Trust and Security of Embedded Smart Devices in Advanced Logistics Systems

2021 Systems and Information Engineering Design Symposium (SIEDS) Pub Date : 2021-04-30 DOI:10.1109/SIEDS52267.2021.9483779

Christopher M. VanYe, Beatrice Li, Andrew T. Koch, Mai N. Luu, Rahman O. Adekunle, Neginsadat Moghadasi, Zachary A. Collier, Thomas L. Polmateer, David Barnes, David L. Slutzky, Mark C. Manasco, J. Lambert

{"title":"Trust and Security of Embedded Smart Devices in Advanced Logistics Systems","authors":"Christopher M. VanYe, Beatrice Li, Andrew T. Koch, Mai N. Luu, Rahman O. Adekunle, Neginsadat Moghadasi, Zachary A. Collier, Thomas L. Polmateer, David Barnes, David L. Slutzky, Mark C. Manasco, J. Lambert","doi":"10.1109/SIEDS52267.2021.9483779","DOIUrl":null,"url":null,"abstract":"This paper addresses security and risk management of hardware and embedded systems across several applications. There are three companies involved in the research. First is an energy technology company that aims to leverage electric- vehicle batteries through vehicle to grid (V2G) services in order to provide energy storage for electric grids. Second is a defense contracting company that provides acquisition support for the DOD's conventional prompt global strike program (CPGS). These systems need protections in their production and supply chains, as well as throughout their system life cycles. Third is a company that deals with trust and security in advanced logistics systems generally. The rise of interconnected devices has led to growth in systems security issues such as privacy, authentication, and secure storage of data. A risk analysis via scenario-based preferences is aided by a literature review and industry experts. The analysis is divided into various sections of Criteria, Initiatives, C-I Assessment, Emergent Conditions (EC), Criteria-Scenario (C-S) relevance and EC Grouping. System success criteria, research initiatives, and risks to the system are compiled. In the C-I Assessment, a rating is assigned to signify the degree to which criteria are addressed by initiatives, including research and development, government programs, industry resources, security countermeasures, education and training, etc. To understand risks of emergent conditions, a list of Potential Scenarios is developed across innovations, environments, missions, populations and workforce behaviors, obsolescence, adversaries, etc. The C-S Relevance rates how the scenarios affect the relevance of the success criteria, including cost, schedule, security, return on investment, and cascading effects. The Emergent Condition Grouping (ECG) collates the emergent conditions with the scenarios. The generated results focus on ranking Initiatives based on their ability to negate the effects of Emergent Conditions, as well as producing a disruption score to compare a Potential Scenario's impacts to the ranking of Initiatives. The results presented in this paper are applicable to the testing and evaluation of security and risk for a variety of embedded smart devices and should be of interest to developers, owners, and operators of critical infrastructure systems.","PeriodicalId":426747,"journal":{"name":"2021 Systems and Information Engineering Design Symposium (SIEDS)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-04-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 Systems and Information Engineering Design Symposium (SIEDS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SIEDS52267.2021.9483779","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

This paper addresses security and risk management of hardware and embedded systems across several applications. There are three companies involved in the research. First is an energy technology company that aims to leverage electric- vehicle batteries through vehicle to grid (V2G) services in order to provide energy storage for electric grids. Second is a defense contracting company that provides acquisition support for the DOD's conventional prompt global strike program (CPGS). These systems need protections in their production and supply chains, as well as throughout their system life cycles. Third is a company that deals with trust and security in advanced logistics systems generally. The rise of interconnected devices has led to growth in systems security issues such as privacy, authentication, and secure storage of data. A risk analysis via scenario-based preferences is aided by a literature review and industry experts. The analysis is divided into various sections of Criteria, Initiatives, C-I Assessment, Emergent Conditions (EC), Criteria-Scenario (C-S) relevance and EC Grouping. System success criteria, research initiatives, and risks to the system are compiled. In the C-I Assessment, a rating is assigned to signify the degree to which criteria are addressed by initiatives, including research and development, government programs, industry resources, security countermeasures, education and training, etc. To understand risks of emergent conditions, a list of Potential Scenarios is developed across innovations, environments, missions, populations and workforce behaviors, obsolescence, adversaries, etc. The C-S Relevance rates how the scenarios affect the relevance of the success criteria, including cost, schedule, security, return on investment, and cascading effects. The Emergent Condition Grouping (ECG) collates the emergent conditions with the scenarios. The generated results focus on ranking Initiatives based on their ability to negate the effects of Emergent Conditions, as well as producing a disruption score to compare a Potential Scenario's impacts to the ranking of Initiatives. The results presented in this paper are applicable to the testing and evaluation of security and risk for a variety of embedded smart devices and should be of interest to developers, owners, and operators of critical infrastructure systems.

查看原文本刊更多论文

先进物流系统中嵌入式智能设备的信任与安全

本文讨论了硬件和嵌入式系统跨多个应用程序的安全性和风险管理。有三家公司参与了这项研究。首先是一家能源技术公司，旨在通过车辆到电网(V2G)服务来利用电动汽车电池，以便为电网提供能量存储。第二是一家国防合同公司，为国防部的常规快速全球打击计划(CPGS)提供采办支持。这些系统在其生产和供应链以及整个系统生命周期中都需要保护。第三种是在先进物流系统中处理信任和安全问题的公司。互联设备的兴起导致了系统安全问题的增长，如隐私、身份验证和数据的安全存储。通过基于场景的偏好进行风险分析得到文献综述和行业专家的帮助。分析分为标准、举措、C-I评估、紧急情况(EC)、标准-情景(C-S)相关性和EC分组的各个部分。编制了系统成功标准、研究计划和系统风险。在C-I评估中，分配一个等级来表示倡议解决标准的程度，包括研究和开发，政府计划，行业资源，安全对策，教育和培训等。为了了解紧急情况的风险，开发了一份潜在情景列表，涵盖创新、环境、任务、人口和劳动力行为、过时、对手等。C-S相关性评估场景如何影响成功标准的相关性，包括成本、进度、安全性、投资回报和级联效应。ECG (emergency Condition group)是将紧急情况与场景进行汇总。生成的结果侧重于基于否定紧急情况影响的能力对计划进行排名，以及产生一个中断分数来比较潜在场景对计划排名的影响。本文提出的结果适用于各种嵌入式智能设备的安全性和风险的测试和评估，对于关键基础设施系统的开发人员、所有者和运营商应该感兴趣。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 Systems and Information Engineering Design Symposium (SIEDS)

自引率

0.00%

发文量