Security Concept: Difference between revisions
Jump to navigation
Jump to search
(Created page with "The Libresilicon Security Concept: Status: DRAFT Threat Model: 1. Chemical recipies could be modified causing chemical hazard 2. Malfunctions / Crashes of the control syst...") |
m (typo) |
||
(One intermediate revision by one other user not shown) | |||
Line 26: | Line 26: | ||
2. We need a failsafe system: The Fail-Safe state is to close the valves. | 2. We need a failsafe system: The Fail-Safe state is to close the valves. | ||
-> All Valves of dangerous chemicals must be monitored and alerted in case the valve is open in a situation where it should not be open | -> All Valves of dangerous chemicals must be monitored (with potentiometers or switches) and alerted in case the valve is open in a situation where it should not be open | ||
-> Preferably a system that can actively close all valves in case of a safety alert. | -> Preferably a system that can actively close all valves in case of a safety alert. | ||
-> Safety-Alerts should either be done by pressing a button, or by a watchdog that monitors the liveness of control | -> Safety-Alerts should either be done by pressing a button, or by a watchdog that monitors the liveness of control systems |
Latest revision as of 17:34, 7 March 2022
The Libresilicon Security Concept:
Status: DRAFT
Threat Model:
1. Chemical recipies could be modified causing chemical hazard
2. Malfunctions / Crashes of the control system could leak chemicals
Requirements: 1. Chemical recipies must be correct, tamper-proof / tamper evident
2. We have to ensure that valves are closed in case of malfunction
Security Concept: 1. To avoid bit-errors, we SHOULD use Hashes on the Recipies
1. We need air-gaps for security-critical control systems
1. To avoid bit-errors, we MUST use ECC RAM wherever possible
1. The usage of Majority-Voting for failsafe control systems has been deemed unnecessary.
2. We need a failsafe system: The Fail-Safe state is to close the valves.
-> All Valves of dangerous chemicals must be monitored (with potentiometers or switches) and alerted in case the valve is open in a situation where it should not be open -> Preferably a system that can actively close all valves in case of a safety alert. -> Safety-Alerts should either be done by pressing a button, or by a watchdog that monitors the liveness of control systems