Mode Switching from a Security Perspective: First Findings of a Systematic Literature Review

Communications in Computer and Information Science

Schönegger³

2022

Self Cite

Many devices in various domains operate in different modes. We have suggested to use mode switching for security purposes to make systems more resilient when vulnerabilities are known or when attacks are performed. We will demonstrate the usefulness of mode switching in the context of industrial edge devices. These devices are used in the industry to connect industrial machines like cyber-physical systems to the Internet and/or the vendor's network to allow condition monitoring and big data analytics. The connection to the Internet poses security threats to edge devices and, thus, to the machines they connect to. In this paper (i) we suggest a multi-modal architecture for edge devices;(ii) we present an application scenario; and (iii) we show first reflections on how mode switching can reduce attack surfaces and, thus, increase resilience.

Section: Mode Switchingmentioning

confidence: 99%

Mode Switching for Secure Edge Devices

Communications in Computer and Information Science

Schönegger³

2022

Self Cite

“…Multiple modes are also used in other domains like automotive, aviation and energy. First findings of a systematic literature review on mode switching are provided by [10]. Self-driving cars may have modes for manual driving, adaptive cruise control, lane keeping assistant, parking and emergency [1].…”

Section: Mode Switchingmentioning

confidence: 99%

“…We pursue the idea of using modes to increase the resilience of software. We have presented first findings of a systematic literature review [10] and a web server case study using a multi-purpose mode switching solution [11]. The case study has shown that mode switching can reduce the window of exposure from 536 to 8 days and provides 98.9% of the time with zero (known) risk.…”

Section: Introductionmentioning

confidence: 99%

Mode Switching for Secure Web Applications – A Juice Shop Case Scenario

Communications in Computer and Information Science

2021

Self Cite

Switching modes is a general mechanism that is used in many domains. We have suggested to use it for security purposes to make systems more resilient when vulnerabilities are known or when attacks are performed. OWASP provides several vulnerable web applications for testing and training security skills. We have the idea of applying mode switching to one of these applications in order to demonstrate its usefulness in increasing security. We have chosen Juice Shop as our sample application. In this paper (i) we suggest a multi-modal architecture for web applications; (ii) we present Juice Shop as our web application scenario; and (iii) we show first reflections on how mode switching can reduce attack surfaces and, thus, increase resilience.

Context-Aware Security Modes For Medical Devices

2022 Annual Modeling and Simulation Conference (ANNSIM)

Rozenblit

2022

Medical devices require the provision of life-critical functionality even under adverse conditions. We imagine to model (at design time) and to switch (at run-time) security modes in a self-adaptive way, thus, reducing attack surfaces in case of a malfunction, attack, or when vulnerabilities become known. Modes return back to normal when patches are provided and installed. Context-aware devices can resiliently provide a degraded mode of operation with a smaller attack surface instead of completely disabling the whole system or a device recall. Healthcare organizations and patients should actively protect themselves by implicitly or explicitly switching to modes with limited activity ranges for attackers. We use simulation to check all circumstances and the self-healing functionality to return to normal mode. In this paper, we present our ongoing work to make medical devices more secure. We discuss how modes can support that, how they are defined, and what challenges they provide.