© Neeraj Suri

EU-NSF ICT March 2006

Dependable Embedded Systems & SW Group

www.deeds.informatik.tu-darmstadt.de

Seminar Course – Summer 2014

Prof. Dr. Neeraj Suri,

Daniel Germanus, Stefan Winter, Thorsten Piper, Tsvetoslava Vateva-

Gurova

Reza Mahmudimanesh

Seminar Courses

Summer Semester 2014

2

Related Courses

Lectures Operating Systems I

Operating Systems II – Dependability & Trust

Seminars Implementing Secure & Reliable Software

Smart Grid Informatics and Trustworthiness

Security and the Cloud – the Issues and Metrics

Building and Breaking Complex Software Systems

Bachelor/Master theses, term papers, HiWi jobs

Seminar Courses

Summer Semester 2014

3

Seminar Course Objectives

Goals Getting up-to-date on the latest research in this area

Practicing scientific writing and presentation

“Outputs” Report

2 reviews

Presentation

Seminar Courses

Summer Semester 2014

4

Building and Breaking Complex Software Systems (BBCSS)

Prof. Dr. Neeraj Suri,

Stefan Winter Habib Saissi

Seminar Courses

Summer Semester 2014

5

Implications of System Complexity

Seminar Courses

Summer Semester 2014

6

Seminar Courses

Summer Semester 2014

7

Implementing Secure & Reliable Software (ISRS)

Prof. Dr. Neeraj Suri,

Thorsten Piper

Seminar Courses

Summer Semester 2014

8

What is the seminar about?

What can we do to prevent our software from breaking?

Seminar Courses

Summer Semester 2014

9

ISRS Seminar Topics

Software Testing and Analysis

Software Security

Formal Methods

Implementing High-Assurance Software

Peer-to-Peer and Distributed Systems

Fault Tolerance and Fault Containment

© Neeraj Suri

EU-NSF ICT March 2006

Dependable Embedded Systems & SW Group

www.deeds.informatik.tu-darmstadt.de

Smart Grid Informatics and Trustworthiness (SGIT)

Prof. Dr. Neeraj Suri,

Daniel Germanus, Kubilay Demir

Seminar Courses

Summer Semester 2014

11

The Evolving Grid: From Traditional to Future Grids

Seminar Courses

Summer Semester 2014

12

The Problem: New Threats to Critical SCADA Systems

SCADA incidents Stuxnet, 2010 Facing Cyberattack, Iranian Officials

Disconnect Oil Terminals From Internet (N.Y. Times, 2012)

Cyber war? Power grid incidents

Researchers launched an experimental cyber attack causing a generator to self-destruct (CNN, 2007)

Cyberspies penetrate electrical grid (Reuters, 2009)

'Smart Grid' raises security concerns (Washignton Post, 2009)

Warning over smart meters privacy risk (BBC, 2012)

How to protect assets: Ensure safety, avoid physical damage

Seminar Courses

Summer Semester 2014

13

The EU INSPIRE Project: Peer-to-Peer (P2P) SW Sensors

Approach: Place P2P software sensors Intercept SCADA traffic

P2P overlay acts as a backup in case of data loss/corruption/delay etc.

Seminar Courses

Summer Semester 2014

14

P2P-Enabling for SCADA Protection

P2P overlay

P2P: - Is a self-organized / resilient middleware

- “Breaks” the structureness of SCADA

- inherent path and data replication

Central rooms

Interconnected SCADA Systems

WAN

SCADA 1 SCADA 3

RTU: Remote Terminal Unit

Seminar Courses

Summer Semester 2014

15

Problem: Hidden Capacity in Power Transmission Lines

Line capacity depends on weather conditions (temperature, wind, sunshine, etc)

Static line ratings leads to 10-15% under-utilization of transmission capacity 95% of the time

20-25% under-utilization of capacity 85% of the time

Source: http://www.neuralenergy.info

Seminar Courses

Summer Semester 2014

16

Automated Dynamic Capacity Rating Through Wireless Ad Hoc PMU Network

Pow

er

Gene

rato

r

Power

Consumer 1

Power

Consumer 2

Sink (at

Bus

Station)

Comm. range ~ 1,5 km

PMU (low-cost, Zigbee-PRO)

+ ambient sensors

Generation Transmission Distribution

Instant

capacity of

each line Msg

(segment

capacity)

Timeliness! Accuracy! Completeness!

Seminar Courses

Summer Semester 2014

17

SGIT Seminar Topics

Wide Area Monitoring System Robustness

SmartGrid Cyberattacks: Data Integrity

IEC 61850 GOOSE Messaging Protocol: Characteristics & Resilience

P2P convergence, Applications of P2P convergence technologies for optimal operation and control of distribution systems

IEC 61850 GOOSE Messaging Protocol Security Requirements

Fair Power Allocation

Seminar Courses

Summer Semester 2014

18

Topic Selection & Assignment

Select 3 topics from the list and send them in your preference order to: germanus@cs.tu-darmstadt.de

If there is a specific topic or theme that is not listed but you definitely would like to cover, that’s possible too by contacting us.

Groups of 2 people can also choose a common topic, though we will clearly need to know the individual contributions of each group member.

If you do not understand the topic ask the corresponding supervisor

Seminar Courses

Summer Semester 2014

19

Security and the Cloud – the Issues and Metrics (SCIM)

Prof. Dr. Neeraj Suri,

Tsvetoslava Vateva-Gurova, Heng Zhang

Seminar Courses

Summer Semester 2014

20

The Cloud has arrived!

On demand provisioning

Elasticity

Multi-tenancy

Delivery models:

Infrastructure as a Service (IaaS)

Platform as a Service (PaaS)

Software as a Service (SaaS)

Deployment models:

Public, Private, Community & Hybrid Clouds.

Seminar Courses

Summer Semester 2014

21

Use case: Cloud storage

From the myriad of available Cloud services, storage is one of the most widely used: Google Drive, SkyDrive, Dropbox, AWS S3, ...

User-friendly, cost-savings, ...

Typical use-cases: Backup,

Synchronization,

Sharing,

DBMS/BigData.

21

Seminar Courses

Summer Semester 2014

22

However, recent Cloud incidents just exacerbate the SME/corporate users’ fears: MegaUpload (180M users, 25PBytes storage) DropBox exploits

Cloud Supply Chain outages:

• AWS (April, 2011)

• Azure (Feb, 2012)

Security as a show-stopper 22

IaaS PaaS SaaS

Seminar Courses

Summer Semester 2014

23

What can we do..

Consider Cloud’s intrinsic properties

Be aware of the security threats

Measure the risk related to the security threats

Provide mechanisms to compare Cloud Service Providers in terms of security guarantees

etc.

Seminar Courses

Summer Semester 2014

24

Why Security Metrics?

"If you can not measure it, you can not improve it.“

Lord Kelvin (1824 – 1907)

It is quite uncommon for Cloud providers to specify the “security level” associated with their products and services.

This forbids informed user/customer decisions on the matter:

Side-by-side comparison of Cloud Service Providers.

Service negotiation based on security parameters.

Continuous security monitoring.

Security-tuning.

Etc.

It is hard to measure security as all the possible threats are not known, but it is even harder to quantify security extending the security measurement at all design and usage levels of the system.

Seminar Courses

Summer Semester 2014

25

Topic Selection & Assignment (all seminars)

Select 3 topics from the list in our website and send them in your preference order to the respective seminar head: BBCSS: sw@informatik.tu-darmstadt.de

ISRS: piper@informatik.tu-darmstadt.de

SGIT: germanus@cs.tu-darmstadt.de

SCIM: vateva@deeds.informatik.tu-darmstadt.de

If there is a specific topic or theme that is not listed but you definitely would like to cover, that’s possible too by contacting us.

Groups of 2 people can also choose a common topic, though we will clearly need to know the individual contributions of each group member.

If you do not understand the topic ask the corresponding supervisor

Depending on your selections we’ll assign you (your group) Topic (short description + supervisor)

Seminar Courses

Summer Semester 2014

26

What’s next?

Kick-off (Today, 15.04., E202, 10:00-11:30)

Topic Selection – 16.04 Topic Assignment – 17.04

Introductory “lecture” on

Literature research Scientific writing Peer review process Giving a talk WHEN (22.04.2014, in room E202 from 10:00 – 11:30)

CW 17 (21.04.-28.04.2013): Literature research review with your

supervisor Make an appointment early on!

Seminar Courses

Summer Semester 2014

27

Time line in SS-2013

5. Jun. 2014 Seminars report draft submission

6. Jun. 2014 Seminars review assignment

18. Jun. 2014 Seminars review submissions

19. Jun. 2014 Seminars review dissemination

30. Jun. 2014 Seminars final report submission

11. Jul. 2014 Seminars slide set submission

15. Jul. 2014 Seminars slides set feedback

18. Jul. 2014 09:00 – 17:00 Seminars final presentations - E202 Attendance to all talks is mandatory for all participants of the

seminar.

Seminar Courses

Summer Semester 2014

28

Deliverables: Report, Reviews, Presentation

Report ~ 5 pages (groups of two ~ 10 pages) Two-column ACM style (details in the introductory lecture) Preferably in English Templates (Word and LaTeX) will be provided (MUST follow!)

2 Peer Reviews

~ 1 page each (reviews are distributed per student, not per group)

In the same language as the report for which you write the review

Plain text file suffices Details on review contents in the introductory lecture

Presentation

~ 20 minutes (groups of two ~ 30 minutes) Presentations can be held in either English or German

(slides preferably in English) Guidelines for the presentations in the introductory lecture

Seminar Courses

Summer Semester 2014

29

Thanks!

For updated information:

www.deeds.informatik.tu-darmstadt.de