Security in remote monitoring devices in critical areas

Dissertação de mestrado integrado em Engineering and Management of Information SystemsThe use of Information Technologies has grown exponentially over the past years affecting many critical sectors from the industrial to the financial, energy, and health sectors. The ability to track and remotely monitor people and objects in real-time is one of the changes made possible by Information Technologies. Although those Information Technologies innovations sprang several significant advantages for people and organizations, there are also some security and privacy concerns regarding the monitoring of people, objects, and processes in critical areas. Every day new and more effective cyberattacks are discovered which steal sensitive information from their holders and affect people and organizations. Computational power is increasing and organizations are emerging whose main objective is to profit from the sale of the stolen information assets. These attacks can impact critical areas, such as health and energy; they may even jeopardize the physical integrity of individuals. In Healthcare, a Critical Area, the number of Remote Patient Monitoring Devices Systems is increasing, and the number of patients using them increases as well. At the same time, there have been identified new security vulnerabilities on high technological medical devices. People privacy is also being called into question. Several privacy gaps have forced governments to take action with the main objective of safeguarding the privacy of their citizens, as was the case with the much-discussed General Data Protection Regulation of the European Union. Standards and Frameworks play an important role in the improvement o security. In this scientific work, it was developed and validated a proposal of a sector-specific Security Framework that can be applied to Remote Patient Monitoring Devices Systems to improve their overall security. That framework is based on the best widely spread Security Standards and Frameworks. The Framework define 30 requirements divided into 5 assets. Each requirement has one or more functions, in a total of 4 available. It was also defined 8 implementation groups. To validate the Framework it was developed a Remote Patient Monitoring Device System Simulator composed by a Micro-controller NodeMCU with an ESP8266 Wi-Fi chip connected to a Heart Rate Analog Sensor, and an Interface. When applied to the Framework, the developed simulator obtained a score of 9 in 29 available requirements for that implementation group device. The selected research method used to guide this scientific research was the Design Science Research.A utilização das Tecnologias de Informação tem crescido exponencialmente ao longo dos últimos anos afetando vários setores críticos que vão desde a indústria, passando pelo setor financeiro, energético e até mesmo pela saúde. A capacidade de acompanhamento e monitorização remota de pessoas e objetos em tempo real é uma das mudanças potenciadas pelas Tecnologias de Informação. Embora destas inovações ao nível das Tecnologias de Informação advenham um conjunto de vantagens significativas para pessoas e organizações, surgem também algumas preocupações ao nível da segurança e privacidade no que concerne à monitorização de pessoas, objetos e processos em áreas críticas. Diariamente são identificados e descritos novos e mais eficazes ataques cibernéticos, a pessoas e organizações com o intuito de roubar informação sensível para os seus detentores. O poder computacional é crescente e insurgem-se organizações cujo principal objetivo é lucrar com a venda de ativos informacionais roubados. Estes ataques podem atingir áreas tão críticas, como o setor da saúde e energético, podendo mesmo colocar em causa a integridade física de pessoas. Nos cuidados de saúde, uma área crítica, o número de Sistemas de Dispositivos de Monitorização Remota esta a crescer, bem como o número de pacientes que os usam. Ao mesmo tempo, têm sido identificadas novas vulnerabilidades de segurança em dispositivos médicos altamente tecnológicos. A privacidade das pessoas está também a ser comprometida. É possível assistir-se a várias falhas ao nível da privacidade que obrigou os governos a tomar medidas com o principal objetivo de salvaguardar a privacidade dos seus cidadãos como foi o caso do tão falado Regulamento Geral de Proteção de Dados da União Europeia. Standards e Frameworks desempenham um papel importante na melhoria da segurança. Neste trabalho de investigação foi desenvolvida e validada uma proposta de Framework de Segurança específica para o setor da Saúde e que pode ser aplicada em Sistemas de Dispositivos de Monitorização Remota com o objetivo de aumentar a sua segurança. Esta Framework é baseada nas melhores e mais usadas Frameworks e Standards. A Framework define 30 requisitos divididos em 5 ativos. Cada requisito tem uma ou mais funções, de um total de 4. Foi também definido 8 grupos de implementação. Para validar a Framework foi desenvolvido um Simulador composto por um micro controlador NodeMCU com um chip Wi-FI ESP8266 conectado a um Sensor Analógico de Frequência Cardíaca. Quando aplicado à Framework, o simulador obteve um score de 9 em 29 requisitos disponíveis para aquele grupo de implementação. A metodologia de investigação selecionada para guiar este projeto foi a Design Science Research

Resilient Computing Curriculum

This Deliverable presents the MSc Curriculum in Resilient Computing suggested by ReSIST. It includes the description of the syllabi for all the courses in the two semesters of the first year, those for the common courses in semester 3 in the second year together with an exemplification of possible application tracks with the related courses. This MSc curriculum has been updated and completed taking advantage of a large open discussion inside and outside ReSIST. This MSc Curriculum is on-line on the official ReSIST web site, where all information is available together with all the support material generated by ReSIST and all other relevant freely available support material.European Commission through NoE IST-4-026764-NOE (ReSIST

Ingénierie des exigences pour la conception d'architectures de sécurité de systèmes embarqués distribués

During the last ten years, the impact of security concerns on the development and exploration of distributed embedded systems never ceased to grow. This is mainly related to the fact that these systems are increasingly interconnected and thus vulnerable to attacks, and that the economic interest in attacking them has simultane- ously increased. In such a context, requirement engineering methodologies and tools have become necessary to take appropriate decisions regarding security early on. Security requirements engineering should thus strongly support the elicitation and specifica- tion of software security issues and solutions well before designers and developers are committed to a particular implementation. However, and that is especially true in embedded systems, security requirements should not be considered only as the abstract expression of a set of properties independently from the system architecture or from the threats and attacks that may occur. We believe this consideration is of utmost importance for security requirements engineering to be the driving force behind the design and implementation of a secure system. We thus describe in this thesis a security engineering requirement methodology depending upon a constant dialog between the design of system functions, the requirements that are attached to them, the design and development of the system architecture, and the assessment of the threats to system assets. Our approach in particular relies on a knowledge-centric approach to security requirement engineering, applicable from the early phases of system conceptualization to the enforcement of security requirements.Au cours des dix dernières années, l’impact des questions de sécurité sur le développement et la mise en oeuvre des systèmes embarqués distribués n’a jamais cessé de croître. Ceci est principalement lié à l’interconnexion toujours plus importante de ces systèmes qui les rend vulnérables aux attaques, ainsi qu’à l’intérêt économique d’attaquer ces systèmes qui s’est simultanément accru. Dans un tel contexte, méthodologies et outils d’ingénierie des exigences de sécurité sont devenus indispensables pour prendre des décisions appropriées quant a` la sécurité, et ce le plus tôt possible. L’ingénierie des exigences devrait donc fournir une aide substantielle à l’explicitation et à la spécification des problèmes et solutions de sécurité des logiciels bien avant que concepteurs et développeurs ne soient engagés dans une implantation en particulier. Toutefois, et c’est particulièrement vrai dans les systèmes embarqués, les exigences de sécurité ne doivent pas être considérées seulement comme l’expression abstraite d’un ensemble de propriétés indépendamment de l’architecture système ou des menaces et des attaques qui pourraient y survenir. Nous estimons que cette considération est d’une importance capitale pour faire de l’ingénierie des exigences un guide et un moteur de la conception et de la mise en œuvre d’un système sécurisé. Notre approche s’appuie en particulier sur une approche centrée sur les connaissances de l’ingénierie des exigences de sécurité, applicable dès les premières phases de conception du système jusqu’à la mise en application des exigences de sécurité dans l’implantation

Resilient Computing Courseware

This Deliverable describes the courseware in support to teaching Resilient Computing in a Curriculum for an MSc track following the scheme of the Bologna process. The development of the supporting material for such a curriculum has required a rather intensive activity that involved not only the partners in ReSIST but also a much larger worldwide community with the aim of identifying available updated support material that can be used to build a progressive and methodical line of teaching to accompany students and interested persons in a profitable learning process. All this material is on-line on the official ReSIST web site http://www.resistnoe.org/, can be viewed and downloaded for use in a class and constitutes, at our knowledge, the first, almost comprehensive attempt, to build a database of support material related to Dependable and Resilient Computing.European Commission through NoE IST-4-026764-NOE (ReSIST

Development of Secure Software : Rationale, Standards and Practices

The society is run by software. Electronic processing of personal and financial data forms the core of nearly all societal and economic activities, and concerns every aspect of life. Software systems are used to store, transfer and process this vital data. The systems are further interfaced by other systems, forming complex networks of data stores and processing entities.This data requires protection from misuse, whether accidental or intentional. Elaborate and extensive security mechanisms are built around the protected information assets. These mechanisms cover every aspect of security, from physical surroundings and people to data classification schemes, access control, identity management, and various forms of encryption. Despite the extensive information security effort, repeated security incidents keep compromising our financial assets, intellectual property, and privacy. In addition to the direct and indirect cost, they erode the trust in the very foundation of information security: availability, integrity, and confidentiality of our data. Lawmakers at various national and international levels have reacted by creating a growing body of regulation to establish a baseline for information security. Increased awareness of information security issues has led to extend this regulation to one of the core issues in secure data processing: security of the software itself. Information security contains many aspects. It is generally classified into organizational security, infrastructure security, and application security. Within application security, the various security engineering processes and techniques utilized at development time form the discipline of software security engineering. The aim of these security activities is to address the software-induced risk toward the organization, reduce the security incidents and thereby lower the lifetime cost of the software. Software security engineering manages the software risk by implementing various security controls right into the software, and by providing security assurance for the existence of these controls by verification and validation. A software development process has typically several objectives, of which security may form only a part. When security is not expressly prioritized, the development organizations have a tendency to direct their resources to the primary requirements. While producing short-term cost and time savings, the increased software risk, induced by a lack of security and assurance engineering, will have to be mitigated by other means. In addition to increasing the lifetime cost of software, unmitigated or even unidentified risk has an increased chance of being exploited and cause other software issues. This dissertation concerns security engineering in agile software development. The aim of the research is to find ways to produce secure software through the introduction of security engineering into the agile software development processes. Security engineering processes are derived from extant literature, industry practices, and several national and international standards. The standardized requirements for software security are traced to their origins in the late 1960s, and the alignment of the software engineering and security engineering objectives followed from their original challenges to the current agile software development methods. The research provides direct solutions to the formation of security objectives in software development, and to the methods used to achieve them. It also identifies and addresses several issues and challenges found in the integration of these activities into the development processes, providing directly applicable and clearly stated solutions for practical security engineering problems. The research found the practices and principles promoted by agile and lean software development methods to be compatible with many security engineering activities. Automated, tool-based processes and the drive for efficiency and improved software quality were found to directly support the security engineering techniques and objectives. Several new ways to integrate software engineering into agile software development processes were identified. Ways to integrate security assurance into the development process were also found, in the form of security documentation, analyses, and reviews. Assurance artifacts can be used to improve software design and enhance quality assurance. In contrast, detached security engineering processes may create security assurance that serves only purposes external to the software processes. The results provide direct benefits to all software stakeholders, from the developers and customers to the end users. Security awareness is the key to more secure software. Awareness creates a demand for security, and the demand gives software developers the concrete objectives and the rationale for the security work. This also creates a demand for new security tools, processes and controls to improve the efficiency and effectiveness of software security engineering. At first, this demand is created by increased security regulation. The main pressure for change will emanate from the people and organizations utilizing the software: security is a mandatory requirement, and software must provide it. This dissertation addresses these new challenges. Software security continues to gain importance, prompting for new solutions and research.Ohjelmistot ovat keskeinen osa yhteiskuntamme perusinfrastruktuuria. Merkittävä osa sosiaalisesta ja taloudellisesta toiminnastamme perustuu tiedon sähköiseen käsittelyyn, varastointiin ja siirtoon. Näitä tehtäviä suorittamaan on kehitetty merkittävä joukko ohjelmistoja, jotka muodostavat mutkikkaita tiedon yhteiskäytön mahdollistavia verkostoja. Tiedon suojaamiseksi sen ympärille on kehitetty lukuisia suojamekanismeja, joiden tarkoituksena on estää tiedon väärinkäyttö, oli se sitten tahatonta tai tahallista. Suojausmekanismit koskevat paitsi ohjelmistoja, myös niiden käyttöympäristöjä ja käyttäjiä sekä itse käsiteltävää tietoa: näitä mekanismeja ovat esimerkiksi tietoluokittelut, tietoon pääsyn rajaaminen, käyttäjäidentiteettien hallinta sekä salaustekniikat. Suojaustoimista huolimatta tietoturvaloukkaukset vaarantavat sekä liiketoiminnan ja yhteiskunnan strategisia tietovarantoj että henkilökohtaisia tietojamme. Taloudellisten menetysten lisäksi hyökkäykset murentavat luottamusta tietoturvan kulmakiviin: tiedon luottamuksellisuuteen, luotettavuuteen ja sen saatavuuteen. Näiden tietoturvan perustusten suojaamiseksi on laadittu kasvava määrä tietoturvaa koskevia säädöksiä, jotka määrittävät tietoturvan perustason. Lisääntyneen tietoturvatietoisuuden ansiosta uusi säännöstö on ulotettu koskemaan myös turvatun tietojenkäsittelyn ydintä,ohjelmistokehitystä. Tietoturva koostuu useista osa-alueista. Näitä ovat organisaatiotason tietoturvakäytännöt, tietojenkäsittelyinfrastruktuurin tietoturva, sekä tämän tutkimuksen kannalta keskeisenä osana ohjelmistojen tietoturva. Tähän osaalueeseen sisältyvät ohjelmistojen kehittämisen aikana käytettävät tietoturvatekniikat ja -prosessit. Tarkoituksena on vähentää ohjelmistojen organisaatioille aiheuttamia riskejä, tai poistaa ne kokonaan. Ohjelmistokehityksen tietoturva pyrkii pienentämään ohjelmistojen elinkaarikustannuksia määrittämällä ja toteuttamalla tietoturvakontrolleja suoraan ohjelmistoon itseensä. Lisäksi kontrollien toimivuus ja tehokkuus osoitetaan erillisten verifiointija validointimenetelmien avulla. Tämä väitöskirjatutkimus keskittyy tietoturvatyöhön osana iteratiivista ja inkrementaalista ns. ketterää (agile) ohjelmistokehitystä. Tutkimuksen tavoitteena on löytää uusia tapoja tuottaa tietoturvallisia ohjelmistoja liittämällä tietoturvatyö kiinteäksi osaksi ohjelmistokehityksen prosesseja. Tietoturvatyön prosessit on johdettu alan tieteellisestä ja teknillisestä kirjallisuudesta, ohjelmistokehitystyön vallitsevista käytännöistä sekä kansallisista ja kansainvälisistä tietoturvastandardeista. Standardoitujen tietoturvavaatimusten kehitystä on seurattu aina niiden alkuajoilta 1960-luvulta lähtien, liittäen ne ohjelmistokehityksen tavoitteiden ja haasteiden kehitykseen: nykyaikaan ja ketterien menetelmien valtakauteen saakka. Tutkimuksessa esitetään konkreettisia ratkaisuja ohjelmistokehityksen tietoturvatyön tavoitteiden asettamiseen ja niiden saavuttamiseen. Tutkimuksessa myös tunnistetaan ongelmia ja haasteita tietoturvatyön ja ohjelmistokehityksen menetelmien yhdistämisessä, joiden ratkaisemiseksi tarjotaan toimintaohjeita ja -vaihtoehtoja. Tutkimuksen perusteella iteratiivisen ja inkrementaalisen ohjelmistokehityksen käytäntöjen ja periaatteiden yhteensovittaminen tietoturvatyön toimintojen kanssa parantaa ohjelmistojen laatua ja tietoturvaa, alentaen täten kustannuksia koko ohjelmiston ylläpitoelinkaaren aikana. Ohjelmistokehitystyön automatisointi, työkaluihin pohjautuvat prosessit ja pyrkimys tehokkuuteen sekä korkeaan laatuun ovat suoraan yhtenevät tietoturvatyön menetelmien ja tavoitteiden kanssa. Tutkimuksessa tunnistettiin useita uusia tapoja yhdistää ohjelmistokehitys ja tietoturvatyö. Lisäksi on löydetty tapoja käyttää dokumentointiin, analyyseihin ja katselmointeihin perustuvaa tietoturvan todentamiseen tuotettavaa materiaalia osana ohjelmistojen suunnittelua ja laadunvarmistusta. Erillisinä nämä prosessit johtavat tilanteeseen, jossa tietoturvamateriaalia hyödynnetään pelkästään ohjelmistokehityksen ulkopuolisiin tarpeisiin. Tutkimustulokset hyödyttävät kaikkia sidosryhmiä ohjelmistojen kehittäjistä niiden tilaajiin ja loppukäyttäjiin. Ohjelmistojen tietoturvatyö perustuu tietoon ja koulutukseen. Tieto puolestaan lisää kysyntää, joka luo tietoturvatyölle konkreettiset tavoitteet ja perustelut jo ohjelmistokehitysvaiheessa. Tietoturvatyön painopiste siirtyy torjunnasta ja vahinkojen korjauksesta kohti vahinkojen rakenteellista ehkäisyä. Kysyntä luo tarpeen myös uusille työkaluille, prosesseille ja tekniikoille, joilla lisätään tietoturvatyön tehokkuutta ja vaikuttavuutta. Tällä hetkellä kysyntää luovat lähinnä lisääntyneet tietoturvaa koskevat säädökset. Pääosa muutostarpeesta syntyy kuitenkin ohjelmistojen tilaajien ja käyttäjien vaatimuksista: ohjelmistojen tietoturvakyvykkyyden taloudellinen merkitys kasvaa. Tietoturvan tärkeys tulee korostumaan entisestään, lisäten tarvetta tietoturvatyölle ja tutkimukselle myös tulevaisuudessa

Metodología de desarrollo de modelos de calidad orientados a dominio y su aplicación al dominio de los productos finales de seguridad de tecnologías de la información

Premio Extraordinario de Doctorado 2011Los modelos de calidad son una parte fundamental en los procesos de desarrollo y evaluación de la calidad del software. El uso de estos modelos se ha generalizado sobre todo desde la aparición de modelos de calidad estándar. Estos modelos, de acuerdo a su naturaleza de estándares, constituyen modelos genéricos y no directamente aplicables a la práctica diaria, por lo que requieren de un esfuerzo adicional para adaptarlos a cada dominio de aplicación específico. De ahí que existan multitud de trabajos en los que el objetivo es la definición de modelos de calidad reutilizables para dominios de aplicación específicos que, al no tener que ser definidos para cada proyecto desde cero, ahorren tiempo. Por otra parte, este tipo de modelos pueden ofrecer una evaluación más exacta ya que sus propiedades se pueden definir de forma más precisa. Tras llevar a cabo una revisión sistemática de los modelos de calidad orientados a dominio existentes en la actualidad, se deduce que dichos modelos están basados en el conocimiento y/o experiencia de los investigadores y, en consecuencia, no pueden generalizarse a otros entornos o proyectos, la cual, es la principal ventaja de estos modelos. Por otra parte, estos modelos de calidad definen únicamente características y atributos del software sin determinar ni validar la importancia relativa o peso de los mismos, ni tampoco, las relaciones de influencia existentes entre las diferentes características del modelo, ambas propiedades fundamentales en las evaluaciones cuantitativas, sobre todo, en situaciones en las que no se dispone de requisitos de usuario. Nuestra propuesta define un proceso sistemático de desarrollo de modelos de calidad que, basándose en la experiencia y conocimiento de un amplio número de expertos, genera modelos de calidad orientados a dominio obteniendo, no sólo los factores sino también la importancia relativa o peso de los mismos sobre cada característica de calidad y las relaciones de influencia entre las diferentes características. Para apoyar la propuesta de esta investigación se incluye un extenso trabajo de validación. Para llevar a cabo dicho proceso, tras obtener los atributos a través de estándares y otras publicaciones relacionadas, se realiza una validación preliminar que confirma la aplicabilidad de los mismos mediante su aplicación en 3 casos de estudio reales para 2 empresas de desarrollo de productos software finales. Esta validación preliminar permite obtener una serie de lecciones aprendidas que proporcionan la base para la definición del proceso aquí presentado. Además, se lleva a cabo una validación a posteriori tanto de la utilidad y necesidad de modelos de calidad como los aquí generados como de su aplicabilidad, a través de la presentación de un caso de estudio en el ámbito de la seguridad informática