Security on Embedded Systems



Similar documents
Defensible Strategy To. Cyber Incident Response

Information Security

BLACKJACKING: SECURITY THREATS TO BLACKBERRY DEVICES, PDAS, AND CELL PHONES IN THE ENTERPRISE

Computer Security Maintenance Information and Self-Check Activities

CSG & Cyberoam Endpoint Data Protection. Ubiquitous USBs - Leaving Millions on the Table

Symantec Endpoint Protection Analyzer Report

CBI s Corporate Internet Banking Inquiry Services gives you the ability to view account details and transactions anytime, anywhere.

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

Promoting Network Security (A Service Provider Perspective)

INFORMATION GOVERNANCE POLICY: NETWORK SECURITY

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

The Ministry of Information & Communication Technology MICT

2012 Endpoint Security Best Practices Survey

Course: Information Security Management in e-governance

Building A Secure Microsoft Exchange Continuity Appliance

IT Checklist. for Small Business INFORMATION TECHNOLOGY & MANAGEMENT INTRODUCTION CHECKLIST

End-user Security Analytics Strengthens Protection with ArcSight

Cyber Security: Software Security and Hard Drive Encryption

Driving Company Security is Challenging. Centralized Management Makes it Simple.

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.

N-Dimension Solutions Cyber Security for Utilities

A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS

Leading by Innovation McAfee Endpoint Security The Future of Malware-Detection: Activate protection on all Layers outside the Operating System

Cyber and Data Security. Proposal form

Technical Standards for Information Security Measures for the Central Government Computer Systems

Using Windows Update for Windows XP

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

Practice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited

Best Practice Configurations for OfficeScan 10.0

Business Case. for an. Information Security Awareness Program

Technical Note. CounterACT: Powerful, Automated Network Protection Inside and Out

1. Fault Attacks for Virtual Machines in Embedded Platforms. Supervisor: Dr Konstantinos Markantonakis,

Course overview. CompTIA A+ Certification (Exam ) Official Study Guide (G188eng verdraft)

Cyber Security Incident Handling Policy. Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology

Certified Secure Computer User

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.

High Speed Internet - User Guide. Welcome to. your world.

What you can do prevent virus infections on your computer

Home Use Installation Guide For Symantec Endpoint Protection (SEP) 11 For Mac

MSP Service Matrix. Servers

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

Guideline on Safe BYOD Management

How To Secure Your Business

Mobile Security Framework; Advances in Mobile Governance in Korea. TaeKyung Kim

Splunk Enterprise Log Management Role Supporting the ISO Framework EXECUTIVE BRIEF

Romanian National Computer Security Incident Response Team CERT-RO.

167 th Air Wing Fast Track Cyber Program Blue Ridge Community and Technical College

How-To Guide: Cyber Security. Content Provided by

White Paper - Crypto Virus. A guide to protecting your IT

Managed Service Plans

Preparing Your Personal Computer to Connect to the VPN

Network/Cyber Security

SECURING YOUR MODERN DATA CENTER WITH CHECK POINT

Network Support. Technical Certificate. Program Outcomes: FOUNDATION COURSES. 1 of 7

Observer Analyzer Provides In-Depth Management

DeltaV System Cyber-Security

INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION

Data Management Policies. Sage ERP Online

Virus protection for NAStorage 8200

OPC & Security Agenda

Evaluation Report. Office of Inspector General

Countermeasures against Bots

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management.

Network Instruments white paper

Cyber Security and Critical Information Infrastructure

MEASURES TO ENHANCE MARITIME SECURITY. Industry guidelines on cyber security on board ships. Submitted by ICS, BIMCO, INTERTANKO and INTERCARGO

Network Security and the Small Business

WEB ATTACKS AND COUNTERMEASURES

Cyber Security Awareness. Internet Safety Intro.

Extreme Networks Security Analytics G2 Vulnerability Manager

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

GETTING STARTED WITH A COMPUTER SYSTEM FACTSHEET

Best Practices for DeltaV Cyber- Security

Computer Security at Columbia College. Barak Zahavy April 2010

Cyber Security. Securing Your Mobile and Online Banking Transactions

Are You in Control? MaaS360 Control Service. Services > Overview MaaS360 Control Overview

ANDRA ZAHARIA MARCOM MANAGER

Best Practice Configurations for OfficeScan (OSCE) 10.6

Beyond the Hype: Advanced Persistent Threats

Transcription:

Cyber Security (CYS) Issue Group Activity Report Security on Embedded Systems Chair : Buheita Fujiwara Information-technology Promotion Agency With Cybersecurity Malaysia, Hitachi and III GBDe Summit 2007, November 9, 2007, Tokyo 1

Cyber Security realizing Secure and Safe Environment on Embedded systems Cyber Security Service Centers Ubiquitous Network Society International Micro Payment Digital Home Mobile Phone IC Card DigitalTV Consumer Consumer Consumer Confidence Consumer 2

Agenda Security on Embedded System Risks and Solutions Recommendations 3

Connection to the Internet Web Connection Timer-recording recording Setting Timer-recording Setting Internet TV recorder Web Connection Internet Phone VoIP Mobile Phone Map Data Update LAN Connection Online Game Program Updates Car Navigation Multi Function Device Game Machine Digital TV 4

What is an Embedded System? Definition A general-purpose device such as home electric appliance having a built-in chip to run software for specific purposes Examples IC Cards Mobile Phones Home Information Appliances RFID (Radio Frequency Identification) Financial Terminals (ATM) Electronic Toll Collection (ETC) Systems Car Navigation Systems 5

Why we need to focus on Embedded Systems? What will happen when connecting a PC without any security measures? Virus infection in a short period Hacked and be used for another attack For PCs, we can Install anti-virus software Use firewalls Download and apply security patches For Embedded Systems Can we do the same action? 6

Risks : Threats and Incidents How to fix problems with a computer software product and an embedded device PCs World How to fix a problem with a computer software product (Distribution over the Internet) Computer Software Manufacture Web site Revised Program Internet 2 Each user downloads the revised program 1 Uploads a revised program to the company s Web site Embedded Systems World 3 How to fix a problem with an embedded device (Product Recall) Manufacture Repairs the recalled products 2 4 Recalls products Retunes products 1 Requests the manufacture to repair the embedded device Problems with Embedded Devices Product Recall Might Be Required 7

Examples for Threats and Incidents Mobile devices infected with computer viruses were not booted up Sep. 2005 : Symbian OS-based Mobile phone virus spread in northern Europe. Virus Spreads among Bluetooth Mobile Phones Oct. 2005 : Virus for handheld gaming devices was disclosed. These viruses delete system files on the devices, causing them to boot abnormally. Virus 8

Solution example : IT Security on Embedded Systems (1) Organization for IT Security (2) Education and Rules on IT Security (3) Reviews at each stage of development (4) Incidents Response Team for IT Security 9

Summary Recommendations for IT Security Measures on Embedded Systems For Ensuring Embedded Systems Security, Classify into 5 phases Entire Life Cycle Planning Developing (Design and Implementation) Operating Disposal / Recycle Approach from 2 aspects of management and technology 10

Issues Covering the Entire Life Cycle Managerial Aspect Stationing a computer security specialist in the Project Audit Organization (Project Management Office) Collecting security-related information, including information on vulnerabilities and attacks, and keeping the software development engineers informed about it Technical Aspect Taking appropriate measures in each phase, referring to security-related information, including information on vulnerabilities and attacks 11

Issues Related to the Planning Phase Managerial Aspect Deciding how to provide means to troubleshoot security-related problems Technical Aspect Defining security-related risks, considering possible topology, operation environments, and usage patterns of the product Establishing security policies to address the defined risks involved in implementing functions as planned, taking into account the constrains Providing users with a function for confidential data disposal 12

Issues Related to the Developing Phase (Design and Implementation) Managerial Aspect Preparing for tests on attacks to the finished product in the actual operation environment Making the computer security specialist in charge of a series of tasks required for the use of an Internet application, including its selection, operation setting, and testing Technical Aspect Conducting tests on attacks (including hacking) to all the interfaces connected to the network Measuring effects of attacks by observing operational state of the device 13

Issues Related to the Operation Phase Managerial Aspect Managing, collecting, and analyzing information in preparation for the possible detection of vulnerabilities Technical Aspect Enabling the call-center employees to respond appropriately to inquiries from customers, based on the latest trend of information security Issues Related to the Disposal Phase Managerial Aspect Specifying in the manuals the confidential data disposal procedures that must be followed by the user 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information