Security Concept: Difference between revisions

From LibreSilicon
Jump to navigation Jump to search
(Created page with "The Libresilicon Security Concept: Status: DRAFT Threat Model: 1. Chemical recipies could be modified causing chemical hazard 2. Malfunctions / Crashes of the control syst...")
 
m (typo)
 
(One intermediate revision by one other user not shown)
Line 26: Line 26:


2. We need a failsafe system: The Fail-Safe state is to close the valves.
2. We need a failsafe system: The Fail-Safe state is to close the valves.
   -> All Valves of dangerous chemicals must be monitored and alerted in case the valve is open in a situation where it should not be open
   -> All Valves of dangerous chemicals must be monitored (with potentiometers or switches) and alerted in case the valve is open in a situation where it should not be open
   -> Preferably a system that can actively close all valves in case of a safety alert.
   -> Preferably a system that can actively close all valves in case of a safety alert.
     -> Safety-Alerts should either be done by pressing a button, or by a watchdog that monitors the liveness of control system
     -> Safety-Alerts should either be done by pressing a button, or by a watchdog that monitors the liveness of control systems

Latest revision as of 17:34, 7 March 2022

The Libresilicon Security Concept:

Status: DRAFT

Threat Model:

1. Chemical recipies could be modified causing chemical hazard

2. Malfunctions / Crashes of the control system could leak chemicals

Requirements: 1. Chemical recipies must be correct, tamper-proof / tamper evident

2. We have to ensure that valves are closed in case of malfunction


Security Concept: 1. To avoid bit-errors, we SHOULD use Hashes on the Recipies

1. We need air-gaps for security-critical control systems

1. To avoid bit-errors, we MUST use ECC RAM wherever possible

1. The usage of Majority-Voting for failsafe control systems has been deemed unnecessary.

2. We need a failsafe system: The Fail-Safe state is to close the valves.

  -> All Valves of dangerous chemicals must be monitored (with potentiometers or switches) and alerted in case the valve is open in a situation where it should not be open
  -> Preferably a system that can actively close all valves in case of a safety alert.
   -> Safety-Alerts should either be done by pressing a button, or by a watchdog that monitors the liveness of control systems