Security Concept
Jump to navigation
Jump to search
The Libresilicon Security Concept:
Status: DRAFT
Threat Model:
1. Chemical recipies could be modified causing chemical hazard
2. Malfunctions / Crashes of the control system could leak chemicals
Requirements: 1. Chemical recipies must be correct, tamper-proof / tamper evident
2. We have to ensure that valves are closed in case of malfunction
Security Concept: 1. To avoid bit-errors, we SHOULD use Hashes on the Recipies
1. We need air-gaps for security-critical control systems
1. To avoid bit-errors, we MUST use ECC RAM wherever possible
1. The usage of Majority-Voting for failsafe control systems has been deemed unnecessary.
2. We need a failsafe system: The Fail-Safe state is to close the valves.
-> All Valves of dangerous chemicals must be monitored (with potentiometers or switches) and alerted in case the valve is open in a situation where it should not be open -> Preferably a system that can actively close all valves in case of a safety alert. -> Safety-Alerts should either be done by pressing a button, or by a watchdog that monitors the liveness of control system