Difference between revisions of "SCOTT:BB26.F"
From its-wiki.no
(→Practical suggestions) |
|||
| Line 39: | Line 39: | ||
=Practical suggestions= | =Practical suggestions= | ||
* Title= Survey on existing approaches and metrics | * Title= Survey on existing approaches and metrics | ||
| − | * status= | + | * status= |
* Output= link to the output | * Output= link to the output | ||
* By= Toktam Ramezani | * By= Toktam Ramezani | ||
| Line 45: | Line 45: | ||
* author= | * author= | ||
<br/> | <br/> | ||
| + | |||
| + | * Title= firmware security aspects | ||
| + | Comment= For the security measurement, since in IoT devices we have firmware instead of software (limited software which has a tight interaction with the physical device), we may do a survey on firmware security aspects. | ||
| + | This is a useful doc: https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-costin.pdf | ||
| + | In such limited software interacting with the physical device, some students might be interested. | ||
| + | Then, It might be possible to introduce a list of Metrics to measure a security level of a device. | ||
| + | * status= | ||
| + | * Output= link to the output | ||
| + | * By= Toktam Ramezani | ||
| + | * author= | ||
* Please add your practical suggestions | * Please add your practical suggestions | ||
Revision as of 14:06, 28 June 2017
| Title | Multi-metrics assessment for measurable security and privacy |
|---|---|
| Page Title | BB3.4.F Measurable security and privacy |
| Technology Line | Reference Architecture/Implementation |
| Lead partner | UiO |
| Leader | Toktam Ramezani |
| Contributors | UiO, SmartIO |
| Related to Use Cases | SCOTT:WP7, SCOTT:WP8, SCOTT:WP11, SCOTT:WP12, SCOTT:WP13, SCOTT:WP14, SCOTT:WP15 |
| Description | One aspect of SCOTT is the security (and privacy) assessment of system- of-systems. Assessing security, privacy or other properties that give a system its trustworthiness is challenging for the fact that such properties are not easy to measure. Some would say that e.g. security cannot be measured fully. Nevertheless, in practice we always try to calculate the damages of an envisaged attack, and then weigh in with the costs of implementing countermeasures. Therefore, what we often do as system analysts is more or less ad-hoc, and this is understandable because we are trying to “measure the unmeasurables”.
This Building Block aims to make explicit into metrics and processes the methods that are normally used to assess various aspects of a system. These would guide an analyst during an evaluation and automate some of the more tedious tasks. |
| Main output | This Building Block will develop methodologies and processes to help with measuring different trust aspects of a system, including security, privacy, dependability.
We will develop metrics for measuring such properties of a complex system, along with techniques to work with and combine metrics. We will develop tool prototypes and test them together with the Use Case partners. |
| BB category | Methodology (for SW/HW development), SW component, Tool or tool chain, Process, Other |
| Baseline | The Multi-metrics methodology from SHIELD is suggested as a starting point, to convert application requirements into e.g. network resources. The flow is as follows: a) applications having b) security and privacy requirements in need of c) network resources (in terms of security, privacy, reliability, ++). Example: a) Health Care services might need a b) privacy level A+, thus have c) requirements for isolation (VPN) when it comes to network resources.
We will build on and extend the work done in previous Artemis projects. We will extend theoretical and methodological concepts developed there, as well as tools that have been developed for manipulating metrics for security, privacy, and dependability. |
| Current TRL | TRL 4 |
| Target TRL | TRL 6 |
Activities
- Title= Investigation on ISMS and NIST Standards
- status= Progress
- Output= link to the output (Security Functionality)
- author= Elahe Fazeldehkordi, Seraj Fayyad, Toktam Ramezani
- Title= Investigation on heterogeneous environments and communication
- Related to= WP8 and WP26
- status= Progress
- Output= link to the output
- author= Toktam Ramezani
- Please add your activities
Practical suggestions
- Title= Survey on existing approaches and metrics
- status=
- Output= link to the output
- By= Toktam Ramezani
- Comments=
- author=
- Title= firmware security aspects
Comment= For the security measurement, since in IoT devices we have firmware instead of software (limited software which has a tight interaction with the physical device), we may do a survey on firmware security aspects. This is a useful doc: https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-costin.pdf In such limited software interacting with the physical device, some students might be interested. Then, It might be possible to introduce a list of Metrics to measure a security level of a device.
- status=
- Output= link to the output
- By= Toktam Ramezani
- author=
- Please add your practical suggestions