System Architecture Design

More documents

Recommendations

Info

pSHIELDSystem Architecture DesignPUFigure 7 - Cross-layer architectures for indirect and direct communications.The first category, direct communications, should be used when only a single cross layer optimization isplanned. The second category, indirect communications, is realized with a common cross-layer entity orcross-layer manager, which acts as a mediator between the layers. The cross-layer entity includes anetwork status component of the stack that interfaces the different layers between themselves and acts asa database where each network layer can put or get information. This architecture should be used formultiple cross layer optimizations.3.1.3 The Overlay as a Cross-Layer Security Architecture for Security, Privacy andDependabilityAs we have seen in the previous section, a Cross-Layer Architecture is a design paradigm that couldimprove the performance of a generic system by simply allowing information exchange among the layers.This approach has been widely described for Telecommunication environment, however for the purposeof the pSHIELD project we need to adapt it to a different context by addressing two main issues:i) while classical Cross-Layer is applied to the seven, well known, ISO/OSI layers, pSHIELD Cross-Layeris applied to three heterogeneous and complex layers named Node (the hardware), Network (theinterconnection between nodes) and Middleware (the software services located between the hardwareand the applications providing the core SPD functionalities)ii) while classical Cross-Layer aims at optimizing telecommunication quality of service performances (likebandwidth, transmission delays and so on), the pSHIELD Cross-Layer is in charge of addressing Security,Privacy and Dependability to bring them to a reference, desired value. With Security, Privacy andDependability we refer to a wide set of functionalities relevant for the system like Authentication,PUD2.3.2Issue 5 Page 26 of 122
pSHIELDSystem Architecture DesignPUCryptography, Authorization, Key management, Auditing, etc. For any possible threat, pSHIELD acts as aSPD overlay, applying a functional-cross-layer approach, as depicted below:THREAT / ATTACK…INTRUSIONENERGYCOMMUNICATIONMIDDLEWARENETWORKNODEOVERLAYFigure 8 – pSHIELD Overlay.Given a threat or an attack (such as intrusion, tampering, energy shortage, communication fault, etc.) itpotentially impacts all middleware, network and node layers. To face this threats and attacks, traditionalapproaches are to defend each single functionality or each single layer, without any coordination with therest of the involved system. To ensure such an holistic approach it is necessary a Cross-Layer element toserve as a glue between the different domains (node, network and middleware). The Overlay monitorsand controls the SPD level of the whole system.In order to simplify the description, in the unfolding of the document we will refer to the “pSHIELD Cross-Layer Architecture for Security, Privacy and Dependability” with the word “Overlay Layer” or pSHIELDOverlay”.Since there are many SPD functionalities positively affected by the introduction of an Overlay layer, mostof them depending on the application scenario, it is not possible to provide in advance an extensive,quantitative description of the advantages for each SPD functionality. However in the following sectionssome examples are provided to better understand the Overlay impact on improving the SPD level of agiven system of embedded systems.3.1.3.1 SecurityThe Overlay approach could improve the security of an interconnected set of Embedded Systems byleveraging the basic security functionalities of each hardware and/or software components. For example ifan encryption algorithm is required to protect the output of a node, the overlay could decide to perform itdirectly at node level (by activating the adequate chip and producing an already encrypted output) as wellas at network level (by ciphering the information while transmitting it over a secured channel) or atmiddleware level (by ciphering the information stored in memory before sending it). Of course thesesolutions are equivalent if and only if they all fit the application needs.1.1.1.2 DependabilityAn intuitive example of Dependability functionality that could be guaranteed by the pSHIELD overlay couldbe the power consumption of the system. If we consider, for example, a monitoring system composed bydifferent nodes, communication protocols and software components, the Overlay could dynamicallychoose the less expensive (in terms of energy) configuration of devices or transmission protocols andPUD2.3.2Issue 5 Page 27 of 122
Page 1 and 2: Project no: 100204pSHIELDpilot embe
Page 3 and 4: Contents1 Executive Summary .......
Page 5 and 6: FiguresFigure 1 - A generic embedde
Page 7 and 8: Figure 45 - pSHIELD Security Agent
Page 9 and 10: MGFMIPSMLNeLNFMRFPNMPNMPSNoLNVMOLOS
Page 11 and 12: Issue 5Page xi
Page 13 and 14: pSHIELDSystem Architecture DesignPU
Page 19 and 20: pSHIELDSystem Architecture Design3.
Page 25: pSHIELDSystem Architecture DesignPU
Page 31 and 32: pSHIELDSystem Architecture Design
Page 39 and 40: pSHIELDSystem Architecture Design
Page 47 and 48: pSHIELDSystem Architecture Designen
Page 75: pSHIELDSystem Architecture DesignPU
Page 80 and 81:
pSHIELDSystem Architecture DesignPU
Page 82:
Page 86 and 87:
Page 88 and 89:
Page 90 and 91:
Page 92 and 93:
Page 94 and 95:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
show all

System Architecture Design

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?