System Architecture Design

More documents

Recommendations

Info

pSHIELDSystem Architecture DesignPU5 SPD RequirementsArchitecture is one of the structural characteristics of pSHIELD. The process for the definition of aconceptual formalized architectural framework demands as inputs a set of requirements, which are ofseveral types or simply express different system needs and priorities. We assign the term “SystemRequirements” in the collection concerning the overall design. This can be further decomposed inattributes independent of the application or reflecting the specific scenario needs. We aim at defining theSPD functionalities, which will be potentially possessed by a pSHIELD implementation, in order to serveits objective, being for example, the protection of asset and material in the railway transportation usecase. These requirements pave the way for the design and development of pSHIELD Architecture,synthesized by the four pSHIELD layers of node, network, middleware and overlay.Out of the broad list of D2.1, “System requirements and specifications”, we refer here to theserequirements, which relate, to a bigger or lesser extent, with the impact of specific SPD desired attributes,metrics and functionalities, in the formulation of the system architecture. Before that, an epigrammaticreminder of the three components comprising SPD concept and their meaning in the technologicalframework in pSHIELD follows.Security in the context of telecommunications and ESs is the resultant of three properties: confidentiality,integrity and availability. Their synthesis represents the discipline of protecting software and hardwareagainst attacks conducted by unauthorized interceptors.Apart from the apparent, colloquial meaning, Privacy, expanded respectively in communication theory, isthe seclusion or selective revelation of wire, oral or electronic communication while in transmission.Usually privacy is a notion broader than security. In pSHIELD, in expectation of an improved specificationof the term (probably through the application scenario use case), privacy can be a complementary andinterrelated term to security and more specifically, confidentiality.Even broader and multi-faceted is Dependability, a notion arriving in telecommunications from systemengineering and encompassing the reliability and trustworthiness of a system or network. As mentioned inD2.1, in pSHIELD, Dependability embraces the meaning of availability, reliability, safety, integrity andmaintainability.The description of each requirement is accompanied by the code with which it can be found (itself or a setof similar phrased ones) in D2.1. Either these requirements are tightly connected to architecturalcharacteristics or they imply features and functionalities dependent on the development of the architectureproposal.5.1 System Architecture Security RequirementsAvailabilityThe attribute concerns availability of information, node, network and system, for authorized users (0301,01003, 01014).IntegrityOf data (network layer), against unauthorized access, mechanisms based on hardware “hooks” andsecure key installation, protection of the TPM, integrity at node layer (0302, 06004, 01002, 01004, 01012,01015).PUD2.3.2Issue 5 Page 62 of 122
pSHIELDSystem Architecture DesignPUCentral control unitThe system should have a central control unit and the respective monitoring applications should havereliable communication links between the peripheral nodes and this unit (20003, 06001).Confidentiality aware information deliveryIn the network layer, data confidentiality to protect and encrypt the transmitted information should besupported (06005, 20035).Audit functionalitiespSHIELD system should guarantee audit functionalities (06006).EncryptionpSHIELD system should guarantee encryption functionalities, TPM cryptographic protocols andimprovement, cryptography on node layer, encryption algorithms on network layer (06007, 01008, 01011,09002, 01031, 20036).Non-repudiationpSHIELD system should provide non-repudiation functionalities (06008).Access controlpSHIELD system should establish access control functionalities among users, assets and operations onsystem and node level (06009, 01003, 01030).Identification and authenticationThe pSHIELD system should guarantee identification and authentication functionalities, including nodeand network layers (06010, 01031, 20038).Tamper ResistanceThere should be anti-tampering functionalities for physical attacks on nodes (06012).TimestampsThe pSHIELD system should be able to provide reliable timestamps (06013).Trusted channelThe pSHIELD system should provide trusted channel for SPD functionalities (06015).Secure service discoveryMiddleware should support secure service discovery (20029).Management of security functionalitiesThere should be efficient management of the above listed security functionalities (06011).Network securityOn network layer, security protocols should be implemented, including the protection of IP or upper layerspayload and protocols (20031, 20032).Denial of servicePUD2.3.2Issue 5 Page 63 of 122
Page 1 and 2:
Project no: 100204pSHIELDpilot embe
Page 3 and 4:
Contents1 Executive Summary .......
Page 5 and 6:
FiguresFigure 1 - A generic embedde
Page 7 and 8:
Figure 45 - pSHIELD Security Agent
Page 9 and 10:
MGFMIPSMLNeLNFMRFPNMPNMPSNoLNVMOLOS
Page 11 and 12: Issue 5Page xi
Page 13 and 14: pSHIELDSystem Architecture DesignPU
Page 19 and 20: pSHIELDSystem Architecture Design3.
Page 31 and 32: pSHIELDSystem Architecture Design
Page 39 and 40: pSHIELDSystem Architecture Design
Page 47 and 48: pSHIELDSystem Architecture Designen
Page 61: pSHIELDSystem Architecture DesignPU
Page 113 and 114:
pSHIELDSystem Architecture DesignPU
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
show all

System Architecture Design

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?