JUCS - Journal of Universal Computer Science 30(5): 563-589, doi: 10.3897/jucs.112790
Towards a single device for multiple security domains
Florian Skopik‡, Arndt Bonitz‡, Daniel Slamanig‡, Markus Kirschner§, Wolfgang Hacker|‡ AIT Austrian Institute of Technology, Vienna, Austria§ MUSE Electronics GmbH, Vienna, Austria| Ministry of Defence, Vienna, Austria
Corresponding author: Florian Skopik ( florian.skopik@ait.ac.at ) © Florian Skopik, Arndt Bonitz, Daniel Slamanig, Markus Kirschner, Wolfgang Hacker. This is an open access article distributed under the terms of the Creative Commons Attribution License (CC BY-ND 4.0). This license allows reusers to copy and distribute the material in any medium or format in unadapted form only, and only so long as attribution is given to the creator. The license allows for commercial use. Citation:
Skopik F, Bonitz A, Slamanig D, Kirschner M, Hacker W (2024) Towards a single device for multiple security domains. JUCS - Journal of Universal Computer Science 30(5): 563-589. https://doi.org/10.3897/jucs.112790 |  |
Abstract
Military field operations place high demands on information and communication technology (ICT) devices, both in terms of reliability and security. These requirements include robustness against environmental influences such as vibrations, water, and humidity as well as protection against physical attacks and cyber-attacks. Attempts to compromise a device must be detected immediately, and if necessary, trigger automated countermeasures such as alarms, partial deactivation or emergency wiping of all data. In this work, we specifically focus on cyber security issues and aim to deliver a concept for a device that can be used in multiple security domains, isolating mission-specific data from each other without the risk of data spillover. For that purpose, we outline a high-level concept for a resilient single device concept that is able to withstand common intrusion attempts. We identify threat agents, misuse cases and the risks of a single device concept for multiple security domains and evaluate the most pressing issues. Based on the identified risks, we determine additional mitigation measures and discuss their applicability. We foresee our work to provide valuable insights into the requirements on and design decisions of highly secure mobile device solutions.
Keywords
cyber security, hardened tablet, rugged device, risk analysis