Safety, Security, and Portability
|
|
- Kristina Nelson
- 6 years ago
- Views:
Transcription
1 NCC Group Whitepaper Safety, Security, and Portability November 22, 2017 Version 1.0 Prepared by Robert C. Seacord Technical Director Abstract Safety, security, and portability are all quality attributes of software systems, but it is unclear what their relationship is. This question is becoming increasingly important as software developers struggle to develop systems which are both safe and secure. This white paper attempts to define these concepts in sufficiently precise terms to define a collection of rules for developing software with these quality attributes in the C programming language. This paper identifies and characterizes the existing and emerging markets for safe and secure software and explains the relationship between safety, security, and portability in sufficient detail to allow the creation of coding rules for C language programming.
2 Table of Contents 1 Introduction Existing and Emerging Markets Market Characterizations Portability Summary References Safety, Security, and Portability NCC Group
3 1 Introduction Safety, security, and portability are all quality attributes [Kazman 1998] of software systems, but it is unclear what their relationship is. Is security a strict subset of safety? Is portability necessary for safety or security? While these may seem like largely academic questions, they are critical to the work of the Safety and Security Rules Study Group within ISO/IEC JTC1/SC22/WG14, the international standardization working group for the programming language C. The purpose of this group is to study the problem of adding rules for safetycritical and safety/security-critical to ISO/IEC TS 17961:2013/Corrigendum 1:2016 Secure Coding Rules [ISO/IEC TS ]. An International Standard (IS) based on ISO/IEC TS needs to address the requirements for safety-critical systems, security-related systems, and safety- and security-critical systems. ISO/IEC TS establishes a baseline set of requirements to diagnose insecure code beyond the requirements of the language standard for analyzers including static analysis tools and C language compilers. The term analyzer is used in this paper to include both analysis tools and compilers. These rules must be enforceable by static analysis and analyzers that implement these rules, and they must be able to effectively discover secure coding errors without generating excessive false positives. The initial direction of the study group is to define coding rules systems that need to be safe, systems that need to be secure, and systems that need to be both safe and secure. To complete its work, the study group must define precise criteria for the inclusion of a rule in each of these categories. To define these criteria, it is necessary to analyze the markets an International Standard (IS) would service and to agree philosophically on the purpose of these rule sets. ISO/IEC/IEEE provide definitions for safety, security, and portability as follows: safety the expectation that a system does not, under defined conditions, lead to a state in which human life, health, property, or the environment is endangered [ISO/IEC ]. safety-critical-software software that falls into one or more of the following categories: a) software whose inadvertent response to stimuli, failure to respond when required, response out-of-sequence, or response in combination with other responses can result in an accident b) software that is intended to mitigate the result of an accident c) software that is intended to recover from the result of an accident. [IEEE Std ]. security portability NOTE: In some domains, a distinction is made between safety-related (can lead to any harm) and safety-critical (life threatening). 1. the protection of system items from accidental or malicious access, use, modification, destruction, or disclosure [ISO/IEC ] 2. protection of information and data so that unauthorized persons or systems cannot read or modify them and authorized persons or systems are not denied access to them [ISO/IEC ]. all aspects related to defining, achieving, and maintaining confidentiality, integrity, availability, non-repudiation, accountability, authenticity, and reliability of a system [ISO/IEC ]. 1. the ease with which a system or component can be transferred from one hardware or software environment to another. 2. the capability of a program to be executed on various types of data processing systems without converting the program to a different language and with little or no modification [ISO/IEC Safety, Security, and Portability NCC Group
4 1993] Synonym: transportability In terms of the C Language Standard [ISO/IEC ], portability issues are enumerated in the informative Annex J, Portability issues. Portability issues include: undefined behavior, unspecified behavior, implementation-defined behavior, locale-specific behavior, and common extensions. There are various references to safe and unsafe throughout the C Standard, but it is unlikely WG14 intended these as direction on what constitutes safety in C language programming. Annex K, Boundschecking interfaces mentions both safety and security in a cursory manner in the background and scope sections, but otherwise provides little guidance. 4 Safety, Security, and Portability NCC Group
5 2 Existing and Emerging Markets There are two well-established markets for safety-critical systems and security-related systems developed in the C language. A third market is emerging for safety- and security-critical systems that include systems such as connected cars [igate Research 2016]. The existence of these established and emerging markets highly influences the practical nature of security and safety, beyond their definitions. The automotive and aerospace industries are major consumers of coding standards for safety-critical systems. Many organizations develop safety-critical code in C [Gerard 2006]. With C s long history there is an extensive tool support for this language, including strong source code analyzers, logic model extractors, metrics tools, debuggers, test support tools, and a choice of mature, stable compilers. The safety community traditionally constrains development to a subset of the C language that is considered less prone to error and amenable to analysis. These language subsets are influenced by the IEC series of international standards for electrical, electronic, and programmable electronic safety related systems [Gerard 2006]. These standards support the assessment of risks to minimize these failures in all Electrical/Electronic/Programmable Electronic safety-related systems, irrespective of where and how they are used. ISO [ISO/DIS ] is an adaptation of IEC for automotive electric/electronic systems that has been widely adopted by the major automotive manufacturers. The security community serves a broader market. Outside of government high-assurance systems, there is a significant focus on security in private/public sectors including financial (banks, trading firms), health (hospitals, medical equipment), and so forth. Still, security is more often considered an attribute of applications and systems whose primary purpose is to deliver functionality and for which security is typically one of several system qualities that may be traded-off against other qualities, such as performance and usability. These applications frequently make use of the whole language, including dynamic memory, which makes subsetting the language too costly to consider. Safety engineering traditionally excludes malevolent behavior, but recent attacks on automobiles [Checkoway 2011, Miller 2015] have demonstrated how remote attackers can control the cyber-physical systems in automobiles and have raised concerns that vulnerabilities in automotive systems [McCarthy 2014] can be exploited to jeopardize system safety. Consequently, automotive manufacturers are increasingly motivated to adopt coding standards that address both safety and security concerns. Several evolving standards aim at addressing these concerns. For example, SAE J3061 [SAE J ] defines a cybersecurity process framework and provides guidance to help organizations identify and assess cybersecurity threats and design cybersecurity into cyber-physical vehicle systems throughout the entire development lifecycle process. The safety-critical systems market is primarily served by The Motor Industry Software Reliability Association (MISRA), a UK-based collaboration between manufacturers, component suppliers, and engineering consultancies. The MISRA C Guidelines define a subset of the C language that reduces the opportunities for mistakes. The first edition of MISRA C, Guidelines for the use of the C language in vehicle based software [MISRA 1998] was published in 1998 to provide a restricted subset of C to meet the requirements of IEC Safety Integrity Level (SIL) 2 and above. Since that time, MISRA C has been adopted by a wide variety of industries and applications including the rail, aerospace, military, and medical sectors. The second edition, known as MISRA C:2004 [MISRA 2004] is titled Guidelines for the use of the C language in critical systems. The first two editions of MISRA were based on C90 [ISO/IEC ]. MISRA C:2012 [MISRA 2012] extends support for C99 [ISO/IEC ] while maintaining guidelines for C90. The security market is primarily served by The CERT C Coding Standard [Seacord 2008, Seacord 2014] published by Addison-Wesley. The CERT C Secure Coding Standard was developed at the request of, and in concert with, the C Standards Committee [Seacord 2016]. The first edition, also known as CERT C:2008 [Seacord 2008], was published on Oct 14, CERT C:2008 provided guidance to programmers in the 5 Safety, Security, and Portability NCC Group
6 secure use of the C language and specifically supported C99 [ISO/IEC ]. After the publication of CERT C:2008, the C Standards Committee established a study group to produce analyzable secure coding guidelines for the C language. The study group first met on October 27, 2009 and in 2013 published ISO/IEC TS Information Technology Programming Languages, Their Environments and System Software Interfaces C Secure Coding Rules [ISO/IEC TS ]. The second edition of The CERT C Coding Standard was updated to support C11 [ISO/IEC ] and to align with ISO/IEC TS Published in 2014, it also known as CERT C:2014 [Seacord 2014]. SAE J3061 recommends both MISRA C and CERT C for guidance on avoiding vulnerabilities and unpredictable behavior in software. 6 Safety, Security, and Portability NCC Group
7 3 Market Characterizations Programmers have developed significant quantities of code that meet the requirements of each market and their associated coding standards. The safety-critical market, in particular, has long used a subset of the C language that it considers safe. As a result, significant existing legacy code bases are implemented using this safe subset of the language. The security requirements of code depend on its purpose rather than its environment. The UNIX finger daemon (fingerd) is an example of ordinary code, even though it may be deployed in a hostile environment. A user runs the client program, finger, which sends a user name to fingerd over the network, which then sends a reply indicating whether the user is logged in and a few other pieces of information. The function of fingerd has nothing to do with security. However, in 1988, Robert Morris found and exploited a vulnerability in fingerd by triggering a buffer overflow, allowing him to execute arbitrary code on the target machine. The Morris worm could have been prevented from using fingerd as an attack vector by preventing buffer overflows, regardless of whether fingerd contained other types of defects. By contrast, the function of /bin/login is purely related to security. A defect of any kind in /bin/login has the potential to allow access where it was not intended. This is security-critical code. Similarly, in safetycritical code, such as software that runs an X-ray machine, any defect at all could have serious consequences. In practice, security-critical and safety-critical code have similar coding requirements in that they must be free from any defects. Standards that address safety-critical code, because they must focus on preventing essentially all defects, are considered too strict by developers outside the safety-critical community. This lack of adoption leaves ordinary code like fingerd unprotected. Security requirements, unlike safety requirements, are frequently retrofitted to existing legacy code. A significant amount of existing legacy code, including code used in critical infrastructure, was implemented without regard to a coding standard of any kind. Consequently, coding standards for security-related software are typically written to support the full language, and not just a secure subset of the language. To be considered a security flaw, a software defect must be triggerable by the actions of a malicious user or attacker. An attacker may trigger a defect by providing malicious data or by providing inputs that execute a particular control path that in turn executes the security flaw. Implementers are encouraged to distinguish violations that operate on untrusted data from those that do not. Secure coding requirements go beyond the requirements of safety when it comes to confidentiality. Leaking patient information, for example, does not jeopardize the immediate safety of the individual and is frequently ignored in safety-critical systems. Consequently, rules that address hard-coding credentials or clearing sensitive information stored in reusable resources, for example, are often absent from coding standards that service the safety-critical systems market. The following terms, are based on the preceding exposition: security-related-software software that must provide security appropriate to its purpose, environment, and threats. security-critical-software software that must be secure in any environment against any threat. Applying these terms to our examples, /bin/login would be classified as security-critical software, while fingerd would be classified as security-related software. 7 Safety, Security, and Portability NCC Group
8 4 Portability Safety and security properties can (and generally should) be verified and validated for each implementation on which it will be deployed. Strictly conforming code is rarely a goal for any system. Portability is a concern when static analysis tools are unavailable for the target platform. For example, a programmer may develop software on an x64 machine but deploy to a headless MIPS device. In these cases, an analysis tool might validate the code for x64 even in cases where it is insecure or unsafe on the MIPS target. Code that must be safe, secure, or both across multiple targets, especially embedded ones, must be verified free from assumptions that hold for some of those targets but not others. This is especially important for static analyzers that, unlike compilers, do not need to be run for each target. Anecdotally, complete static analysis for large code bases can take up to a week to complete. Some static analyzers only care about the target and not the host platform because they operate based on the compilation commands from the build system. These static analyzers interpret the compile flags passed through the build system for a specific target and uses these settings to perform the analysis. Code portability can be divorced from safety and security concerns. This is certainly the case when software targets a single implementation. When multiple implementations are targeted, safety and security properties can be verified and validated for each implementation on which it will be deployed. Many analyzers and compilers target only a single implementation; these tools should be able to conform to the IS. Portability in ISO/IEC TS was addressed by the San Francisco rule that states that variations in quality of implementation permit an analyzer to produce diagnostics concerning portability issues. For example, the following code can produce a diagnostic, such as the mismatch between %d and long int, but is not required to: long i; printf("i = %d", i); ISO/IEC TS does not specify that a conforming analyzer be complete or sound when diagnosing rule violations. This mismatch might not be a problem for all target implementations, but it is a portability problem because not all implementations have the same representation for int and long. A similar approach may suffice for safety-critical systems as well. 8 Safety, Security, and Portability NCC Group
9 5 Summary Security is largely a subset of safety. In other words, safety requirements are generally stricter than security requirements. Secure code must be correct; while safe code must be demonstrably correct. This additional requirement necessitates that safety-critical code be restricted to an analyzable subset of the language. While rule sets for both safety-critical systems and security-related systems need to consider existing legacy code, these legacy code bases vary significantly. Safety-critical systems largely follow MISRA or related guidelines while security-related systems frequently follow no coding standards whatsoever. Consequently, rules for safety-critical systems can subset the C language, while rules for security-related systems need to support the entire language. Security-related systems have some requirements that are not traditionally addressed in safety-critical standards, such as rules to prevent information leakage (for example, to preserve confidentiality). Existing coding standards that address the security-related or safety-critical markets do not fully address the requirements of the emerging market for safety- and security-critical systems. The rule sets for safety- and security-critical systems need to satisfy the stricter requirements for safety-critical systems, but also need to include confidentiality rules, which are absent. Furthermore, the rule sets for safety- and security-critical systems must be reconciled to be consistent and noncontradictory. Portability is not a requirement for safety or security. Ideally, safety and security properties will be verified and validated for each implementation for which the code is deployed. Portability may be a requirement when code must be verified to be free from assumptions that hold for some of those targets but not others, particularly when suitable analysis is not available for the target implementation. If you are interested in participating in the C Safety and Security Rules Study Group, please contact the author of this white paper. 9 Safety, Security, and Portability NCC Group
10 6 References [Checkoway 2011] Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., and Kohno, T. (2011). Comprehensive experimental analyses of automotive attack surfaces. In D. Wagner (Chair), SEC 11, Proceedings of the 20th USENIX Conference on Security, USENIX Association, August 8-12, San Francisco, CA. Available at [Gerard 2006] Gerard J. NASA/JPL Laboratory for Reliable Software The Power of 10: Rules for Developing Safety-Critical Code. Computer 39, 6 (June 2006), DOI= [IEC ] IEC 61508:2010. Functional safety of electrical/electronic/programmable electronic safetyrelated systems, International Electrotechnical Commission, in 7 parts published in [IEEE Std ] IEEE Std (R2002) IEEE Standard for Software Safety Plans. [igate Research 2016] igate Research. Global Connected Cars Market (by Connectivity Form Factor, Connectivity Technology, Product Categories and Geography) and Volume Forecast to 2022 ID: Report November [ISO/DIS ] ISO/DIS Road vehicles Functional safety. The standard consists of several parts, published in [ISO/IEC ] ISO/IEC. Programming Languages C (ISO/IEC 9899:1990). Geneva, Switzerland: ISO, [ISO/IEC ] ISO/IEC. Programming Languages C, 2nd ed (ISO/IEC 9899:1999). Geneva, Switzerland: ISO, [ISO/IEC TS ] ISO/IEC TS 17961:2013/Cor 1:2016. Information Technology Programming Languages, Their Environments and System Software Interfaces C Secure Coding Rules. Geneva, Switzerland: ISO, [ISO/IEC ] ISO/IEC. Programming Languages C, 3rd ed (ISO/IEC 9899:2011). Geneva, Switzerland: ISO, [ISO/IEC ] ISO/IEC 15026:1998, Information technology System and software integrity levels. [ISO/IEC ] ISO/IEC 15026:1998, Information technology System and software integrity levels. [ISO/IEC ] ISO/IEC 12207:2008 (IEEE Std ), Systems and software engineering Software life cycle processes. [ISO/IEC ] ISO/IEC 15288:2008 (IEEE Std ), Systems and software engineering System life cycle processes. [ISO/IEC ] ISO/IEC :1993, Information technology Vocabulary Part 1: Fundamental terms. [ISO/IEC TS ] ISO/IEC TS 17961:2013/Cor 1:2016. Information Technology Programming Languages, Their Environments and System Software Interfaces C Secure Coding Rules. Geneva, Switzerland: ISO, [Kazman 1998] Kazman, Rick., Klein, Mark., Barbacci, Mario., Longstaff, Thomas., Lipson, Howard., & Carriere, S.: The Architecture Tradeoff Analysis Method Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Report CMU/SEI-98-TR-008, Safety, Security, and Portability NCC Group
11 [McCarthy 2014] McCarthy, C., Harnett, K., & Carter, A. (2014, October). Characterization of potential security threats in modern automobiles: A composite modelling approach. (Report No. DOT HS ). Washington, DC: National Highway Traffic Safety Administration. [Miller 2015] Miller, C., Valasek, C.: Remote Exploitation of an Unaltered Passenger Vehicle. August [MISRA 1998] MISRA (Motor Industry Software Reliability Association). Guidelines for the Use of the C Language in Vehicle Based Software, Nuneaton, UK: MIRA, 1998 (ISBN ). [MISRA 2004] MISRA (Motor Industry Software Reliability Association). MISRA C: 2004 Guidelines for the Use of the C Language in Critical Systems. Nuneaton, UK: MIRA, 2004 (ISBN X). [MISRA 2016] MISRA C WG14 Liaison Report WG14 Meeting, London 11th-14th April 2016 Andrew Banks, [SAE J ] SAE J3061 Cybersecurity Guidebook for Cyber-Physical Vehicle Systems, January [Seacord 2008] Seacord, R.: The CERT C Secure Coding Standard (Addison-Wesley, 2008). [Seacord 2014] Seacord, R.: The CERT C Coding Standard, Second Edition: 98 Rules for Developing Safe, Reliable, and Secure Systems (Addison-Wesley, 2014) [Seacord 2016] Seacord, R.: C Secure Coding Rules: Past, Present, and Future, articles/article.aspx?p= , accessed 18 April Safety, Security, and Portability NCC Group
Introduction. Background. Document: WG 14/N1619. Text for comment WFW-1 of N1618
Document: WG 14/N1619 Text for comment WFW-1 of N1618 Introduction Background An essential element of secure coding in the C programming language is a set of well-documented and enforceable coding rules.
More informationAddressing Future Challenges in the Development of Safe and Secure Software Components The MathWorks, Inc. 1
Addressing Future Challenges in the Development of Safe and Secure Software Components 2016 The MathWorks, Inc. 1 Cybersecurity Emerging Topic in the Auto Industry Vehicle-to-Infrastructure Wifi Hotspot
More informationGUIDELINES ON MARITIME CYBER RISK MANAGEMENT
E 4 ALBERT EMBANKMENT LONDON SE1 7SR Telephone: +44 (0)20 7735 7611 Fax: +44 (0)20 7587 3210 GUIDELINES ON MARITIME CYBER RISK MANAGEMENT MSC-FAL.1/Circ.3 5 July 2017 1 The Facilitation Committee, at its
More information정형기법을활용한 AUTOSAR SWC 의구현확인및정적분석
정형기법을활용한 AUTOSAR SWC 의구현확인및정적분석 Develop high quality embedded software 이영준 Principal Application Engineer 2015 The MathWorks, Inc. 1 Agendas Unit-proving of AUTOSAR Component and Runtime error Secure Coding
More informationClick ISO to edit Master title style Update on development of the standard
Click ISO 26262 to edit Master title style Update on development of the standard Dr David Ward Head of Functional Safety January 2016 Agenda Why update ISO 26262? What is the process for updating the standard?
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationCoverity Static Analysis Support for MISRA Coding Standards
Coverity Static Analysis Support for MISRA Coding Standards Fully ensure the safety, reliability, and security of software written in C and C++ Overview Software is eating the world. Industries that have
More informationCyber risk management into the ISM Code
Building trust. Shaping Safety No. Subject: Cyber risk management into the ISM Code To: insb auditors/managing companies IMO Resolution incorporates maritime cyber risk management into the ISM Code making
More informationST. VINCENT AND THE GRENADINES
ST. VINCENT AND THE GRENADINES MARITIME ADMINISTRATION CIRCULAR N ISM 014 MARITIME CYBER RISK MANAGEMENT MSC.1/CIRC.1526, MSC-FAL.1/CIRC.3, RESOLUTION MSC.428 (98) TO: APPLICABLE TO: SHIPOWNERS, SHIPS
More informationMedical Device Cybersecurity: FDA Perspective
Medical Device Cybersecurity: FDA Perspective Suzanne B. Schwartz MD, MBA Associate Director for Science and Strategic Partnerships Office of the Center Director (OCD) Center for Devices and Radiological
More informationTSP Secure. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA September 2009
TSP Secure Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Noopur Davis, Philip L. Miller, William R. Nichols, and Robert C. Seacord 23 September 2009 2008 Carnegie Mellon
More informationA Model-Based Reference Workflow for the Development of Safety-Related Software
A Model-Based Reference Workflow for the Development of Safety-Related Software 2010-01-2338 Published 10/19/2010 Michael Beine dspace GmbH Dirk Fleischer dspace Inc. Copyright 2010 SAE International ABSTRACT
More informationISO/IEC Information technology Security techniques Code of practice for information security controls
INTERNATIONAL STANDARD ISO/IEC 27002 Second edition 2013-10-01 Information technology Security techniques Code of practice for information security controls Technologies de l information Techniques de
More informationSTRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE
STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby
More informationINTERNATIONAL STANDARD
IEC 62443-2-1 Edition 1.0 2010-11 INTERNATIONAL STANDARD colour inside Industrial communication networks Network and system security Part 2-1: Establishing an industrial automation and control system security
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 27011 First edition 2008-12-15 Information technology Security techniques Information security management guidelines for telecommunications organizations based on ISO/IEC
More informationCERT C++ COMPLIANCE ENFORCEMENT
CERT C++ COMPLIANCE ENFORCEMENT AUTOMATED SOURCE CODE ANALYSIS TO MAINTAIN COMPLIANCE SIMPLIFY AND STREAMLINE CERT C++ COMPLIANCE The CERT C++ compliance module reports on dataflow problems, software defects,
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 13335-1 First edition 2004-11-15 Information technology Security techniques Management of information and communications technology security Part 1: Concepts and models for
More informationCyber Risk and Networked Medical Devices
Cyber Risk and Networked Medical Devices Hot Topics Deloitte & Touche LLP February 2016 Copyright Scottsdale Institute 2016. All Rights Reserved. No part of this document may be reproduced or shared with
More informationISO/IEC TR TECHNICAL REPORT. Software engineering Product quality Part 4: Quality in use metrics
TECHNICAL REPORT ISO/IEC TR 9126-4 First edition 2004-04-01 Software engineering Product quality Part 4: Quality in use metrics Génie du logiciel Qualité des produits Partie 4: Qualité en métrologie d'usage
More informationSecuring the supply chain: A multi-pronged approach
Securing the supply chain: A multi-pronged approach By Jason Jaskolka and John Villasenor Stanford University University of California, Los Angeles June 1, 2017 This presentation addresses two key issues
More informationINTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 90003 First edition 2004-02-15 Software engineering Guidelines for the application of ISO 9001:2000 to computer software Ingénierie du logiciel Lignes directrices pour l'application
More informationConformity Assessment Schemes and Interoperability Testing (1) Keith Mainwaring ITU Telecommunication Standardization Bureau (TSB) Consultant
Conformity Assessment Schemes and Interoperability Testing (1) Keith Mainwaring ITU Standardization Bureau (TSB) Consultant Moscow, 9-11 november 2011 Contents The benefits of conformity assessment Conformity
More informationISAO SO Product Outline
Draft Document Request For Comment ISAO SO 2016 v0.2 ISAO Standards Organization Dr. Greg White, Executive Director Rick Lipsey, Deputy Director May 2, 2016 Copyright 2016, ISAO SO (Information Sharing
More informationThis document is a preview generated by EVS
INTERNATIONAL STANDARD ISO/IEC 27011 Second edition 2016-12-01 Information technology Security techniques Code of practice for Information security controls based on ISO/IEC 27002 for telecommunications
More informationFDA & Medical Device Cybersecurity
FDA & Medical Device Cybersecurity Closing Keynote, February 19, 2017 Suzanne B. Schwartz, M.D., MBA Associate Director for Science & Strategic Partnerships Center for Devices and Radiological Health US
More informationDirective on security of network and information systems (NIS): State of Play
Directive on security of network and information systems (NIS): State of Play Svetlana Schuster Unit H1 Cybersecurity and Digital Privacy DG Communications Networks, Content and Technology, European Commission
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management
INTERNATIONAL STANDARD ISO/IEC 27005 First edition 2008-06-15 Information technology Security techniques Information security risk management Technologies de l'information Techniques de sécurité Gestion
More informationNational Institute of Standards and Technology
National Institute of Standards and Technology April 2017 1 ITL Mission ITL promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards, and related technology through
More informationEconomic and Social Council
United Nations Economic and Social Council ECE/TRANS/WP.29/2017/46 Distr.: General 23 December 2016 Original: English Economic Commission for Europe Inland Transport Committee World Forum for Harmonization
More informationThe Key Principles of Cyber Security for Connected and Automated Vehicles. Government
The Key Principles of Cyber Security for Connected and Automated Vehicles Government Contents Intelligent Transport System (ITS) & Connected and Automated Vehicle (CAV) System Security Principles: 1. Organisational
More informationSecurity analysis and assessment of threats in European signalling systems?
Security analysis and assessment of threats in European signalling systems? New Challenges in Railway Operations Dr. Thomas Störtkuhl, Dr. Kai Wollenweber TÜV SÜD Rail Copenhagen, 20 November 2014 Slide
More informationI. The Medical Technology Industry s Cybersecurity Efforts and Requirements
701 Pennsylvania Avenue, NW Suite 800 Washington, D.C. 20004 2654 Tel: 202 783 8700 Fax: 202 783 8750 www.advamed.org June 12, 2018 U.S. House of Representatives Committee on Energy and Commerce 2125 Rayburn
More informationCybersecurity: Incident Response Short
Cybersecurity: Incident Response Short August 2017 Center for Development of Security Excellence Contents Lesson 1: Incident Response 1-1 Introduction 1-1 Incident Definition 1-1 Incident Response Capability
More informationISO/IEC/ IEEE INTERNATIONAL STANDARD. Systems and software engineering Architecture description
INTERNATIONAL STANDARD ISO/IEC/ IEEE 42010 First edition 2011-12-01 Systems and software engineering Architecture description Ingénierie des systèmes et des logiciels Description de l'architecture Reference
More informationISO/IEC JTC 1 N 13145
ISO/IEC JTC 1 N 13145 ISO/IEC JTC 1 Information technology Secretariat: ANSI (United States) Document type: Title: Status: Business Plan BUSINESS PLAN FOR ISO/IEC JTC 1/SC 40, IT SERVICE MANAGEMENT AND
More informationInformation technology Security techniques Information security controls for the energy utility industry
INTERNATIONAL STANDARD ISO/IEC 27019 First edition 2017-10 Information technology Security techniques Information security controls for the energy utility industry Technologies de l'information Techniques
More informationcybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services
Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2
More informationConvergence of Safety, Systems & Cybersecurity Bill StClair, Director, LDRA, US Operations
Convergence of Safety, Systems & Cybersecurity Bill StClair, Director, LDRA, US Operations Agenda Nexus of Safety and Cybersecurity Separation and Connectivity Trends in Aerospace Cybersecurity Isn t Security
More informationThe modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.
Automotive The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020. Cars are becoming increasingly connected through a range of wireless networks The increased
More informationRegulatory Aspects of Digital Healthcare Solutions
Regulatory Aspects of Digital Healthcare Solutions TÜV SÜD Product Service GmbH Dr. Markus Siebert Rev. 02 / 2017 02.05.2017 TÜV SÜD Product Service GmbH Slide 1 Contents Digital solutions as Medical Device
More information_isms_27001_fnd_en_sample_set01_v2, Group A
1) What is correct with respect to the PDCA cycle? a) PDCA describes the characteristics of information to be maintained in the context of information security. (0%) b) The structure of the ISO/IEC 27001
More informationQuality and usability: A new framework
van Veenendaal, E, and McMullan, J (eds) Achieving software product quality, Tutein Nolthenius, Netherlands, 1997 Quality and usability: A new framework Nigel Bevan Usability Services National Physical
More informationISO/IEC TR TECHNICAL REPORT
TECHNICAL REPORT ISO/IEC TR 24731-2 First edition 2010-12-01 Information technology Programming languages, their environments and system software interfaces Extensions to the C library Part 2: Dynamic
More informationISA99 - Industrial Automation and Controls Systems Security
ISA99 - Industrial Automation and Controls Systems Security Committee Summary and Activity Update Standards Certification Education & Training Publishing Conferences & Exhibits September 2016 Copyright
More informationCybersecurity eit. Software. Certification. Industrial Security Embedded System
Statement Benefits and limitations of certifications and labels in the context of cyber security Arguments for a balance between customer information and industrial suitability Industrial Security Embedded
More informationThe University of Queensland
UQ Cyber Security Strategy 2017-2020 NAME: UQ Cyber Security Strategy DATE: 21/07/2017 RELEASE:0.2 Final AUTHOR: OWNER: CLIENT: Marc Blum Chief Information Officer Strategic Information Technology Council
More informationSystems and software engineering Requirements for testers and reviewers of information for users
INTERNATIONAL STANDARD ISO/IEC/ IEEE 26513 Second edition 2017-10 Systems and software engineering Requirements for testers and reviewers of information for users Ingénierie des systèmes et du logiciel
More informationMeasuring the effectiveness of your ISMS implementations based on ISO/IEC 27001
Measuring the effectiveness of your ISMS implementations based on ISO/IEC 27001 Information Security Management Systems Guidance series The Information Security Management Systems (ISMS) series of books
More informationISO/IEC TR TECHNICAL REPORT
TECHNICAL REPORT ISO/IEC TR 27019 First edition 2013-07-15 Information technology Security techniques Information security management guidelines based on ISO/IEC 27002 for process control systems specific
More informationDevelopment of a new IEC Standard on Cybersecurity Controls for I&C in Nuclear Power Plants IEC 63096
Development of a new IEC Standard on Cybersecurity Controls for I&C in Nuclear Power Plants IEC 63096 Juergen Bochtler Siemens AG PG ES IC T2000SOL PN QC Freyeslebenstr. 1 D-91058 Erlangen, Germany juergen.bochtler@siemens.com
More informationSystems and software engineering Framework for categorization of IT systems and software, and guide for applying it
TECHNICAL REPORT ISO/IEC TR 12182 Second edition 2015-05-01 Systems and software engineering Framework for categorization of IT systems and software, and guide for applying it Ingénierie des systèmes et
More informationISO INTERNATIONAL STANDARD. Safety of machinery Safety-related parts of control systems Part 1: General principles for design
INTERNATIONAL STANDARD ISO 13849-1 Second edition 2006-11-01 Safety of machinery Safety-related parts of control systems Part 1: General principles for design Sécurité des machines Parties des systèmes
More informationWHITEPAPER. Vulnerability Analysis of Certificate Validation Systems
WHITEPAPER Vulnerability Analysis of Certificate Validation Systems The US Department of Defense (DoD) has deployed one of the largest Public Key Infrastructure (PKI) in the world. It serves the Public
More informationMASP Chapter on Safety and Security
MASP Chapter on Safety and Security Daniel Watzenig Graz, Austria https://artemis.eu MASP Chapter on Safety & Security Daniel Watzenig daniel.watzenig@v2c2.at Francois Tuot francois.tuot@gemalto.com Antonio
More informationSystems and software engineering Requirements for managers of information for users of systems, software, and services
This is a preview - click here to buy the full publication INTERNATIONAL STANDARD ISO/IEC/ IEEE 26511 Second edition 2018-12 Systems and software engineering Requirements for managers of information for
More informationReport of the Working Group on mhealth Assessment Guidelines February 2016 March 2017
Report of the Working Group on mhealth Assessment Guidelines February 2016 March 2017 1 1 INTRODUCTION 3 2 SUMMARY OF THE PROCESS 3 2.1 WORKING GROUP ACTIVITIES 3 2.2 STAKEHOLDER CONSULTATIONS 5 3 STAKEHOLDERS'
More informationDon t Be the Developer Whose Rocket Crashes on Lift off LDRA Ltd
Don t Be the Developer Whose Rocket Crashes on Lift off 2015 LDRA Ltd Cost of Software Defects Consider the European Space Agency s Ariane 5 flight 501 on Tuesday, June 4 1996 Due to an error in the software
More informationCERT Overview. Jeffrey J. Carpenter 2008 Carnegie Mellon University
CERT Overview Jeffrey J. Carpenter 2008 Carnegie Mellon University Software Engineering Institute Department of Defense R&D Laboratory FFRDC Created in 1984 Administered by Carnegie Mellon
More informationInformation Technology Branch Organization of Cyber Security Technical Standard
Information Technology Branch Organization of Cyber Security Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 1 November 20, 2014 Approved:
More informationstandards and so the text is not to be used for commercial purposes, gain or as a source of profit. Any changes to the slides or incorporation in
ISO/IEC JTC 1/SC 27/WG 4 IT Security Controls and Services M. De Soete, ISO/IEC JTC 1 SC27 Vice Chair copyright ISO/IEC JTC 1/SC 27, 2014. This is an SC27 public document and is distributed as is for the
More informationMISRA C:2012 Addendum 2
Permit / Example / C:2012 / R.10.6.A.1 MISRA C:2012 Addendum 2 Coverage of MISRA C:2012 (including Amendment 1) against ISO/IEC TS 17961:2013 C Secure 2 nd Edition, January 2018 First published January
More informationHow Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner
How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda Rise in Data Breaches Effects of Increase in Cybersecurity Threats Cybersecurity Framework
More informationCybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com
Cybersecurity Presidential Policy Directive Frequently Asked Questions kpmg.com Introduction On February 12, 2013, the White House released the official version of the Presidential Policy Directive regarding
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationGUIDE 63. Guide to the development and inclusion of safety aspects in International Standards for medical devices
GUIDE 63 Guide to the development and inclusion of safety aspects in International Standards for medical devices Second edition 2012 ISO/IEC 2012 ISO/IEC GUIDE 63:2012(E) This is a preview - click here
More informationMaritime cyber risk management
Javier Yasnikouski Head Maritime Security Sub-Division for Maritime Security and Facilitation The International Maritime Organization IMO mission: Safe, secure and efficient shipping on clean oceans 2
More informationSecurity Challenges with ITS : A law enforcement view
Security Challenges with ITS : A law enforcement view Central Observatory for Intelligent Transportation Systems FRENCH MINISTRY OF INTERIOR GENDARMERIE NATIONALE Colonel Franck MARESCAL franck.marescal@gendarmerie.interieur.gouv.fr
More informationInformation technology Service management. Part 10: Concepts and vocabulary
Provläsningsexemplar / Preview INTERNATIONAL STANDARD ISO/IEC 20000-10 First edition 2018-09 Information technology Service management Part 10: Concepts and vocabulary Technologies de l'information Gestion
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Software asset management Part 1: Processes and tiered assessment of conformance
INTERNATIONAL STANDARD This is a preview - click here to buy the full publication ISO/IEC 19770-1 Second edition 2012-06-15 Information technology Software asset management Part 1: Processes and tiered
More informationJohn Snare Chair Standards Australia Committee IT/12/4
John Snare Chair Standards Australia Committee IT/12/4 ISO/IEC 27001 ISMS Management perspective Risk Management (ISO 31000) Industry Specific Standards Banking, Health, Transport, Telecommunications ISO/IEC
More informationRemit Issue April 2016
1 Introduction Remit Issue 02 18 April 2016 1.1 This document defines the scope, purpose and working arrangements for the High Integrity Systems Group. High integrity systems are playing an increasingly
More informationProtecting Information Assets - Week 3 - Data Classification Processes and Models. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 3 - Data Classification Processes and Models Readings In the News MIS5206 Week 3 Data Classification Processes and Models Test Taking Tip Quiz Readings Vacca Chapter
More informationGovernance Ideas Exchange
www.pwc.com.au Anatomy of a Hack Governance Ideas Exchange Robert Di Pietro October 2018 Cyber Security Anatomy of a Hack Cyber Security Introduction Who are the bad guys? Profiling the victim Insights
More informationThis document is a preview generated by EVS
INTERNATIONAL STANDARD ISO/IEC/ IEEE 26515 First edition 2011-12-01 Corrected version 2012-03-15 Systems and software engineering Developing user documentation in an agile environment Ingénierie du logiciel
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationCERTIFICATION ISSUES IN AUTOMOTIVE SOFTWARE
CERTIFICATION ISSUES IN AUTOMOTIVE SOFTWARE Speaker: Mario Fusani Systems and Software Evaluation Centre ISTI CNR, Pisa, Italy mario.fusani@isti.cnr.it 1 CONTENTS Certification What is certification? Definitions
More informationProcurement Language for Supply Chain Cyber Assurance
Procurement Language for Supply Chain Cyber Assurance Procurement Language for Supply Chain Cyber Assurance Introduction For optimal viewing of this PDF, please view in Adobe Acrobat. This document serves
More informationThe NIS Directive and Cybersecurity in
The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security
More informationCybersecurity and Hospitals: A Board Perspective
Cybersecurity and Hospitals: A Board Perspective Cybersecurity is an important issue for both the public and private sector. At a time when so many of our activities depend on information systems and technology,
More informationENISA s Position on the NIS Directive
ENISA s Position on the NIS Directive 1 Introduction This note briefly summarises ENISA s position on the NIS Directive. It provides the background to the Directive, explains its significance, provides
More informationCERT Secure Coding Standards Robert C. Seacord Carnegie Mellon University
CERT Secure Coding Standards Robert C. Seacord 2006 Carnegie Mellon University Problem Statement 6,000 5,000 Reacting to vulnerabilities in existing systems is not working 5,990 4,000 Total vulnerabilities
More informationISO INTERNATIONAL STANDARD. Health informatics Service architecture Part 3: Computational viewpoint
INTERNATIONAL STANDARD ISO 12967-3 First edition 2009-08-15 Health informatics Service architecture Part 3: Computational viewpoint Informatique de santé Architecture de service Partie 3: Point de vue
More informationInformation technology Guidelines for the application of ISO 9001:2008 to IT service management and its integration with ISO/IEC :2011
TECHNICAL REPORT ISO/IEC TR 90006 First edition 2013-11-01 Information technology Guidelines for the application of ISO 9001:2008 to IT service management and its integration with ISO/IEC 20000-1:2011
More informationSynergies of the Common Criteria with Other Standards
Synergies of the Common Criteria with Other Standards Mark Gauvreau EWA-Canada 26 September 2007 Presenter: Mark Gauvreau (mgauvreau@ewa-canada.com) Overview Purpose Acknowledgements Security Standards
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques IT network security Part 2: Network security architecture
This is a preview - click here to buy the full publication INTERNATIONAL STANDARD ISO/IEC 18028-2 First edition 2006-02-01 Information technology Security techniques IT network security Part 2: Network
More informationAUTOMOTIVE FUNCTIONAL SAFETY: ACCELERATING INNOVATION THROUGH COOPERATION AND CONSENSUS IN STANDARDS
AUTOMOTIVE FUNCTIONAL SAFETY: ACCELERATING INNOVATION THROUGH COOPERATION AND CONSENSUS IN STANDARDS May 2018 BSI Standards 020 8996 7261 Alex.Price@BSIgroup.com Copyright 2012 BSI. All rights reserved.
More informationSOC 2 examinations and SOC for Cybersecurity examinations: Understanding the key distinctions
SOC 2 examinations and SOC for Cybersecurity examinations: Understanding the key distinctions DISCLAIMER: The contents of this publication do not necessarily reflect the position or opinion of the American
More informationNATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium
NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium Securing Cyber Space & America s Cyber Assets: Threats, Strategies & Opportunities September 10, 2009, Crystal Gateway Marriott, Arlington,
More informationGoal-Based Assessment for the Cybersecurity of Critical Infrastructure
Goal-Based Assessment for the Cybersecurity of Critical Infrastructure IEEE HST 2010 November 10, 2010 NO WARRANTY THIS MATERIAL OF CARNEGIE MELLON UNIVERSITY AND ITS SOFTWARE ENGINEERING INSTITUTE IS
More informationISO INTERNATIONAL STANDARD. Cleanrooms and associated controlled environments Part 5: Operations
INTERNATIONAL STANDARD ISO 14644-5 First edition 2004-08-15 Cleanrooms and associated controlled environments Part 5: Operations Salles propres et environnements maîtrisés apparentés Partie 5: Exploitation
More informationInformation technology Programming languages, their environments and system software interfaces C secure coding rules
TECHNICAL SPECIFICATION ISO/IEC TS 17961 First edition 2013-11-15 Information technology Programming languages, their environments and system software interfaces C secure coding rules Technologies de l
More informationAchilles System Certification (ASC) from GE Digital
Achilles System Certification (ASC) from GE Digital Frequently Asked Questions GE Digital Achilles System Certification FAQ Sheet 1 Safeguard your devices and meet industry benchmarks for industrial cyber
More informationSC27 WG4 Mission. Security controls and services
copyright ISO/IEC JTC 1/SC 27, 2012. This is an SC27 public document and is distributed as is for the sole purpose of awareness and promotion of SC 27 standards and so the text is not to be used for commercial
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security management systems Overview and vocabulary
INTERNATIONAL STANDARD ISO/IEC 27000 Second edition 2012-12-01 Information technology Security techniques Information security management systems Overview and vocabulary Technologies de l'information Techniques
More informationSECURING THE UK S DIGITAL PROSPERITY. Enabling the joint delivery of the National Cyber Security Strategy's objectives
SECURING THE UK S DIGITAL PROSPERITY Enabling the joint delivery of the National Cyber Security Strategy's objectives 02 November 2016 2 SECURING THE UK S DIGITAL PROSPERITY SECURING THE UK S DIGITAL PROSPERITY
More informationCybersecurity, safety and resilience - Airline perspective
Arab Civil Aviation Commission - ACAC/ICAO MID GNSS Workshop Cybersecurity, safety and resilience - Airline perspective Rabat, November, 2017 Presented by Adlen LOUKIL, Ph.D CEO, Resys-consultants Advisory,
More informationISA99 - Industrial Automation and Controls Systems Security
ISA99 - Industrial Automation and Controls Systems Security Committee Summary and Activity Update Standards Certification Education & Training Publishing Conferences & Exhibits February 2018 Copyright
More informationCyber Security and Cyber Fraud
Cyber Security and Cyber Fraud Remarks by Andrew Ross Director, Payments and Cyber Security Canadian Bankers Association for Senate Standing Committee on Banking, Trade, and Commerce October 26, 2017 Ottawa
More informationIJESRT. (I2OR), Publication Impact Factor: (ISRA), Impact Factor: 2.114
IJESRT INTERNATIONAL JOURNAL OF ENGINEERING SCIENCES & RESEARCH TECHNOLOGY EVALUATING ISO STANDARDS APPLICATION OF SECURITY REQUIREMENTS OF E- BANKING IN SUDAN Inshirah M. O. Elmaghrabi*, Hoida A. Abdelgadir,
More information