Security Concept

From LibreSilicon
Revision as of 17:34, 7 March 2022 by RaWa (talk | contribs) (typo)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

The Libresilicon Security Concept:

Status: DRAFT

Threat Model:

1. Chemical recipies could be modified causing chemical hazard

2. Malfunctions / Crashes of the control system could leak chemicals

Requirements: 1. Chemical recipies must be correct, tamper-proof / tamper evident

2. We have to ensure that valves are closed in case of malfunction


Security Concept: 1. To avoid bit-errors, we SHOULD use Hashes on the Recipies

1. We need air-gaps for security-critical control systems

1. To avoid bit-errors, we MUST use ECC RAM wherever possible

1. The usage of Majority-Voting for failsafe control systems has been deemed unnecessary.

2. We need a failsafe system: The Fail-Safe state is to close the valves.

  -> All Valves of dangerous chemicals must be monitored (with potentiometers or switches) and alerted in case the valve is open in a situation where it should not be open
  -> Preferably a system that can actively close all valves in case of a safety alert.
   -> Safety-Alerts should either be done by pressing a button, or by a watchdog that monitors the liveness of control systems