Cybersecurity for PLM Research Roadmap, Lecture notes of Computer Networks

The research roadmap for cybersecurity in PLM. It covers topics such as protection from insider threat, access control systems, compliance techniques, secure supply chain, and remote 3D printing, security usability, security management, and cost, secure collaboration techniques, and cloud security. The document also talks about anomaly detection and response system for databases and response mechanism for cybersecurity. a mix of lecture notes, summaries, and study notes.

Typology: Lecture notes

2021/2022

Uploaded on 05/11/2023

xyzxyz
xyzxyz 🇮🇳

4.8

(24)

309 documents

1 / 19

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Cyber Security for PLM
Elisa Bertino
CS Department, Cyber Center, and CERIAS
Purdue University
Joint work with:
Lorenzo Bossi, Syed Hussain, Asmaa Sallam
CS Department and Cyber Center
Purdue University
Cyber Center
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13

Partial preview of the text

Download Cybersecurity for PLM Research Roadmap and more Lecture notes Computer Networks in PDF only on Docsity!

Cyber Security for PLM^ Elisa Bertino CS Department, Cyber Center, and CERIAS^ Purdue University^ Joint work with: Lorenzo Bossi ,^ Syed Hussain

,^ Asmaa Sallam

Cyber Center^ CS Department and Cyber CenterPurdue University

PLM Cybersecurity – Research Roadmap^ ^ Protection from insider threat^ ^ Access control systems^ ^ Compliance techniques^ ^ Secure supply chain and secure remote 3Dprinting^ ^ Security usability^ ^ Security management and security cost^ ^ Secure collaboration techniques^ ^ Cloud security and cloud for security

Protection from Insider ThreatIP Theft https://www.cert.org/blogs/insider_threat/2013/12/theft_of_ip_by_insiders.html Based on 103 IP theft cases recorded in the MERIT Database (since 2001) • - Industry sector in which IP theft occurred more frequently • - Information Technology^ 35% • - Banking and Finance^ 13% • - Chemical^ 12% • - Critical Manufacturing^ 10% • -Majority of insider IP theft cases occurred onsite (70% onsite as opposed18% remotely) • - Financial impact (known only for 35 of the 103 cases) • Over 1M USD in 48% of cases and over 1K in 71%

Protection from Insider ThreatIP Theft – Mitigation and Detection From “ Spotlight On: Insider Theft of Intellectual Property Inside the UnitedStates Involving Foreign Governments or Organizations

”, CMU/SEI, May

2013 • Recommdendation3:^ Monitor Intellectual Property Leaving the Network^ •Identify critical information and track its location, access, modification,and transfers•Implement technical controls that log the access and movement ofcritical information that employees•Download from company servers•Email from the organization’s network to personal accounts•Download to removable media•Many cases involved downloading source code, executables, orexcessive amount of data before leaving the organization•Recommendation 4:^ Consider Enforcing Least-Privilege

System Architecture Anomaly Detection and ResponseSystem for Databases

SQL Commands

T^1^ USER TABLES T^2 T^3

Normal Access Pattern^ SQL Commands^

syscolumnsSYSTEM TABLES^ sysobjects

Anomalous Access Pattern^ Example Anomalous Access Pattern

Field^

Value Command^

SELECT Num Projection Tables

2 Num Projection Columns

3 Num Selection Tables

3 Num Selection Columns SELECT T1.a1, T1.c1, T2.c2 FROM T1, T2,T3WHERE T1.a1 = T2.a2 AND T1.a1 =T3.a3^3 Schema^ T1 : {a1,b1,c1} Query

Coarse Quiplet:^ example^ T2 : {a2,b2,c2}^ T3 : {a3,b3,c3}

Field^

Value Command^

SELECT Projection Tables^

[1^1 0] Projection Columns

[2 1^ 0] Selection Tables^

[1^1 1] Selection Columns SELECT T1.a1, T1.c1, T2.c2 FROM T1, T2,T3WHERE T1.a1 = T2.a2 AND T1.a1 =T3.a3^ [1^1 1] Schema^ T1 : {a1,b1,c1} Query

Medium Quiplet:^ example^ T2 : {a2,b2,c2}^ T3 : {a3,b3,c3}

Supervised Case Key Ideas  Associate each query with a role  Build profiles per role  Train a classifier with role as the class  Declare a request as anomalous if classifierpredicted role does not match the actual role

Next Steps  Application to PLM  Determine and represent the units of data accesses  Represent and record the duration of user sessions  Represent and record the volume of accessed data  Profile data flows and use  Represent and record access patterns in time  Profile application programs

Database Response Policies^ Response Policy Language

ECA

Look at the various mechanisms used by insiders^ (from 2010 CyberSecurity Watch Survey ) Copied information to mobile device (USB drive, iPod, etc.)

Downloaded information to home computer

Stole information by sending it out via email

Shared account (e.g. system administrator, DBA, etc.)

Stole hardcopy information^

Compromised an account^

Remote access^

Used authorized system administrator access

Stole information by downloading it to another computer

Escalated privileges^

Blackberry or other mobile handheld device

Social engineering^

Password crackers or sniffers^

Backdoors^

Rootkit or Hacking Tools^

Malicious code inserted as part of the software development process

Logic bomb^

Other^

Don't know^

Is Anomaly Detection Sufficient?