Security

Question 1

Why is security systems matter?

Answer 1

• Systems must be trustworthy as we depend on them
• Security breaches are very costly
• Complex systems will inevitably have design flaws that can be manipulated

Question 2

Why does robotic security matter?

Answer 2

• Hacked robots can harass users
• Can cause accidents and damage
• Low security can cause distrust in robotics

Question 3

What is the CIA (Confidentiality, Integrity, Availability) triad?

Answer 3

a foundational model for understanding security requirements, and minimise threats

Question 4

What its confidentiality?

Answer 4

Resources/data that should only be accessible for authorised users

Question 5

What are practical methods of protecting confidential data?

Answer 5

Encryption, access control, authentication

Question 6

What is meant by integrity?

Answer 6

Resources/data should only be modified or removes by authorised users

Question 7

What are practical methods for keeping integrity?

Answer 7

• Checksums
• Hashing
• Digital signatures
• Version control

Question 8

What is meant by availability?

Answer 8

Resources is accessible whenever needed by authorised users

Question 9

What can help availability?

Answer 9

• Fast performance
• Backup servers
• Reliable systems that don’t fail

Question 10

What are the Security Design Principles?

Answer 10

• Economy of Mechanism
• Fail-safe defaults
• Complete Meditation
• Open design
• Separation of privilege
• Least privilege
• Least common mechanism
• Psychological acceptability

Question 11

What is economy of mechanism?

Answer 11

Keep designs as simple, reducing the chance of errors

Question 12

Why is economy of mechanism useful?

Answer 12

Less code means less bugs and simpler verification

Question 13

What is fail-safe defaults

Answer 13

Deny by default; only grant access if explicitly allowed.
Mistakes revert the system to secure state

Question 14

What is complete mediation?

Answer 14

Authorisation is re-validated on every request

Question 15

What is complete mediation useful for?

Answer 15

Prevent attackers from having indefinite access after entering system

Question 16

What is open design?

Answer 16

The security mechanisms are transparent and public

Question 17

Why is open design useful?

Answer 17

Designs are peer-reviewed and under public criticism

Question 18

What is separation of privilege?

Answer 18

Divide power so no single entity can control the entire system

Question 19

Why is separation of privilege useful?

Answer 19

Reduces threats and accidental misuse

Question 20

How can separation of privilege be used in banking?

Answer 20

transactions require approval from multiple roles

Question 21

What is defence in depth?

Answer 21

Several layers of security protect assets; If one layer fails, the rest still protect the assets

Question 22

What is least privilege?

Answer 22

A subject only has privileges necessary for its task

Question 23

How can least privilege be used in robotics?

Answer 23

Robots can read given data, but cannot alter databases or write system logs

Question 24

What is least common mechanism?

Answer 24

Minimises shared resources

Question 25

What is psychological acceptability?

Answer 25

Security must be user-friendly to be adopted; good usability

Question 26

Why is psychological acceptability important?

Answer 26

Users may avoid security measures due to complexity

Question 27

What principles are being applied for secure firmware updates for robotics?

Answer 27

Fail-safe defaults: if an error occurs during an update, the robot defaults to secure state Complete mediation: Every firmware update and access to the system is checked rigorously

Question 28

What principles are applied for separating safety-critical code in automated cars

Answer 28

Separation of privilege: Software is divided into distinct parts. Safety-critial parts are isolated from rest of software Least privilege: Only necessary permissions are granted to the system

Question 29

What principles are applied for ensuring training data for AI models are reliable?

Answer 29

Integrity: training data remains untampered Complete mediation: Every interaction with the data and AI model is verified

Question 30

What principles are applied to create easy-to-use password managers?

Answer 30

Psychological acceptability

Question 31

What are the immutable laws of security?

Answer 31

A set of core principles that guide security practices, including technical and human factors

Question 32

What is important to consider for the future of security?

Answer 32

Technology and methods of infiltrating security constantly evolve. Security needs to keep up with evolving tech to stay robust and resilient