Io TSafe A Safe Verified Security Controller for

  • Slides: 11
Download presentation
Io. TSafe: A Safe & Verified Security Controller for Internet-of-Things Tianlong Yu

Io. TSafe: A Safe & Verified Security Controller for Internet-of-Things Tianlong Yu

Io. T is an impending security disaster overheat break-in crash fire Io. T devices

Io. T is an impending security disaster overheat break-in crash fire Io. T devices cause physical damage!!! 2

Current approaches fail to secure Io. T Embedded Controller ✗ ✗ Attacker User Unfixable

Current approaches fail to secure Io. T Embedded Controller ✗ ✗ Attacker User Unfixable Flaws - Resource - Management - Longevity No physical context 3

Io. TSafe Security Controller Attacker User 1. Reset device to safe state 2. Stop

Io. TSafe Security Controller Attacker User 1. Reset device to safe state 2. Stop potential attacker 4

Project Goals ✔Room Temperature ✔ Verified Safety Model Hybrid Program Io. TSafe Controller Io.

Project Goals ✔Room Temperature ✔ Verified Safety Model Hybrid Program Io. TSafe Controller Io. T APIs Ke. Ymaera X ✔ Implementation on Open. Day. Light Security Appliances APIs Message Verifier with Snort 5

Hybrid Program Security Controller Desired Temperature Td Te T 1 Attacker Message Verifier User

Hybrid Program Security Controller Desired Temperature Td Te T 1 Attacker Message Verifier User Safety 20<=T 1<=24 By Newton’s cooling law: 6

Hybrid Program Design /* Controller actions */ If can overheated/overcooled in tc time Block

Hybrid Program Design /* Controller actions */ If can overheated/overcooled in tc time Block user/attacker Td change Reset Td to a safe value /* User/Attacker Actions */ If user/attacker can change Td Non-deterministic Td in (Tdmin, Tdmax) P 1 Event-triggered or time-triggered? P 2 User/attacker actions? P 3 Controller Actions? /* Temperature change in tc time */ Differential equation to describe T change check every tc time 7

Hybrid Program Design How to predict overheat/overcool? How to set Td to safety value?

Hybrid Program Design How to predict overheat/overcool? How to set Td to safety value? Stop temperature change How to describe temperature change? 8

Verification with Ke. Ymaera X 9

Verification with Ke. Ymaera X 9

Implementation on SDN controller FSM overheat/overcool FW: lock T; Reset Td; FW: allow T;

Implementation on SDN controller FSM overheat/overcool FW: lock T; Reset Td; FW: allow T; normal Io. TSafe Controller SDN NFV Io. T APIs Security Server Internet Io. T Gateway Home Network 10

Discussion & Future Works Io. T Device Security Model Policy Synthesizer Automatic Translation? Hybrid

Discussion & Future Works Io. T Device Security Model Policy Synthesizer Automatic Translation? Hybrid Program Io. TSafe Controller Ke. Ymaera X Automatic Verification? 11

Verified Systems by Composition from Verified Components FeiVerified Systems by Composition from Verified Components Fei
1 11 Robot Controller Robot Controller The controller1 11 Robot Controller Robot Controller The controller
Memory Controller Topics Memory Controller Overview Memory ControllerMemory Controller Topics Memory Controller Overview Memory Controller
Home Safe to Drink Safe to Swim SafeHome Safe to Drink Safe to Swim Safe
SAFE PLACE Creating a Safe Environment 1 SafeSAFE PLACE Creating a Safe Environment 1 Safe
Equally Safe A Safe Campus Environment Equally SafeEqually Safe A Safe Campus Environment Equally Safe
safe safe Queen Others safe Others noattack Queensafe safe Queen Others safe Others noattack Queen
SAFE CARE AND SAFE PRACTICE A Safe NurseSAFE CARE AND SAFE PRACTICE A Safe Nurse
Sonitrol The Leader in Verified Electronic Security SonitrolSonitrol The Leader in Verified Electronic Security Sonitrol
Verified Parser Generation for Security Critical Applications NikVerified Parser Generation for Security Critical Applications Nik