Options
Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC
Now showing
1 - 9 of 9
-
PublicationAutomating Security Risk and Requirements Management for Cyber-Physical Systems( 2020)Hansch, GerhardCyber-Physical Systems enable various modern use cases and business models such as connected vehicles, the Smart (power) Grid, or the Industrial Internet of Things. Their key characteristics, complexity, heterogeneity, and longevity make the long-term protection of these systems a demanding but indispensable task. In the physical world, the laws of physics provide a constant scope for risks and their treatment. In cyberspace, on the other hand, there is no such constant to counteract the erosion of security features. As a result, existing security risks can constantly change and new ones can arise. To prevent damage caused by malicious acts, it is necessary to identify high and unknown risks early and counter them appropriately. Considering the numerous dynamic security-relevant factors re quires a new level of automation in the management of security risks and requirements, which goes beyond the current state of the art. Only in this way can an appropriate, comprehensive, and consistent level of security be achieved in the long term. This work addresses the pressing lack of an automation methodology for the security-risk assessment as well as the generation and management of security requirements for Cyber-Physical Systems. The presented framework accordingly comprises three components: (1) a model-based security risk assessment methodology, (2) methods to unify, deduce and manage security requirements, and (3) a set of tools and procedures to detect and respond to security-relevant situations. The need for protection and the appropriate rigor are determined and evaluated by the security risk assessment using graphs and a security-specific modeling. Based on the model and the assessed risks, well-founded security requirements for protecting the overall system and its functionality are systematically derived and formulated in a uniform, machine-readable structure. This machine-readable structure makes it possible to propagate security requirements automatically along the supply chain. Furthermore, they enable the efficient reconciliation of present capabilities with external security requirements from regulations, processes, and business partners. Despite all measures taken, there is always a slight risk of compromise, which requires an appropriate response. This residual risk is addressed by tools and processes that improve the local and large-scale detection, classification, and correlation of incidents. Integrating the findings from such incidents into the model often leads to updated assessments, new requirements, and improves further analyses. Finally, the presented framework is demonstrated by a recent application example from the automotive domain.
-
PublicationTowards Self-sovereign, decentralized personal data sharing and identity management( 2020)In this dissertation, we investigate state-of-the-art approaches to modern, privacy-preserving and self-sovereign identity management. We propose a design for a decentralized identity management system in order to allow users to reclaim control over their identities and personal data. We provide proof of concept implementations and evaluations of our designs to show that they are suitable for practical applications.
-
-
PublicationCurve Based Cryptography: High-Performance Implementations and Speed Enhancing Methods( 2019)Koppermann, C.P.
-
-
PublicationContinuous Test-Based Certification of Cloud Services( 2018)Stephanow-Gierach, P.This thesis introduces a framework to design and represent minimally invasive tests to support continuous certification of cloud services. Five example scenarios are presented to demonstrate the applicability of the framework and it is shown how to experimentally evaluate the accuracy and precision of test results. Finally, the behavior of an adversarial cloud service provider is described who only pretends to comply with a set of controls and countermeasures are proposed. Diese Arbeit entwickelt ein Framework zur Erstellung und Repräsentation minimalinvasiver Tests, die die kontinuierliche Zertifizierung von Cloud-Diensten unterstützen. Die Anwendung des Frameworks wird in fünf Beispielszenarien demonstriert und es wird gezeigt wie die Genauigkeit der Tests experimentell untersucht werden kann. Schließlich wird das Verhalten eines betrügerischen Cloud-Anbieters modelliert, der nur vorgibt, Anforderungen eines Zertifikates zu erfüllen sowie Gegenmaßnahmen präsentiert.
-
-
PublicationAlgorithmic and Protocol Level Countermeasures to Protect Cryptographic Devices( 2018)Santis, F. De
-
PublicationImplicit remote attestation for microkernel-based embedded systems( 2018)Wagner, S.As embedded systems become ubiquitous and gain features, their complexity and code base grow. Ergo, the attack surface and probability of successful attacks increases, while trustworthiness becomes a concern, especially in safely- or security-critical scenarios. This thesis, therefore, explores implicit attestation for microkernel-based systems with a Trusted Platform Module (TPM). While a microkernel that is less complex than monolithic kernels can reduce the trusted computing base, implicit attestation uses efficient symmetric cryptography to prove trustworthiness.