Professional Documents
Culture Documents
6 - The Fuzzy Integrated Evaluation of Embedded System Security
6 - The Fuzzy Integrated Evaluation of Embedded System Security
PAPER PRESENTATION ON
FUZZY LOGIC
THE FUZZY INTEGRATED EVALUATION OF EMBEDDED SYSTEM SECURITY
Submitted By K.POOR NIMA, III-YEAR(ECE), P !"#$%.&%'#&!#()"%"*+$%#,.- $.
technology. To construct security evaluation model, firstly evaluation factors are recogni,ed, then data is collected through man'computer method, at last based on fu,,y sub5ection theory and &elphi method qualitative evaluation is transferred to quantitative evaluation.
(2-4!#76
!ccess to the embedded system should be restricted to a selected set of authori,ed users /user identification0, while access to a network or a service has to be provided only if the device is authori,ed /secure network access0. The availability of the embedded system from malicious entities could result in a degradation of performance or complete denial of service to legitimate users. 1mbedded system security need protect critical or sensitive information /code or data0 throughout its lifetime. Secure storage involves securing information in the embedded system2s storage devices, external or internal to the system. 3inally, tamper resistance refers to the desire to maintain these security requirements even when the device falls into the hands of malicious parties and can be physically or logically probed.
.n the evaluation of embedded system security, we encounter problems such as the complication of security factors and difficulty of data collection. There is no single method to solve these problems. 4e need an integrated evaluation method which comprises expert evaluation, statistical information and compute technology. To construct security evaluation model, firstly evaluation factors are recogni,ed, then data is collected through man'computer method, at last based on fu,,y sub5ection theory and &elphi method qualitative evaluation is transferred to quantitative evaluation.
(2-4!#76
&ue to these unique characteristics of embedded system security, we can"t solve embedded security at a single level of abstraction. 4ith the reference of security pyramid model , we give the recognition of security evaluation factors in a three level hierarchy model as following figure.
opinion feedback /!dler and 7iglio, 899:0. !ccording to -elmer /89;;0 &elphi represents a useful communication device among a group of experts and thus facilitates the formation of a group 5udgment . (ased on data colleted experts make evaluations relying on their individual competence and are sub5ective, &elphi method is utili,ed to ad5ust the fu,,y evaluation of each expert to achieve the consensus condition of the all experts consistent.
2'%,4%7# "
#"
D2,=)#
The ob5ective of most &elphi applications is the reliable and creative exploration of ideas or the production of suitable information for decision making. The &elphi #ethod is based on a structured process for collecting and distilling knowledge from a group of experts by means of a series of questionnaires interspersed with controlled
defined as <8,<6=<S /<i<5>?/8@i,5@s iA500. 1ach subset <i is constructed by the factors in the next level denoted as *in, so the characteristic vector of each subset <i is presented by the expression. Y#A0B#1/B#2/C/B#"1
4eighted average means is applied to each vector (i to take valuable information of each evaluation into account. The expression
+eferred with priority weight vector of each subset ! which is represented AA 0%1/%2/C/%(0 ,the final evaluation TAAHBA071/72/C/7$1 is calculated.
S72=@. 1stimate the normali,ed priority weights. The priority weight vector of subsets is presented by the expression. A#A 0%#1/%#2/C/%#"1
There are several methods such as !-P method and dual correlation function method to give priority weights. !ccording to the particularity of embedded system security, in the case of this paper the weights are given by experts in &elphi method.
S72=5.
$alculate evaluation vector (i corresponding to subset <i. The calculation formula is B#AA#HR#A 0:#1/:#2/C/:#$1.
@. T)2 -%(2; .n this paper, we give a case of a wireless biometric authentication device which is to facilitate secure biometric authentication between a user and a server in applications such as intelligent keys, credit card. ! user enters acclaimed identity which is stored in the device into a server. !fter the server validates themclaimed identity, the user impresses a
5
fingerprint on the server"s sensor. The server extracts the fingerprint"s unique features and matches them with apreviously stored template. The server decides to corroborate or deny the user"s claimed identity based on a matching threshold..n this case the hierarchy structure is constructed firstlyK evaluation factors are divided into four subsets which are Protocol, !lgorithm, !rchitecture and +esource. Sub' factors and the alternatives under evaluation are shown as Tables 8 /priority weight in the brackets0. The 5udge set B is VA DV 1/ V 2/ V 3/ V @/ V 5L which shows the risk probability level. .ts meaning is I B 8 Bery -igh, B 6 -igh, B M #edium , B N Oow , B P Bery OowI.
A!-)#72-74!2C
R2( 4!-2(;
The experts make 5udgments of the sub5ection to the 5udge set B. 1valuation matrixes +8, +6, +M and +N areC
5. C "-,4(# ";
The security evaluation of embedded system is the need of the hour because embedded systems can effect changes in our physical world, the consequences of exploiting their security vulnerabilities can be significant to the society. .n this paper, an integrated evaluation method of embedded system security is presented. 1ach risk factor is estimated by the experts and for calculating the quantificational security evaluation of the whole system, the degree of assurance is introduced. The case result in this paper shows that the proposed method is scientific and tally with the actual situation.
R292!2"-2(;
E8G -wang, &.&.K Schaumont, P.K Tiri, S.K Berbauwhede, .., ISecuring embedded systems,I Security + Privacy ,aga#ine, *--- , vol.N, no.6, pp. NF'N9, #arch'!pril 6FF: E6G The &elphi #ethod &efinition and -istorical (ackground 6FF;, available at httpCTTwww. iit.eduUitTdelphi.html, 6FF;'88'6F. EMG The &elphi #ethod 6FF;, available at httpCTTwww.ryerson.caTUm5oppeT+esearch Process RN8The&elphi#ethod.htm, 6FF;'88'68. E NG 4eaver, )., Paxson, B., Staniford, S., and $unningham, +. 6FFM. ! taxonomy of computer worms. .n Proceedings of the 6FFM !$# 4orkshop on +apid #alcode /4ashington, &$, US!, %ctober 6; ' 6;, 6FFM0. 4%+# 2FM. !$# Press, )ew <ork, )<, 88'8R EPG #ustafa # !, 3!.'(ahar V, Pro5ect risk assessment using the analytic hierarchy process, .111 Transactions on 1ngineering #anagement, vol.MR, no.8, pp.N:'P6, 8998. .