 |
The Third International Conference on Advances AFIN 2011 August 21-27, 2011 - French Riviera, |
| Tutorials |
T1: Analysing Risk in Practice: The CORAS Approach to Model-driven risk Analysis
Dr. Bjørnar Solhaug,
SINTEF ICT, Norway
T2: Taking Care of Security in Hardware Design
Dr. Régis Leveugle,
TIMA Laboratory - Grenoble, France
T3: Security Issues in Wireless Sensor Networks
Prof. Dr. Yenumula B. Reddy, Grambling State University, USA
T4: The BSN Hardware and Software Platform: Enabling Easy Development of Body Sensor Network Applications
Dr. Joshua Ellul, Imperial College London, UK
DETAILED DESCRIPTIONS
T1: Analysing Risk in Practice: The CORAS Approach to Model-driven risk Analysis
Dr. Bjørnar Solhaug,
SINTEF ICT, Norway
The term “risk” is known from many fields. On an almost daily basis we face references to “contractual risk”, “economic risk”, “operational risk”, “environmental risk”, “health risk”, “political risk”, “legal risk”, “security risk”, and so forth. In order to identify and assess risks we may conduct risk analyses. The exact nature of an analysis, however, varies considerably depending on the nature of the risks we address. We may classify risk analysis approaches into two main categories: offensive (balancing potential gain against risk of loss) and defensive (protecting what is already there).
In order to defend something, it is important to know exactly what we are defending. This motivates asset-driven risk analysis, in other words risk analysis where the assets of the target (the tings of value) are identified as early as possible and where the rest of the analysis is driven by these assets. In order to analyse something, it is necessary to have a clear picture of what this something is. Understanding the structure and behaviour of the target of analysis is therefore important. However, understanding and modelling the target is only one aspect the modelling in a risk analysis; modelling what can go wrong is even more important. In fact, this is what risk analysis is all about. We then talk about risk modelling and model-driven risk analysis.
In this tutorial we present CORAS, which is an asset-driven, defensive approach to risk analysis. For risk analysis in practice, there is a need for well-defined methods, techniques and practical guidelines for how to do this. This is exactly what CORAS provides. The CORAS approach is a self-contained risk analysis methodology and the first to be truly model-driven in the sense that modelling is an integrated part in every part of the process. This means that target models and threat and risk models are applied in all phases of the risk analysis for visualization, communication and documentation of risk information, and are the main driver of the risk analysis process. The methodology is described in detail in the book Model-Driven Risk Analysis: The CORAS Approach, and has been validated through application in a large number of full-scale industrial analyses.
The CORAS approach consists of three main components: 1) The CORAS language, which is a language tailor-made for modelling risk in a precise and rigorous, yet intuitive and easily understandable manner. 2) The CORAS method, which provides detailed guidelines for how to conduct the various stages of a risk analysis in practice. 3) The CORAS tool, which is a modelling tool for editing models in the CORAS language.
In addition to presenting the basics of risk analysis and the CORAS approach, we also give a presentation of more advanced use of risk models expressed in the CORAS language.
T2: Taking Care of Security in Hardware Design
Dr. Régis Leveugle,
TIMA Laboratory - Grenoble, France
This tutorial discusses the specific design constraints related to secure integrated or embedded systems, with a special emphasis on the most critical elements in such systems, e.g. cryptoprocessors. The main focus is on hardware-based attacks and some possible solutions. After a presentation of the general context, the basics of circuit-level attacks are summarized. Circuit- and architecture-level methods for the design and implementation of robust secure circuits are then explained, including manufacturing test concerns. Characteristics and limitations of the main hardware protection schemes (also called countermeasures) are discussed. Experimental attack data are shown on several implementation technologies (ASIC and FPGA).
T3: Security Issues in Wireless Sensor Networks
Prof. Dr. Yenumula B. Reddy, Grambling State University, USA
Sensor nodes are small in size, self-organized, limited computational power, able to sense events, process data, and communicate with each other via radio links to transfer information. Wireless sensor networks (WSN) consist of a large number of sensor nodes in the operational field. The WSNs are usually deployed in remote places and left unattended. The operational conditions are most often harsh or even hostile. The WSNs transfer sensitive information in remote and dangerous places. The WSNs monitor the environmental conditions, such as temperature, pressure, motion, sound, vibration, and pollution. The nature of deployment and handling type of information, they should be equipped with appropriate security mechanisms. Due to their natural resource constraints traditional security techniques became major obstacles for implementation. Therefore, effective security mechanisms are required to operate sensor networks in hostile and unattended environments.
Wireless sensor networks (WSN) produce low-cost solutions to many real-world challenges. Further, they are motivated by military applications such as battle field surveillance. Today they were used in many industrial and consumer applications. These include process monitoring and control, health care applications in hospitals, environment and habitat monitoring, home automation, and traffic control.
In this tutorial, we discuss the topology of wireless sensor networks, applications, threats, and possible security measurements. Part 1 discusses the WSN topology, security threats and applications. In Part 2, we present the current security models, possible security models in WSNs, and the pit falls of security models. In the third part, we discuss the research directions in WSNs.
T4: The BSN Hardware and Software Platform: Enabling Easy Development of Body Sensor Network Applications
Dr. Joshua Ellul, Imperial College London, UK
The BSN platform tutorial is designed for students, engineers and researchers who are working on or interested in BSN related research. The tutorial will begin with an introduction to the concept of BSN, its motivations, applications, technologies and research directions. A recently developed operating system for body sensor networks, BSNOS, aimed at facilitating easy programming will be introduced. It will follow by hands-on sessions demonstrating how to use the BSN platform to develop prototypes and systems for BSN related research.
Tutorial Outline:
Introduction to Body Sensor Networks
Introduce the current state-of-the-art in wireless sensor networks and its significance and future applications to sensing and monitoring devices for healthcare.
Hardware and Software Installation
Introduce the basic architecture and extensibility of the BSN node for different sensing environments both for healthcare applications and general wireless sensor networks.
Introduction to BSNOS and the IDE
Introduce the major concepts required to program the BSN node applications using BSNOS and the IDE.
BSN Programming (hands-on session)
Hands on session on BSN node programming using BSNOS.
This session will illustrate how to build and run example applications which entail sensing, storing and wirelessly communicating data.
