Security Concept: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
m (typo) |
||
| Line 28: | Line 28: | ||
-> All Valves of dangerous chemicals must be monitored (with potentiometers or switches) and alerted in case the valve is open in a situation where it should not be open | -> All Valves of dangerous chemicals must be monitored (with potentiometers or switches) and alerted in case the valve is open in a situation where it should not be open | ||
-> Preferably a system that can actively close all valves in case of a safety alert. | -> Preferably a system that can actively close all valves in case of a safety alert. | ||
-> Safety-Alerts should either be done by pressing a button, or by a watchdog that monitors the liveness of control | -> Safety-Alerts should either be done by pressing a button, or by a watchdog that monitors the liveness of control systems | ||
Latest revision as of 17:34, 7 March 2022
The Libresilicon Security Concept:
Status: DRAFT
Threat Model:
1. Chemical recipies could be modified causing chemical hazard
2. Malfunctions / Crashes of the control system could leak chemicals
Requirements: 1. Chemical recipies must be correct, tamper-proof / tamper evident
2. We have to ensure that valves are closed in case of malfunction
Security Concept: 1. To avoid bit-errors, we SHOULD use Hashes on the Recipies
1. We need air-gaps for security-critical control systems
1. To avoid bit-errors, we MUST use ECC RAM wherever possible
1. The usage of Majority-Voting for failsafe control systems has been deemed unnecessary.
2. We need a failsafe system: The Fail-Safe state is to close the valves.
-> All Valves of dangerous chemicals must be monitored (with potentiometers or switches) and alerted in case the valve is open in a situation where it should not be open -> Preferably a system that can actively close all valves in case of a safety alert. -> Safety-Alerts should either be done by pressing a button, or by a watchdog that monitors the liveness of control systems