Design Optimization of Safe and Secure Real-Time Systems | Jakob Menander
| Abstract | Many languages uses a single expression to cover the two English terms: Safety and Security. In Danish the term sikkerhed is used, in German they use
the term sicherheit and even in Chinese they use only one single expression [LRNT06].
The meaning behind the term safety, is to make sure that people and the environment are protected from harm caused by a faulty system, e.g. to protect the driver of a vehicle by releasing the airbags at impact or to prevent the impact altogether by making sure that the breaks and ABS are working as they are meant to. The definition of the term security is to protect information in a given system from being leaked, manipulated or forged by third parties or systems. For example we expect protection of our private information so it will not fall into the wrong hands. So one might think of safety and security as two nearly identical words which has a lot of similarities, but their objectives for protection are each other's opposites.
Conventionally, safety systems have not been concerned with security, e.g. the pressure in a steam engine secured by a safety valve, and the systems involved contained no information that could be revealed. Security related system did not have the need for using safety abilities, since security was something one would handle with a vault.
As time went by, electric and computer controlled systems, such as automatic factory machines, saw the day, but focus was mostly still on safety and not on security. With the increased use of the internet, security has become a larger part of the online universe. The internet are used to transport many sensitiv
information and they are now available on more media and devices, e.g laptops, smartphones, etc. In other words, the internet allows us to communicate on different devices and exchange information. Safety systems might communicate with other systems through the internet or wireless protocols. This fusion of safety and security has made it necessary for industries that only had to think of incorporating safety in their design, now also have to incorporate security.
The aim of this thesis is to shed light on the issue of incorporating security in a safety system. Based on an existing safety system, I will come with a realistic estimate on how it can expand and also cover the fundamental capabilities in security.
I will base my work on a system called Multiple Independent Levels of Security (and Safety) (MILS), which is already designed to keep the integrity of the information, which is a capability in both safety and security.
Thus, security is already incorporated in the system in terms of protecting the integrity, but security also has another property, which in many systems will be described as the primarily property: confidentiality.
Confidentiality can be divided into two areas: Preventing information from being passed on to unauthorized persons or systems, and preventing comprehension of information if it should fall into the wrong hands. The first area creates a challenge because information should not flow downwards to a lower security level. This is exactly opposite of the integrity property in safety, where information flow is not allowed to move up a level. The second area needs to prevent a person to get valuable knowledge, if he/she should forcefully gain access to the information. This means that information has to be encrypted.
Both areas of security will be covered in the report and a proposal of how it can be implemented and which consequences a design choice will have on a system. | Type | Master's thesis [Academic thesis] | Year | 2014 | Publisher | Technical University of Denmark, Department of Applied Mathematics and Computer Science | Address | Richard Petersens Plads, Building 324, DK-2800 Kgs. Lyngby, Denmark, compute@compute.dtu.dk | Series | DTU Compute M.Sc.-2014 | Note | DTU supervisor: Christian D. Jensen, cdje@dtu.dk, DTU Compute | Electronic version(s) | [pdf] | Publication link | http://www.compute.dtu.dk/english | BibTeX data | [bibtex] | IMM Group(s) | Computer Science & Engineering |
|