seminar course summer 2014 - fachbereich …...seminar courses summer semester 2014 12 the problem:...
TRANSCRIPT
© Neeraj Suri
EU-NSF ICT March 2006
Dependable Embedded Systems & SW Group
www.deeds.informatik.tu-darmstadt.de
Seminar Course – Summer 2014
Prof. Dr. Neeraj Suri,
Daniel Germanus, Stefan Winter, Thorsten Piper, Tsvetoslava Vateva-
Gurova
Reza Mahmudimanesh
Seminar Courses
Summer Semester 2014
2
Related Courses
Lectures Operating Systems I
Operating Systems II – Dependability & Trust
Seminars Implementing Secure & Reliable Software
Smart Grid Informatics and Trustworthiness
Security and the Cloud – the Issues and Metrics
Building and Breaking Complex Software Systems
Bachelor/Master theses, term papers, HiWi jobs
Seminar Courses
Summer Semester 2014
3
Seminar Course Objectives
Goals Getting up-to-date on the latest research in this area
Practicing scientific writing and presentation
“Outputs” Report
2 reviews
Presentation
Seminar Courses
Summer Semester 2014
4
Building and Breaking Complex Software Systems (BBCSS)
Prof. Dr. Neeraj Suri,
Stefan Winter Habib Saissi
Seminar Courses
Summer Semester 2014
5
Implications of System Complexity
Seminar Courses
Summer Semester 2014
6
Seminar Courses
Summer Semester 2014
7
Implementing Secure & Reliable Software (ISRS)
Prof. Dr. Neeraj Suri,
Thorsten Piper
Seminar Courses
Summer Semester 2014
8
What is the seminar about?
What can we do to prevent our software from breaking?
Seminar Courses
Summer Semester 2014
9
ISRS Seminar Topics
Software Testing and Analysis
Software Security
Formal Methods
Implementing High-Assurance Software
Peer-to-Peer and Distributed Systems
Fault Tolerance and Fault Containment
© Neeraj Suri
EU-NSF ICT March 2006
Dependable Embedded Systems & SW Group
www.deeds.informatik.tu-darmstadt.de
Smart Grid Informatics and Trustworthiness (SGIT)
Prof. Dr. Neeraj Suri,
Daniel Germanus, Kubilay Demir
Seminar Courses
Summer Semester 2014
11
The Evolving Grid: From Traditional to Future Grids
Seminar Courses
Summer Semester 2014
12
The Problem: New Threats to Critical SCADA Systems
SCADA incidents Stuxnet, 2010 Facing Cyberattack, Iranian Officials
Disconnect Oil Terminals From Internet (N.Y. Times, 2012)
Cyber war? Power grid incidents
Researchers launched an experimental cyber attack causing a generator to self-destruct (CNN, 2007)
Cyberspies penetrate electrical grid (Reuters, 2009)
'Smart Grid' raises security concerns (Washignton Post, 2009)
Warning over smart meters privacy risk (BBC, 2012)
How to protect assets: Ensure safety, avoid physical damage
Seminar Courses
Summer Semester 2014
13
The EU INSPIRE Project: Peer-to-Peer (P2P) SW Sensors
Approach: Place P2P software sensors Intercept SCADA traffic
P2P overlay acts as a backup in case of data loss/corruption/delay etc.
Seminar Courses
Summer Semester 2014
14
P2P-Enabling for SCADA Protection
P2P overlay
P2P: - Is a self-organized / resilient middleware
- “Breaks” the structureness of SCADA
- inherent path and data replication
Central rooms
Interconnected SCADA Systems
WAN
SCADA 1 SCADA 3
RTU: Remote Terminal Unit
Seminar Courses
Summer Semester 2014
15
Problem: Hidden Capacity in Power Transmission Lines
Line capacity depends on weather conditions (temperature, wind, sunshine, etc)
Static line ratings leads to 10-15% under-utilization of transmission capacity 95% of the time
20-25% under-utilization of capacity 85% of the time
Source: http://www.neuralenergy.info
Seminar Courses
Summer Semester 2014
16
Automated Dynamic Capacity Rating Through Wireless Ad Hoc PMU Network
Pow
er
Gene
rato
r
Power
Consumer 1
Power
Consumer 2
Sink (at
Bus
Station)
Comm. range ~ 1,5 km
PMU (low-cost, Zigbee-PRO)
+ ambient sensors
Generation Transmission Distribution
Instant
capacity of
each line Msg
(segment
capacity)
Timeliness! Accuracy! Completeness!
Seminar Courses
Summer Semester 2014
17
SGIT Seminar Topics
Wide Area Monitoring System Robustness
SmartGrid Cyberattacks: Data Integrity
IEC 61850 GOOSE Messaging Protocol: Characteristics & Resilience
P2P convergence, Applications of P2P convergence technologies for optimal operation and control of distribution systems
IEC 61850 GOOSE Messaging Protocol Security Requirements
Fair Power Allocation
Seminar Courses
Summer Semester 2014
18
Topic Selection & Assignment
Select 3 topics from the list and send them in your preference order to: [email protected]
If there is a specific topic or theme that is not listed but you definitely would like to cover, that’s possible too by contacting us.
Groups of 2 people can also choose a common topic, though we will clearly need to know the individual contributions of each group member.
If you do not understand the topic ask the corresponding supervisor
Seminar Courses
Summer Semester 2014
19
Security and the Cloud – the Issues and Metrics (SCIM)
Prof. Dr. Neeraj Suri,
Tsvetoslava Vateva-Gurova, Heng Zhang
Seminar Courses
Summer Semester 2014
20
The Cloud has arrived!
On demand provisioning
Elasticity
Multi-tenancy
Delivery models:
Infrastructure as a Service (IaaS)
Platform as a Service (PaaS)
Software as a Service (SaaS)
Deployment models:
Public, Private, Community & Hybrid Clouds.
Seminar Courses
Summer Semester 2014
21
Use case: Cloud storage
From the myriad of available Cloud services, storage is one of the most widely used: Google Drive, SkyDrive, Dropbox, AWS S3, ...
User-friendly, cost-savings, ...
Typical use-cases: Backup,
Synchronization,
Sharing,
DBMS/BigData.
21
Seminar Courses
Summer Semester 2014
22
However, recent Cloud incidents just exacerbate the SME/corporate users’ fears: MegaUpload (180M users, 25PBytes storage) DropBox exploits
Cloud Supply Chain outages:
• AWS (April, 2011)
• Azure (Feb, 2012)
Security as a show-stopper 22
IaaS PaaS SaaS
Seminar Courses
Summer Semester 2014
23
What can we do..
Consider Cloud’s intrinsic properties
Be aware of the security threats
Measure the risk related to the security threats
Provide mechanisms to compare Cloud Service Providers in terms of security guarantees
etc.
Seminar Courses
Summer Semester 2014
24
Why Security Metrics?
"If you can not measure it, you can not improve it.“
Lord Kelvin (1824 – 1907)
It is quite uncommon for Cloud providers to specify the “security level” associated with their products and services.
This forbids informed user/customer decisions on the matter:
Side-by-side comparison of Cloud Service Providers.
Service negotiation based on security parameters.
Continuous security monitoring.
Security-tuning.
Etc.
It is hard to measure security as all the possible threats are not known, but it is even harder to quantify security extending the security measurement at all design and usage levels of the system.
Seminar Courses
Summer Semester 2014
25
Topic Selection & Assignment (all seminars)
Select 3 topics from the list in our website and send them in your preference order to the respective seminar head: BBCSS: [email protected]
ISRS: [email protected]
SGIT: [email protected]
SCIM: [email protected]
If there is a specific topic or theme that is not listed but you definitely would like to cover, that’s possible too by contacting us.
Groups of 2 people can also choose a common topic, though we will clearly need to know the individual contributions of each group member.
If you do not understand the topic ask the corresponding supervisor
Depending on your selections we’ll assign you (your group) Topic (short description + supervisor)
Seminar Courses
Summer Semester 2014
26
What’s next?
Kick-off (Today, 15.04., E202, 10:00-11:30)
Topic Selection – 16.04 Topic Assignment – 17.04
Introductory “lecture” on
Literature research Scientific writing Peer review process Giving a talk WHEN (22.04.2014, in room E202 from 10:00 – 11:30)
CW 17 (21.04.-28.04.2013): Literature research review with your
supervisor Make an appointment early on!
Seminar Courses
Summer Semester 2014
27
Time line in SS-2013
5. Jun. 2014 Seminars report draft submission
6. Jun. 2014 Seminars review assignment
18. Jun. 2014 Seminars review submissions
19. Jun. 2014 Seminars review dissemination
30. Jun. 2014 Seminars final report submission
11. Jul. 2014 Seminars slide set submission
15. Jul. 2014 Seminars slides set feedback
18. Jul. 2014 09:00 – 17:00 Seminars final presentations - E202 Attendance to all talks is mandatory for all participants of the
seminar.
Seminar Courses
Summer Semester 2014
28
Deliverables: Report, Reviews, Presentation
Report ~ 5 pages (groups of two ~ 10 pages) Two-column ACM style (details in the introductory lecture) Preferably in English Templates (Word and LaTeX) will be provided (MUST follow!)
2 Peer Reviews
~ 1 page each (reviews are distributed per student, not per group)
In the same language as the report for which you write the review
Plain text file suffices Details on review contents in the introductory lecture
Presentation
~ 20 minutes (groups of two ~ 30 minutes) Presentations can be held in either English or German
(slides preferably in English) Guidelines for the presentations in the introductory lecture
Seminar Courses
Summer Semester 2014
29
Thanks!
For updated information:
www.deeds.informatik.tu-darmstadt.de