Upload File

why 2 times 2 ain’t necessarily 4 – at least not in it...

  • Home
  • Documents
  • Why 2 times 2 ain’t necessarily 4 – at least not in IT ...ifev.rz.tu-bs.de/SiT_SafetyinTransportation/SiT2016/freigabe_braband.pdf1. Breakdown of the system into zones and conduits
12
siemens.com © Siemens AG 2016 – All rights reserved. Why 2 times 2 ain’t necessarily 4 – at least not in IT security risk assessment? Prof. Dr. Jens Braband

Upload: others

Post on 24-Mar-2020

0 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Why 2 times 2 ain’t necessarily 4 – at least not in IT ...ifev.rz.tu-bs.de/SiT_SafetyinTransportation/SiT2016/freigabe_braband.pdf1. Breakdown of the system into zones and conduits

siemens.com© Siemens AG 2016 – All rights reserved.

Why 2 times 2 ain’t necessarily 4 – at least not in IT security risk assessment?

Prof. Dr. Jens Braband

Page 2: Why 2 times 2 ain’t necessarily 4 – at least not in IT ...ifev.rz.tu-bs.de/SiT_SafetyinTransportation/SiT2016/freigabe_braband.pdf1. Breakdown of the system into zones and conduits

2016-11-11

© Siemens AG 2016 – All rights reserved.

Page 2 Mobility Division

Prelude

It ain't necessarily soIt ain't necessarily soThe t'ings dat yo' li'bleTo read in de Bible,It ain't necessarily so.

Sung by Sportin’ Life, Drug Dealer

Von Ealmagro - Eigenes Werk, GFDL, https://commons.wikimedia.org/w/index.php?curid=6368328By Source, Fair use, https://en.wikipedia.org/w/index.php?curid=2214592

Page 3: Why 2 times 2 ain’t necessarily 4 – at least not in IT ...ifev.rz.tu-bs.de/SiT_SafetyinTransportation/SiT2016/freigabe_braband.pdf1. Breakdown of the system into zones and conduits

2016-11-11

© Siemens AG 2016 – All rights reserved.

Page 3 Mobility Division

Introduction

2 x 2 = 4

Von Eigenes Werk - Eigenes Werk, GFDL, https://commons.wikimedia.org/w/index.php

Page 4: Why 2 times 2 ain’t necessarily 4 – at least not in IT ...ifev.rz.tu-bs.de/SiT_SafetyinTransportation/SiT2016/freigabe_braband.pdf1. Breakdown of the system into zones and conduits

2016-11-11

© Siemens AG 2016 – All rights reserved.

Page 4 Mobility Division

Some additional thoughts

2 apples times 2 pears = 4 fruits?

Rank 2 times Rank 2 =????????

Page 5: Why 2 times 2 ain’t necessarily 4 – at least not in IT ...ifev.rz.tu-bs.de/SiT_SafetyinTransportation/SiT2016/freigabe_braband.pdf1. Breakdown of the system into zones and conduits

2016-11-11

© Siemens AG 2016 – All rights reserved.

Page 5 Mobility Division

Basic approach for IT security risk assessment from IEC 62443

1. Breakdown of the system into zones and conduits so that• the IT security requirements are coordinated in zones or conduits • each object is allocated to a zone or conduit

2. Assessment of the risk for each zone or conduit and each fundamental requirement (FR)• identification and authentication control (IAC)• use control (UC)• system integrity (SI)• data confidentiality (DC)• restricted data flow (RDF)• timely response to events (TRE)• resource availability (RA)

3. Determine Security Level (SL) for each zone or conduit for each FR

Page 6: Why 2 times 2 ain’t necessarily 4 – at least not in IT ...ifev.rz.tu-bs.de/SiT_SafetyinTransportation/SiT2016/freigabe_braband.pdf1. Breakdown of the system into zones and conduits

2016-11-11

© Siemens AG 2016 – All rights reserved.

Page 6 Mobility Division

Security-Level (SL) based on IEC 62443

Safety

Hacker

Organisation

Cyberwar

Page 7: Why 2 times 2 ain’t necessarily 4 – at least not in IT ...ifev.rz.tu-bs.de/SiT_SafetyinTransportation/SiT2016/freigabe_braband.pdf1. Breakdown of the system into zones and conduits

2016-11-11

© Siemens AG 2016 – All rights reserved.

Page 7 Mobility Division

What’s the problem?

IEC 62443-3-2:2015 proposal for the determination of the target security level

What’s wrong with that?

Page 8: Why 2 times 2 ain’t necessarily 4 – at least not in IT ...ifev.rz.tu-bs.de/SiT_SafetyinTransportation/SiT2016/freigabe_braband.pdf1. Breakdown of the system into zones and conduits

2016-11-11

© Siemens AG 2016 – All rights reserved.

Page 8 Mobility Division

Analysis

1. SL is by definition a seven-dimensional vector e. g. (1,2,1,4,3,3,3), not a single scalar

2. Setting all FR for a zone or conduit to the same scalar value is not reasonable3. For safety-related systems SL 0 is not reasonable, as all safety-related

systems have to cope with operator errors or forseeable misuse4. It is not justified why 4 is taken as a threshold. Why not take 5?5. The type of the parameters is ordinal. So only a ranking of values is implied.

How is multiplication defined semantically for ordinal or rank scales?6. For ordinal values we could have used the decriptors A, B, C, D and E. What

does BxC mean or CxD/4?

Page 9: Why 2 times 2 ain’t necessarily 4 – at least not in IT ...ifev.rz.tu-bs.de/SiT_SafetyinTransportation/SiT2016/freigabe_braband.pdf1. Breakdown of the system into zones and conduits

2016-11-11

© Siemens AG 2016 – All rights reserved.

Page 9 Mobility Division

How can we rescue the concept?

The problem of ordinal scales is well known from semi-quantitative risk analysis, e. g. risk priority numbers (RPN) from IEC 60812.

Usually two criteria have to be fulfilled1) Scenarios with similar risks should lead to the same RPN.2) Scenarios with the same RPN should have similar risk

Unfortunately these criteria can‘t be fulfilled by multiplication.

Page 10: Why 2 times 2 ain’t necessarily 4 – at least not in IT ...ifev.rz.tu-bs.de/SiT_SafetyinTransportation/SiT2016/freigabe_braband.pdf1. Breakdown of the system into zones and conduits

2016-11-11

© Siemens AG 2016 – All rights reserved.

Page 10 Mobility Division

OK. Let’s add the numbers…

• Multiplication is continued summation...• How is summation defined for ordinal numbers?• But summation is easier to justify. If R=L x I then the ordinal numbers can be interpreted of the logs of the original values (order of magnitude) and logs add• But what about proper calibration?• And how do we get SL from that?

Page 11: Why 2 times 2 ain’t necessarily 4 – at least not in IT ...ifev.rz.tu-bs.de/SiT_SafetyinTransportation/SiT2016/freigabe_braband.pdf1. Breakdown of the system into zones and conduits

2016-11-11

© Siemens AG 2016 – All rights reserved.

Page 11 Mobility Division

New approach

1) Start with an educated guess of SL-T vector for a zone or conduit, say SL0

2) Perform a threat and risk analysis (TRA) assuming that all requirements forSL0 are fulfilled.

3) Change the SL for the FR that relate to the not acceptable risk giving SL0. Perform the TRA again.

Repeat these steps until SLn with acceptable risks is reached. Similar as in numerical bisection aka regula falsi.

Page 12: Why 2 times 2 ain’t necessarily 4 – at least not in IT ...ifev.rz.tu-bs.de/SiT_SafetyinTransportation/SiT2016/freigabe_braband.pdf1. Breakdown of the system into zones and conduits

2016-11-11

© Siemens AG 2016 – All rights reserved.

Page 12 Mobility Division

Summary

We have discussed a new approach for SL determination from draft IEC 62443-3-2. The major new results are:

• The approach is seriously flawed

• The tolerable risk is not justified

• The derived SL does not fit to the definition of SL

• The multiplication of ordinal numbers is not defined

An alternative approach that overcomes these problems was sketched.

I'm preachin' dis sermon to show,It ain't nece-ain't neceAin't nece-ain't nece

Ain't necessarily ... so !


Presentation SST OS - TU Braunschweigifev.rz.tu-bs.de/.../WeB/7_PresentationStraeter.pdf · Microsoft PowerPoint - Presentation SST OS.ppt Author: straeter Created Date: 12/8/2009

Bieleschweig A Model-Based Development Process for ...ifev.rz.tu-bs.de/Bieleschweig/B9/Heisel-Bieleschweig9-Model Based... · Software design Component specification Component implementation

EEG Analysis of Implicit Human Visual Perception...EEG Analysis of Implicit Human Visual Perception MaryamMustafa TU Braunschweig [email protected] LeaLindemann TU Braunschweig [email protected]

HASELNUSS: Hardware-based Security ... - ifev.rz.tu-bs.de

Model-Based Safeta AnalysisApplication of Traditional and ...ifev.rz.tu-bs.de/Bieleschweig/B7/Bieleschweig7/OFFIS_Peikenkamp.pdf · •Subject of the analysis is the Built In Test

MiBA-ToM: studying in St.Petersburgmarketing2.rz.tu-bs.de/marketing/download/mibatom/MiBA_ToM_for... · • Faculty of Management ... •Mustang Jeans •Otto Group •Siemens VDO

Relational Database Systems 1 - ifis.cs.tu-bs.de

Relational Database Systems 2 - ifis.cs.tu-bs.de

Brannigan-Bieleschweig9-Regulatory Use System Safety Analysisifev.rz.tu-bs.de/Bieleschweig/B9/Brannigan-Bieleschweig9... · 2007-05-21 · Brannigan 9 th Bieleschweig Workshop 2007

Approaches to Improve System Dependability – From Formal …ifev.rz.tu-bs.de/Bieleschweig/B7/Bieleschweig7/Siemens... · 2006-05-12 · C O R P O R A T E T E C H N O L O G Y Approaches

Relational Database Systems 1 - ifis.cs.tu-bs.de · •Besides relational algebra, there are two other major query paradigms within the relational model –Tuple relational calculus

Harald Schrom, Tobias Michaels, Rolf Ernst schrom|michaels|[email protected] Apr 2011 Smart Buildings

Offline-Online Approximate Dynamic …web.winforms.phil.tu-bs.de/paper/ulmer/WP_Ulmer_ADP_Stochastic...Offline-Online Approximate Dynamic Programming for ... dynamic and stochastic

The agri-motive safety performance integrity level – Or how …ifev.rz.tu-bs.de/SiT_SafetyinTransportation/SiT11/...TÜV Rheinland InterTraffic GmbH - Transport Safety Consult The

Apportionment of Safety Integrity - TU Braunschweigifev.rz.tu-bs.de/SiT_SafetyinTransportation/SiT2015...DEF-STAN 00-56 requires in clauses 7.3.3 that “Design rulesand techniques

CENELEC - SC9XA WGA15: Maintenance of EN 50129ifev.rz.tu-bs.de/SiT_SafetyinTransportation/SiT2015... · 2015. 11. 18. · PART 2 PART 3 Overall requirements, for all the life-cycle

Risk Matrix as a Tool for Risk Assessment in the Chemical ...ifev.rz.tu-bs.de/Bieleschweig/pdfB4/Bieleschweig4_Folien_Kuhn.pdf · P 1 A/B B EE P 2 B CE F P 3 CFF P 4 E FFF D F Example

Network Coding for Wireless Grids - ibr.cs.tu-bs.de · Network Coding for Wireless Grids Frank H.P. Fitzek Mobile Device Group. . [email protected]

3. Introduction and Chapter Objectiveslibrary.ida.ing.tu-bs.de/.../Readings_Textbook/RealAnalog-Circuits1-Chapter3.pdfSince nodal and mesh analysis approaches are fairly closely related,

Design Thinking Methode - khncoaching.afh.etc.tu-bs.dekhncoaching.afh.etc.tu-bs.de/sylt2018/images/doku/Mittwoch/WS8_Design... · Design Thinking Inhaltsverzeichnis 1 Methodenbeschreibung

Transient Analysis, Linear Analysis and Reliability Analysisifev.rz.tu-bs.de/Bieleschweig/B9/Uhlig-Bieleschweig9_SimX.pdf · Hamburg, May 14-15 2007 Ninth Bieleschweig Workshop Page

Metrology in chemistry - Braunschweig IGSMigsm.tu-bs.de/system/files/event/07_metrology-in-chemistry... · • Life and well-being as well as international trade require inter- tionally

Geometric Methods in Robotics Part II: Robotic ...summerschool2009.robotik-bs.de/downloads/summerschool09_mmr_li... · Summer School-Mathematical Methods in Robotics, Ôç-çÔ July

marketing2.rz.tu-bs.demarketing2.rz.tu-bs.de/marketing/publikationen/ap/... · Author: HyperGEAR,Inc. Created Date: 7/28/2009 10:54:13 AM

Praktische Aspekte der Informatik - graphics.tu-bs.de · Assignment A. Create a git account on our server Go to the website: git.cg.cs.tu-bs.de Create an account with your lastname

Influence of negatively charged plume grains on the structure of Enceladus' Alfven wings: hybrid simulations versus Cassini MAG data Hendrik Kriegel ([email protected])

Numerical methods for PDEs Introduction, fundamentals of ...wire.tu-bs.de/lehre/ss14/pde2/PDE2_Tutorial_1_Fundamental_func... · Platzhalter für Bild, Bild auf Titelfolie hinter

3 Mapping of Spatial Data - ifis.cs.tu-bs.de · 3.1 Properties of Maps 3.2 Signatures, Text, Color 3.3 Geometric Generalization 3.4 Label and Symbol Placement

Towards a Hybrid Approach for Incident Root Cause Analysisifev.rz.tu-bs.de/Bieleschweig/pdfB2/deStefano_Bieleschweig.pdf · Herald of Free Enterprise (HFE) capsizes 0.1 HFE becomes

SecureKeeper: Confidential ZooKeeper using Intel … Confidential ZooKeeper using Intel SGX Stefan Brenner TU Braunschweig, Germany [email protected] Colin Wulf TU Braunschweig,

Data Warehousing with OLAP - ifis.cs.tu-bs.de

Meso-Parametric Value Function Approximation for Dynamic ...web.winforms.phil.tu-bs.de/paper/ulmer/Ulmer_meso.pdf · Dimensional Knapsack Problem, Approximate Dynamic Programming,

Trustees Annual Report [email protected] Comminution and Classifi cation Chair: Prof. Arno KWADE, Braunschweig/DE [email protected] Computer Aided Process Engineering

Structure-Aware Image Compositing - cg.cs.tu-bs.de · Structure-Aware Image Compositing ... propose robust methods to globally eliminate intensity and structure mis- ... texture synthesis

Home [vivaldi-bs.de]vivaldi-bs.de/images/weekend_web.pdf · 2019. 2. 4. · Donald Russell - Rinderfilet mit Portweinsauce Ristorante . Weekend-Menü Jdkobsmuscheln mit PencheI-0rangensdIdt