix a zero-day vulnerability on Linux? A.
More informationIDACCS Wireless Integrity protection in a smart grid environment for wireless access of smart meters
IDACCS Wireless 2014 Integrity protection in a smart grid environment for wireless access of smart meters Prof- Dr.-Ing. Kai-Oliver Detken DECOIT GmbH Fahrenheitstraße 9 D-28359 Bremen URL: http://www.decoit.de
More informationEMC2. Prototyping and Benchmarking of PikeOS-based and XTRATUM-based systems on LEON4x4
EMC2 Prototyping and Benchmarking of PikeOS-based and XTRATUM-based systems on LEON4x4 Introduction Multi-core architectures will be adopted in the next generations of avionics and aerospace systems. Integrated
More information10 th AUTOSAR Open Conference
10 th AUTOSAR Open Conference Nadym Salem, Jan Hegewald Carmeq GmbH Dealing with the Challenges for Future Software Systems in the Automotive Industry with the AUTOSAR Standards AUTOSAR Nov-2017 Dealing
More informationMulticore platform towards automotive safety challenges
Multicore platform towards automotive safety challenges Romuald NOZAHIC European Application Engineer mentor.com/automotive Android is a trademark of Google Inc. Use of this trademark is subject to Google
More informationSoftware integration challenge multi-core experience from real world projects
Software integration challenge multi-core experience from real world projects Rudolf Grave 17.06.2015 Agenda About EB Automotive Motivation Constraints for mapping functions to cores AUTOSAR & MultiCore
More informationSoftware Updates for Connected Devices
Software Updates for Connected Devices Key Considerations Eystein Stenberg CTO Mender.io Who am I Eystein Stenberg Mender.io 7 years in systems security management Over-the-air updater for Linux, Yocto
More informationIoT It s All About Security
IoT It s All About Security Colin Walls colin_walls@mentor.com Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions. Linux is the registered trademark of Linus Torvalds
More informationCyber security of automated vehicles
Cyber security of automated vehicles B. Steurich Infineon Technologies Conference Sep. 2017, Berlin Building blocks of automated driving: Cooperation of multiple system and disciplines Data Processing
More informationAccelerating the implementation of trusted computing
Infineon Network Use Case Accelerating the implementation of trusted computing Building Confidence in Our Connected World with TPM middleware Products OPTIGA TPM www.infineon.com/ispn Use Case Use case
More informationCertified Secure Web Application Engineer
Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),
More informationMixed Critical Architecture Requirements (MCAR)
Superior Products Through Innovation Approved for Public Release; distribution is unlimited. (PIRA AER200905019) Mixed Critical Architecture Requirements (MCAR) Copyright 2009 Lockheed Martin Corporation
More informationSecuring the Connected Car. Eystein Stenberg Product Manager Mender.io
Securing the Connected Car Eystein Stenberg Product Manager Mender.io The software defined car Electronics Telematics Infotainment Connected Assisted driving Autonomous Hardware enabled Software enabled
More informationSoftware Architecture for Secure ECUs. Rudolf Grave EB TechDay-June 2015
Software Architecture for Secure ECUs Rudolf Grave EB TechDay-June 2015 Agenda No safety without security and vice versa Established Safety Concepts Safety Analysis Methods for Security Analysis Secure
More informationTechnical Brief Distributed Trusted Computing
Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify,
More informationCyber security mechanisms for connected vehicles
Infineon Security Partner Network Partner Use Case Cyber security mechanisms for connected vehicles Protecting automotive vehicle networks and business models from cyber security attacks Products AURIX
More informationSecurity by Default. Overview CHAPTER
CHAPTER 3 This section contains the following topics: Overview, page 3-1 Trust Verification Service, page 3-2 Initial Trust List, page 3-2 Autoregistration, page 3-3 Supported Cisco Unified IP Phones,
More informationThe Adaptive Platform for Future Use Cases
The Adaptive Platform for Future Use Cases Vector Congress 2016 - Stuttgart, 2016-11-30 V0.1 2016-09-21 Agenda Introduction Adaptive AUTOSAR Architecture Use Cases and Requirements Adaptive AUTOSAR at
More informationCar2Car Forum Operational Security
Car2Car Forum 2012 14.11.2012 Operational Security Stefan Goetz, Continental Hervé Seudié, Bosch Working Group Security Task Force: In-vehicle Security and Trust Assurance Level 15/11/2012 C2C-CC Security
More informationInfotainment Solutions. with Open Source and i.mx6. mentor.com/embedded. Andrew Patterson Business Development Director Embedded Automotive
Infotainment Solutions with Open Source and i.mx6 Andrew Patterson Business Development Director Embedded Automotive mentor.com/embedded Android is a trademark of Google Inc. Use of this trademark is subject
More informationSECURING DEVICES IN THE INTERNET OF THINGS
SECURING DEVICES IN THE INTERNET OF THINGS WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe consequences, including
More informationCS6501: Great Works in Computer Science
CS6501: Great Works in Computer Science Jan. 29th 2013 Longze Chen The Protection of Information in Computer Systems Jerome H. Saltzer and Michael D. Schroeder Jerry Saltzer Michael Schroeder 1 The Meaning
More informationOperating system hardening
Operating system Comp Sci 3600 Security Outline 1 2 3 4 5 6 What is OS? Hardening process that includes planning, ation, uration, update, and maintenance of the operating system and the key applications
More informationTessellation: Space-Time Partitioning in a Manycore Client OS
Tessellation: Space-Time ing in a Manycore Client OS Rose Liu 1,2, Kevin Klues 1, Sarah Bird 1, Steven Hofmeyr 3, Krste Asanovic 1, John Kubiatowicz 1 1 Parallel Computing Laboratory, UC Berkeley 2 Data
More informationAdvanced Security Tester Course Outline
Advanced Security Tester Course Outline General Description This course provides test engineers with advanced skills in security test analysis, design, and execution. In a hands-on, interactive fashion,
More informationIntroducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.
Introducing MVISION Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls Jon Parkes McAfee 1 All information provided here is subject to non-disclosure
More informationOperating System Security
Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.
More informationMentor Automotive Save Energy with Embedded Software! Andrew Patterson Presented to CENEX 14 th September 2016
Mentor Automotive Save Energy with Embedded Software! Andrew Patterson Presented to CENEX 14 th September 2016 andrew_patterson@mentor.com Embedded Software & Electric Vehicles Combustion Engine Electric
More information*NSTAC Report to the President on the Internet of Things.
North Carolina Highway Signs Compromised By a Foreign Hacker* Penetration of a Water Treatment Facility by a Foreign Hacker* *NSTAC Report to the President on the Internet of Things. www.dhs.gov/sites/default/files/publications/
More informationFIPS Mode Setup
This chapter provides information about FIPS 140-2 mode setup. FIPS 140-2 Setup, page 1 FIPS Mode Restrictions, page 9 FIPS 140-2 Setup Caution FIPS mode is only supported on releases that have been through
More informationIntroducing a new temporal partitioning scheme to AUTOSAR OS
8 th AUTOSAR Open Conference Introducing a new temporal partitioning scheme to AUTOSAR OS 29 th Oct., 2015 Hiroaki TAKADA Professor, Inst. of Innovation for Future Society, Nagoya Univ. Executive Director
More informationAchieving safe, certified, multicore avionics systems with Separation Kernel Hypervisors
Safety & Security for the Connected World Achieving safe, certified, multicore avionics systems with Separation Kernel Hypervisors 13 October 2015 Mark Pitchford, Technical Manager, EMEA Achieving safe,
More informationSecure boot under attack: Simulation to enhance fault injection & defenses
Secure boot under attack: Simulation to enhance fault injection & defenses Martijn Bogaard Senior Security Analyst martijn@riscure.com / @jmartijnb Niek Timmers Principal Security Analyst niek@riscure.com
More informationApplications of Attestation:
Lecture Secure, Trusted and Trustworthy Computing : IMA and TNC Prof. Dr. Ing. Ahmad Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Winter Term 2011/2012 1 Roadmap: TC
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More information1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7
1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7 ORACLE PRODUCT LOGO 20. oktober 2011 Hotel Europa Sarajevo Platform
More informationCertification Report
Certification Report Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications Security Establishment,
More informationConquering Complexity: Addressing Security Challenges of the Connected Vehicle
Conquering Complexity: Addressing Security Challenges of the Connected Vehicle October 3, 2018 Securely Connecting People, Applications, and Devices Ted Shorter Chief Technology Officer CSS Ted.Shorter@css-security.com
More informationPJFS (Partitioning, Journaling File System): For Embedded Systems. Ada-Europe 6-June-2006 Greg Gicca
PJFS (Partitioning, Journaling File System): For Embedded Systems Ada-Europe 6-June-2006 Greg Gicca Why File Systems Are Important Most computer systems today, even deeply embedded, have ample storage
More informationChapter 2. Operating-System Structures
Chapter 2 Operating-System Structures 2.1 Chapter 2: Operating-System Structures Operating System Services User Operating System Interface System Calls Types of System Calls System Programs Operating System
More informationINFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD OVERVIEW Fundamental
More informationAutomotive Anomaly Monitors and Threat Analysis in the Cloud
Automotive Anomaly Monitors and Threat Analysis in the Cloud Dr. André Weimerskirch Vector Automotive Cyber Security Symposium October 12, 2017 Cybersecurity Components Secure Internal & External Communications
More informationCompliant. Secure. Dependable.
NAVIFY Cloud Security with the NAVIFY Tumor Board solution Compliant. Secure. Dependable. Trust that your oncology patients healthcare information stays protected. In the era of precision medicine, you
More informationFeature Comparison Summary
Feature Comparison Summary, and The cloud-ready operating system Thanks to cloud technology, the rate of change is faster than ever before, putting more pressure on IT. Organizations demand increased security,
More informationStrengthening the Chain of Trust. Kevin Lane HP Jeff Bobzin Insyde Software
presented by Strengthening the Chain of Trust Kevin Lane HP Jeff Bobzin Insyde Software August Updated 22, 2014 2011-06-01 Agenda Quick Intro to UEFI UEFI Myths Using Linux + Secure Boot Continuing the
More informationAutomotive Cybersecurity: A steep learning curve
Automotive Cybersecurity: A steep learning curve Vector Congress 2018 V1.0 2018-11-07 Motivation Attack Surface and Attack History Automotive megatrends Attacks with safety-critical effects Connectivity
More informationChannel FAQ: Smartcrypt Appliances
Channel FAQ: Smartcrypt Appliances Q: When were Smartcrypt appliances announced? A: announced the release of our Smartcrypt virtual and physical appliances on September 19, 2017. Smartcrypt Enterprise
More informationIBM Case Manager on Cloud
Service Description IBM Case Manager on Cloud This Service Description describes the Cloud Service IBM provides to Client. Client means and includes the company, its authorized users or recipients of the
More informationFile Encryption. Steven M. Bellovin https://www.cs.columbia.edu/~smb
File Encryption Steven M. Bellovin https://www.cs.columbia.edu/~smb Why Encrypt Files? Theft of files Theft of media Theft of computer Cloud storage? I.e. Someone else s computer 1 Issues with File Encryption
More informationSECURING DEVICES IN THE INTERNET OF THINGS
SECURING DEVICES IN THE INTERNET OF THINGS EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe consequences, including steep financial losses, damage
More informationIoT Edge within the IoT Framework
IoT Edge within the IoT Framework Axel Dittmann Diplom-Betriebswirt (FH) Diplom-Wirtschaftsinformatiker (FH) Global Technical Solution Specialist IOT CISSP, MCP Twitter: @DittmannAxel Waves of Innovation
More informationFeature Comparison Summary
Feature Comparison Summary,, and The cloud-ready operating system is the cloud-ready operating system that delivers new layers of security and Azure-inspired innovation for the applications and infrastructure
More informationWho s Protecting Your Keys? August 2018
Who s Protecting Your Keys? August 2018 Protecting the most vital data from the core to the cloud to the field Trusted, U.S. based source for cyber security solutions We develop, manufacture, sell and
More informationSecuring Your Wireless LAN
Securing Your Wireless LAN Pejman Roshan Product Manager Cisco Aironet Wireless Networking Session Number 1 Agenda Requirements for secure wireless LANs Overview of 802.1X and TKIP Determining which EAP
More informationCertification Report
Certification Report McAfee File and Removable Media Protection 4.3.1 and epolicy Orchestrator 5.1.2 Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation
More informationWeak Spots Enterprise Mobility Management. Dr. Johannes Hoffmann
Weak Spots Enterprise Mobility Management Dr. Johannes Hoffmann Personal details TÜV Informationstechnik GmbH TÜV NORD GROUP Dr. Johannes Hoffmann IT Security Business Security & Privacy Main focus: Mobile
More informationCertification Report
Certification Report EMC VNX OE for Block v05.33 and File v8.1 with Unisphere v1.3 running on VNX Series Hardware Models VNX5200, VNX5400, VNX5600, VNX5800, VNX7600, and VNX8000 Issued by: Communications
More informationDefault security setup
Default security setup This section provides information about the default security setup. Default security features, page 1 Trust Verification Service, page 2 Initial trust list, page 2 Update ITL file
More informationMcAfee Embedded Control for Retail
McAfee Embedded Control for Retail System integrity, change control, and policy compliance for retail point of sale systems McAfee Embedded Control for retail maintains the integrity of your point-of-sale
More informationMU2b Authentication, Authorization and Accounting Questions Set 2
MU2b Authentication, Authorization and Accounting Questions Set 2 1. You enable the audit of successful and failed policy changes. Where can you view entries related to policy change attempts? Lesson 2
More informationUNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update)
UNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update) Koji NAKAO, NICT, Japan (Expert of UNECE WP29/TFCS) General Flow of works in WP29/TFCS and OTA Data protection
More informationEconomic and Social Council
United Nations Economic and Social Council ECE/TRANS/WP.29/2017/46 Distr.: General 23 December 2016 Original: English Economic Commission for Europe Inland Transport Committee World Forum for Harmonization
More informationIntroduction to Device Trust Architecture
Introduction to Device Trust Architecture July 2018 www.globalplatform.org 2018 GlobalPlatform, Inc. THE TECHNOLOGY The Device Trust Architecture is a security framework which shows how GlobalPlatform
More information