IT-Sicherheit und Cloud Computing

Chapter

Zusammenfassung

In Industrie 4.0 in Deutschland verschwinden die Grenzen zwischen den vormals getrennten Informations- und Kommunikationstechnik-Bereichen (IKT) der Produktions- IT und der Business-IT. Diese werden vernetzt, wodurch IT-Systeme mit ganz unterschiedlichen Sicherheitsanforderungen verbunden werden. Daraus ergeben sich neue Verwundbarkeiten und den Angreifern eröffnen sich neue Möglichkeiten, in Systeme einzudringen und Schäden auch in der physischen Welt zu verursachen. So können sich beispielsweise Computer-Viren, die man von Desktop-PCs kennt, auf Produktionsanlagen ausbreiten, oder Maschinen werden zur Fernwartung freigegeben, ohne diese Zugänge ausreichend abzusichern.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Literatur

  1. [1]
    Kritische Sicherheitslücke ermöglicht Fremdzugriff auf Systemregler des Vaillant ecoPOWER 1.0, April 2013.Google Scholar
  2. [2]
    BENCSÁTH, BOLDIZSÁR, GÁBOR PÉK, LEVENTE BUTTYÁN MÁRK FÉLEGYHÁZI: Duqu: A Stuxnet-like malware found in the wild., Laboratory of Cryptography and System Security (CrySyS), Budapest University of Technology and Economics, Department of Telecommunications, October 2011.Google Scholar
  3. [3]
    BONEH, D., G. DI CRESCENZO, R. OSTROVSKY G. PERSIANO: Public Key Encryption with Keyword Search. Advances in Cryptology-Eurocrypt 2004, 506–522. Springer, 2004.Google Scholar
  4. [4]
    BOWERS, KEVIN D, ARI JUELS ALINA OPREA: HAIL: A High-Availability and Integrity Layer for Cloud Storage . Proceed of the 16th ACM Conference on Computer and Communications Security, 187–206, New York, New York, USA, 2009. ACM Press.Google Scholar
  5. [5]
    BOWERS, KEVIN D, ARI JUELS ALINA OPREA: Proofs of Retrievability: Theory and Implementation. ACM Cloud Computing Security Workshop, 43–54, 2009.Google Scholar
  6. [6]
    CANETTI, RAN: Security and Composition of Multi-party Cryptographic Protocols. Journal of Cryptology, 13(1):143–202, January 2000.CrossRefMATHMathSciNetGoogle Scholar
  7. [7]
    CRYPTOGRAPHY, LABORATORY OF SYSTEM SECURITY (CRYSYS): W32.Duqu - The precursor to the next Stuxnet., Symantec, November 2011.Google Scholar
  8. [8]
    ECKERT, CLAUDIA: IT – Sicherheit – Konzepte, Verfahren, Protokolle. Oldenbourg, 8th, 2013.Google Scholar
  9. [9]
    FILIPOVIC, BARTOL OLIVER SCHIMMEL: Schutz eingebetteter Systeme vor Produktpiraterie: Technologischer Hintergrund und Vorbeugemaßnahmen. AISEC Studie, 2012.Google Scholar
  10. [10]
    FORSCHUNGSUNION: Umsetzungsempfehlungen für das Industrieprojekt 4.0, April 2013.Google Scholar
  11. [11]
    INTELLITRENDS: Measuring the Impact of Technology Performance: A Global Perspective – 2013., Compuware, 2013.Google Scholar
  12. [12]
    JUELS, ARI BURTON S KALISKI JR: PORs: Proofs of Retrievability for Large Files. Proceedings of the Seventh ACM Conference on Computer and Communication Security CCS, 2007.Google Scholar
  13. [13]
    JUELS, ARI ALINA OPREA: New Approaches to Security and Availability for Cloud Data. Communications of the ACM, 56(2):64–73, 2013.CrossRefGoogle Scholar
  14. [14]
    KATZ, J., A. SAHAI B. WATERS: Predicate encryption supporting disjunctions, polynomial equations, and inner products. Advances in Cryptology–EUROCRYPT 2008, 146–162, 2008.Google Scholar
  15. [15]
    KIENING, ALEXANDER, CHRISTOPH KRAUß CLAUDIA ECKERT: Verifiable Trust between Electronic Control Units based on a single Trust Anchor. 11th Embedded Security in Cars (escar), 2013.Google Scholar
  16. [16]
    KRAUß, CHRISTOPH VOLKER FUSENIG: Using Trusted Platform Modules for Location Assurance in Cloud Networking. Proceedings of the 7th International Conference on Network and System Security (NSS 2013), Lecture Notes in Computer Science. Springer, 2013.Google Scholar
  17. [17]
    LINDELL, YEHUDA BENNY PINKAS: Secure Multiparty Computation for Privacy- Preserving Data Mining. May 2008.Google Scholar
  18. [18]
    MERLI, DOMINIK GEORG SIGL: Physical Unclonable Functions - Identitäten für eingebettete Systeme. Datenschutz und Datensicherheit, 12, 2012.Google Scholar
  19. [19]
    NYANCHAMA, MATUNDA SYLVIA OSBORN: Role-based Security: Pros, Cons, & some Research Directions. SIGSAC Rev., 11(2):11–17, 1993.CrossRefGoogle Scholar
  20. [20]
    PARK, D., K. KIM P. LEE: Public Key Encryption with Conjunctive Field Keyword Search. Information Security Applications, 73–86, 2005.Google Scholar
  21. [21]
    PIRRETTI, M., P. TRAYNOR, P. MCDANIEL B. WATERS: Secure Attribute-Based Systems. Proceedings of the 13th ACM conference on Computer and communications security (CCS ’06), 99–112, 2006.Google Scholar
  22. [22]
    SAHAI, A. B. WATERS: Fuzzy identity-based encryption. Advances in Cryptology– EUROCRYPT 2005, 557–557, 2005.Google Scholar
  23. [23]
    SONG, D.X., D. WAGNER A. PERRIG: Practical techniques for searches on encrypted data. Security and Privacy, 2000. S & P 2000. Proceedings. 2000 IEEE Symposium on, 44–55. IEEE, 2000.Google Scholar
  24. [24]
    SPATH, DIETER, OLIVER GANSCHAR, STEFAN GERLACH, MORITZ HÄMMERLE, TOBIAS KRAUSE SEBASTIAN SCHLUND: Produktionsarbeit der Zukunft – Industrie 4.0., Fraunhofer- Institut für Arbeitswirtschaft und Organisation IAO, 2013.Google Scholar
  25. [25]
    STEFANOV, EMIL, MARTEN VAN DIJK, ALINA OPREA ARI JUELS: Iris: A Scalable Cloud File System with Efficient Integrity Checks. 1–33, 2012.Google Scholar
  26. [26]
    STEFFEN, ANDREAS: The Linux Integrity Measurement Architecture and TPM-Based Network Endpoint Assessment. 2012.Google Scholar
  27. [27]
    TRUSTED COMPUTING GROUP: Trusted Platform Module (TPM) Summary. http://www.trustedcomputinggroup.org/resources/trusted_platform_module_tpm_summary.
  28. [28]
    TSVIHUN, IRYNA GERD STEFAN BROST: Cloud Security – Sicherheit in der Wolke. ISIS Cloud & SaaS Report, 10–11, 2011.Google Scholar
  29. [29]
    TSVIHUN, IRYNA NIELS FALLENBECK: Cloud-Leitstand: Die Schaltzentrale für die Cloud. ISIS Cloud & SaaS Report, 1, 2012.Google Scholar
  30. [30]
    VELTEN, MICHAEL, SASCHA WESSEL, FREDERIC STUMPF CLAUDIA ECKERT: Active File Integrity Monitoring using Paravirtualized Filesystems. Proceedings of the 5th International Conference on Trusted Systems (InTrust 2013), LNCS, Graz, 2013. Springer.Google Scholar
  31. [31]
    WAGNER, STEFFEN, CHRISTOPH KRAUSS CLAUDIA ECKERT: Lightweight Attestation and Secure Code Update for Multiple Separated Microkernel Tasks. Proceedings of the ISC 2013: The 16th Information Security Conference, LNCS, Dallas, Texas, USA, 2013. Springer.Google Scholar
  32. [32]
    WESSEL, SASCHA, FREDERIC STUMPF, ILJA HERDT CLAUDIA ECKERT: Improving Mobile Device Security with Operating System-level Virtualization. 28th IFIP International Information Security and Privacy Conference (SEC 2013), 2013.Google Scholar
  33. [33]
    YAO, ANDREW C.: Protocols for Secure Computations. Annual IEEE Symposium on Foundations of Computer Science, 160–164, 1982.Google Scholar

Copyright information

© Springer Fachmedien Wiesbaden 2014

Authors and Affiliations

  1. 1.Technische Universität MünchenGarchingDeutschland

Personalised recommendations