7,704 research outputs found
Recommended from our members
A survey on online monitoring approaches of computer-based systems
This report surveys forms of online data collection that are in current use (as well as being the subject of research to adapt them to changing technology and demands), and can be used as inputs to assessment of dependability and resilience, although they are not primarily meant for this use
Trick or Heat? Manipulating Critical Temperature-Based Control Systems Using Rectification Attacks
Temperature sensing and control systems are widely used in the closed-loop
control of critical processes such as maintaining the thermal stability of
patients, or in alarm systems for detecting temperature-related hazards.
However, the security of these systems has yet to be completely explored,
leaving potential attack surfaces that can be exploited to take control over
critical systems.
In this paper we investigate the reliability of temperature-based control
systems from a security and safety perspective. We show how unexpected
consequences and safety risks can be induced by physical-level attacks on
analog temperature sensing components. For instance, we demonstrate that an
adversary could remotely manipulate the temperature sensor measurements of an
infant incubator to cause potential safety issues, without tampering with the
victim system or triggering automatic temperature alarms. This attack exploits
the unintended rectification effect that can be induced in operational and
instrumentation amplifiers to control the sensor output, tricking the internal
control loop of the victim system to heat up or cool down. Furthermore, we show
how the exploit of this hardware-level vulnerability could affect different
classes of analog sensors that share similar signal conditioning processes.
Our experimental results indicate that conventional defenses commonly
deployed in these systems are not sufficient to mitigate the threat, so we
propose a prototype design of a low-cost anomaly detector for critical
applications to ensure the integrity of temperature sensor signals.Comment: Accepted at the ACM Conference on Computer and Communications
Security (CCS), 201
A Survey of Fault-Injection Methodologies for Soft Error Rate Modeling in Systems-on-Chips
The development of process technology has increased system performance, but the system failure probability has also significantly increased. It is important to consider the system reliability in addition to the cost, performance, and power consumption. In this paper, we describe the types of faults that occur in a system and where these faults originate. Then, fault-injection techniques, which are used to characterize the fault rate of a system-on-chip (SoC), are investigated to provide a guideline to SoC designers for the realization of resilient SoCs
Safety-Critical Systems and Agile Development: A Mapping Study
In the last decades, agile methods had a huge impact on how software is
developed. In many cases, this has led to significant benefits, such as quality
and speed of software deliveries to customers. However, safety-critical systems
have widely been dismissed from benefiting from agile methods. Products that
include safety critical aspects are therefore faced with a situation in which
the development of safety-critical parts can significantly limit the potential
speed-up through agile methods, for the full product, but also in the
non-safety critical parts. For such products, the ability to develop
safety-critical software in an agile way will generate a competitive advantage.
In order to enable future research in this important area, we present in this
paper a mapping of the current state of practice based on {a mixed method
approach}. Starting from a workshop with experts from six large Swedish product
development companies we develop a lens for our analysis. We then present a
systematic mapping study on safety-critical systems and agile development
through this lens in order to map potential benefits, challenges, and solution
candidates for guiding future research.Comment: Accepted at Euromicro Conf. on Software Engineering and Advanced
Applications 2018, Prague, Czech Republi
Recommended from our members
Security-informed safety: integrating security within the safety demonstration of a smart device
Safety and security engineering have, over the years, developed their own regulations, standards, cultures, and practices. However, there’s a growing realisation that security is closely connected to safety. Safety must be security-informed: if a safety-critical system isn’t secure, it isn’t safe. A safety demonstration is incomplete and unconvincing unless it considers security. In our work for government and industry, we have used the Claims, Arguments, Evidence (CAE) framework to analyse the impact of security on a safety justification or safety case and identified the significant changes needed to address security explicitly. This will impact the design and implementation process as well as the assurance and V&V approach.
In this paper we discuss the impact of integrating security when developing a safety demonstration of a smart device. A smart device is an instrument, device or component that contains a microprocessor (and therefore contains both hardware and software) and is programmed to provide specialised capabilities, often measuring or controlling a process variable. Examples of smart devices include radiation monitors, relays, turbine governors, uninterruptible power supplies and heating ventilation, and air conditioning controllers
- …