Addressing Future Challenges in the Development of Safe and Secure Software Components The MathWorks, Inc. 1

Similar documents
정형기법을활용한 AUTOSAR SWC 의구현확인및정적분석

Verification and Validation of High-Integrity Systems

Automating Best Practices to Improve Design Quality

Automating Best Practices to Improve Design Quality

Automatización de Métodos y Procesos para Mejorar la Calidad del Diseño

The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.

MASP Chapter on Safety and Security

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

Automotive Cybersecurity: Why is it so Difficult? Steven W. Dellenback, Ph.D. Vice President R&D Intelligent Systems Division

C and C++ Secure Coding 4-day course. Syllabus

Fending Off Cyber Attacks Hardening ECUs by Fuzz Testing

Best Practices Process & Technology. Sachin Dhiman, Senior Technical Consultant, LDRA

WHITE PAPER. 10 Reasons to Use Static Analysis for Embedded Software Development

Automotive Security: Challenges, Standards and Solutions. Alexander Much 12 October 2017

Choosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist

CYBERSECURITY. Recent OCR Actions & Cyber Awareness Newsletters. Claire C. Rosston

Preventing Cyber Attacks on Aftermarket Connectivity Solutions Zach Blumenstein, BD Director Argus Cyber Security

Secure Development Lifecycle

Don t Be the Developer Whose Rocket Crashes on Lift off LDRA Ltd

Innovation policy for Industry 4.0

Protecting Smart Buildings

Christoph Schmittner, Zhendong Ma, Paul Smith

DEVELOPING SECURE EMBEDDED SOFTWARE

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Automotive Security Standardization activities and attacking trend

Synopsys Static Analysis Support for SEI CERT C Coding Standard

Security Testing: Terminology, Concepts, Lifecycle

Medical Device Safety in a Connected World

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Secure Product Design Lifecycle for Connected Vehicles

EU General Data Protection Regulation (GDPR) Achieving compliance

Procurement Language for Supply Chain Cyber Assurance

Security analysis and assessment of threats in European signalling systems?

Security Challenges with ITS : A law enforcement view

Agenda. About TRL. What is the issue? Security Analysis. Consequences of a Cyber attack. Concluding remarks. Page 2

Automotive Anomaly Monitors and Threat Analysis in the Cloud

Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring

Verification and Test with Model-Based Design

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

Functional Safety and Cyber-Security Experiences and Trends

Tool-Supported Cyber-Risk Assessment

Cybersecurity Technical Risk Indicators:

Engineering Your Software For Attack

Tech Spec. Hot Topics Packages

Restech. User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS

Development of Intrusion Detection System for vehicle CAN bus cyber security

Cybersecurity Challenges for Connected and Automated Vehicles. Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute

CERT C++ COMPLIANCE ENFORCEMENT

Cyber Attacks & Breaches It s not if, it s When

Measuring and Evaluating Cyber Risk in ICS Components, Products and Systems

Brave New 64-Bit World. An MWR InfoSecurity Whitepaper. 2 nd June Page 1 of 12 MWR InfoSecurity Brave New 64-Bit World

The Learner can: 1.1 Describe the common types of security breach that can affect the organisation, such as:

PENETRATION TESTING OF AUTOMOTIVE DEVICES. Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017

Securing the Grid and Your Critical Utility Functions. April 24, 2017

Infrastructure Blind Spots Continue to Fuel Personal Data Breaches. Sanjay Raja Lumeta Corporation Lumeta Corporation

Designing Secure Medical Devices

Medical Devices and Cyber Issues JANUARY 23, American Hospital Association and BDO USA, LLP. All rights reserved.

Cyber Security Guidelines for Securing Home and Small Office Routers

From Russia With Love

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

Addressing the elephant in the operating room: a look at medical device security programs

Riccardo Mariani, Intel Fellow, IOTG SEG, Chief Functional Safety Technologist

Examining future priorities for cyber security management

By V-cubed Solutions, Inc. Page1. All rights reserved by V-cubed Solutions, Inc.

Complying with RBI Guidelines for Wi-Fi Vulnerabilities

Leveraging Formal Methods Based Software Verification to Prove Code Quality & Achieve MISRA compliance

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

High-Assurance Cyber Space Systems (HACSS) for Small Satellite Mission Integrity

Institute of Internal Auditors 2018 IIA CHICAGO CHAPTER JOIN NTAC:4UC-11

Safety, Security, and Portability

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

13W-AutoSPIN Automotive Cybersecurity

Ranking Vulnerability for Web Application based on Severity Ratings Analysis

2014 TRANSIT CEOs SEMINAR. Cybersecurity What Every CEO Should Know to Help Secure the System

SGS CYBER SECURITY GROWTH OPPORTUNITIES

Cybersecurity and Hospitals: A Board Perspective

Embedded/Connected Device Secure Coding. 4-Day Course Syllabus

The Remote Exploitation of Unaltered Passenger Vehicles Revisited. 20 th October 2016 Mark Pitchford, Technical Manager, EMEA

Cybersecurity Session IIA Conference 2018

Securing the future of mobility

Session 5311 Critical Testing Programs for Security Operations

CIS 5373 Systems Security

Incident Response. Tony Drewitt Head of Consultancy IT Governance Ltd

Risk-based design for automotive networks. Eric Evenchik, Linklayer labs & Motivum.io Stefano Zanero, Politecnico di Milano & Motivum.

Automotive Cyber Security

Leveraging Formal Methods for Verifying Models and Embedded Code Prashant Mathapati Application Engineering Group

SECURING THE CONNECTED ENTERPRISE.

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

Architecture-driven development of Climate Control Software LMS Imagine.Lab Embedded Software Designer Siemens DF PL

mhealth SECURITY: STATS AND SOLUTIONS

Certified Automotive Software Tester Sample Exam Paper Syllabus Version 2.0

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Information Flow Analysis and Type Systems for Secure C Language (VITC Project) Jun FURUSE. The University of Tokyo

Security. Protect your business from security threats with Pearl Technology. The Connection That Matters Most

Protection Profile for Connected Diabetes Devices (CDD PP) Extended Package: Moderate

Convergence of Safety, Systems & Cybersecurity Bill StClair, Director, LDRA, US Operations

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Universal Representation of a Consumer's Identity Is it Possible? Presenter: Rob Harris, VP of Product Strategy, FIS

Uptane: Securely Updating Automobiles. Sam Weber NYU 14 June 2017

Transcription:

Addressing Future Challenges in the Development of Safe and Secure Software Components 2016 The MathWorks, Inc. 1

Cybersecurity Emerging Topic in the Auto Industry Vehicle-to-Infrastructure Wifi Hotspot Wireless Key Remote Start Internet Connection Tire Pressure Monitor Vehicle-to-Vehicle ecall Bluetooth Connection 2

Growing security concerns rise in number and complexity In 2013, 2164 separate incidents, over 822 million records were exposed, nearly doubling the previous highest year on record (2011). Hacking accounted for almost 60% of incidents.. US has by far the biggest share of pain with 48.7% of the total.. Continued to increase in 2014 and 2015 Researchers demonstrated a proof-of-concept attack where they managed to take control of a vehicle remotely Sources: https://nakedsecurity.sophos.com/2014/02/19/2013-an-epic-year-for-data-breaches-with-over-800-million-recordslost/ http://www.zdnet.com/pictures/2014-in-security-the-biggest-hacks-leaks-and-data-breaches http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ http://www.cbsnews.com/news/u-s-officials-warn-medical-devices-are-vulnerable-to-hacking 3

Conflicting Safety & Security Goals When the full locking system is employed, the interior operations for unlocking the door locking mechanism are disengaged, which makes the locking system an effective anti-theft measure. However, if the doors cannot be opened by an occupant from inside the vehicle, they may be trapped inside. Resulted in recall of more than 6000 cars Source: https://www.cnet.com/roadshow/news/aston-martin-recalls-cars-for-door-locks-that-work-too-well/ http://www.carcomplaints.com/news/2016/aston-martin-recalls-door-locks.shtml 4

Communication between Cybersecurity and Safety Process Source: SAE 3061 Cyber Security Framework 5

Cybersecurity Industry Activities & Standards SAE Vehicle Cybersecurity Systems Engineering Committee SAE J3061 - Cybersecurity Guidebook for Cyber-Physical Vehicle Systems SAE J3101 - Requirements for Hardware-Protected Security for Ground Vehicle Applications (WIP) SAE Cybersecurity Assurance Testing Task Force (TEVEES18A1) Coding standards & practices that we observe at automotive customers - CERT C - ISO/IEC TS 17961 C Secure Coding Rules - CWE Common Weakness Enumeration - MISRA-C:2012 Amendment 1 6

Example Cybersecurity Lifecycle (SAE 3061) Concept Phase Requirements Phase Assets and Attack Potentials Threat and Risk Assessment Cybersecurity Goals Validate Security Assumptions Cybersecurity Case Design Phase Product Development Phase System-level Cybersecurity Concept Technical Cybersecurity Concept Implement Security Mechanism Test Security Mechanisms & Penetration Tests Item Integration & Testing Validation & Verification Phase Secure Implementation of Nominal Functions Source: SAE 3061 Cyber Security Framework 7

Threat Modeling & Attack Tree Analysis *Referring to SAE J3061 Appendix A.1 OVERVIEW OF THREAT ANALYSIS & RISK ASSESSMENT AND VULNERABILITY ANALYSIS METHODS: Vulnerability analysis can be performed at different levels; the system level, hardware level, and software level. Some analysis methods, such as attack trees, may be used across different levels. Identifying flaws as early as possible in the CPS design is 5 to 10 less expensive than finding them during the detailed design stages. Source: G. Fortney. Model based systems engineering using validated executable specifications as an enabler for cost and risk reduction. Proceedings of the 2014 Ground Vehicle Systems Engineering and Technology Symposium (GVSETS), 2014. 8

Model-Based Safety/Security Analysis Simulink Model of a function Maintain safe distance by braking Property proving (e.g., Simulink Design Verifier) Violated Counterexamples Satisfied 9

Model-Based Safety/Security Analysis Assets and Attack Potentials 10

Model-Based Safety/Security Analysis Simulink Model of a function Maintain safe distance by braking Threat models Threat and Risk Assessment Property proving (e.g., Simulink Design Verifier) Violated Counterexamples Satisfied 11

Model-Based Safety/Security Analysis Simulink Model of a function Maintain safe distance by braking Interruption attack Man-in-the-middle attack Overflow attack Downsampling attack Threat and Risk Assessment Property proving (e.g., Simulink Design Verifier) Violated Counterexamples Satisfied 12

Model-Based Safety/Security Analysis 13

Smart Fuzz Testing Identifying System Vulnerabilities Fuzzing is a technique whereby an application is fed malformed input data with the aim to detect anomalies in the processing of unexpected data entry System under Test Define Violation Criterion Smart fuzz test stimuli Leverage smart fuzz testing to identify vulnerabilities Define intended cybersecurity violation Automated test/attack case generation 14

Automation to handle design Trade-offs Check Modified Design Code generation C Code Improvement Suggestions 15

Coding Standards Overview Coding Standard C Standard Security Standard Safety Standard International Standard CWE None/all Yes No No N/A MISRA C:2004 C89 No Yes No No MISRA C:2012* C99 No Yes No No CERT C99 C99 Yes No No Yes CERT C11 C11 Yes Yes No Yes ISO/IEC TS 17961 C11 Yes No Yes Yes *) 04/2016: Additional security guidelines for MISRA-C:2012 Amendment 1 Whole Language Source: Table is based on the book: 16

CWE : Common Weakness Enumeration Not limited to the C programing language Not limited to potential issues caused by source code E.g.: CWE-5: J2EE Misconfiguration: Data Transmission Without Encryption Includes CERT C 18

SEI CERT C Coding Standard This coding standard consists of rules and recommendations, collectively referred to as guidelines. Rules are meant to provide normative requirements for code, whereas Actual: 98 Rules (depending on applicable categories) Recommendations are meant to provide guidance that, when followed, should improve the safety, reliability, and security of software systems. Actual: 178 Recommendations (depending on applicable categories) 19

L2 Example: Rule 05. Floating Point (FLP) 21

Mapping to MISRA C:2012 22

Potential Cert C issues * FLP30-C 2 Do not use floating-point variables as loop counters FLP34-C 41 Ensure that floating-point conversions are within range of the new type INT30-C 72 Ensure that unsigned integer operations do not wrap INT31-C 343 Ensure that integer conversions do not result in lost or misinterpreted data *) all user made; found in C code generated from 50 industry models 23

Potential Cert C issues * Reason: models have not been designed to comply with Cert C (issues are specifically relevant if taint data is involved) FLP30-C 2 Do not use floating-point variables as loop counters FLP34-C 41 Ensure that floating-point conversions are within range of the new type INT30-C 72 Ensure that unsigned integer operations do not wrap INT31-C 343 Ensure that integer conversions do not result in lost or misinterpreted data *) all user made; found in C code generated from 50 industry models 24

Automated analysis Defects related to Code elements from an unsecure source (e.g. parameters, globals, etc.) Example: Array access with tainted index /* Use Index to Return Buffer Value */ #define SIZE100 100 extern int tab[size100]; int taintedarrayindex(int num) { return tab[num]; } 25

Automated analysis: e.g. Static Taint Analysis detects issues Defects related to Code elements from an unsecure source Example: Array access with tainted index /* Use Index to Return Buffer Value */ #define SIZE100 100 extern int tab[size100]; int taintedarrayindex(int num) { return tab[num]; } 26

Automated analysis: e.g. Static Taint Analysis satisfies standards Defects related to Code elements from an unsecure source Example: Array access with tainted index /* Use Index to Return Buffer Value */ #define SIZE100 100 extern int tab[size100]; int taintedarrayindex(int num) { return tab[num]; } 27

Automated analysis: e.g. Static Taint Analysis on the fix... Defects related to Code elements from an unsecure source Example: Array access with tainted index /* Use Index to Return Buffer Value */ #define SIZE100 100 extern int tab[size100]; int taintedarrayindex(int num) { if (num >= 0 && num < SIZE100) { return tab[num]; } else { return -9999; } } 28

Automated analysis: e.g. Analysis with Formal Proof Defects related to Code elements from an unsecure source Example: Array access with tainted index /* Use Index to Return Buffer Value */ #define SIZE100 100 extern int tab[size100]; int taintedarrayindex(int num) { if (num >= 0 && num < SIZE100) { return tab[num]; } else { return -9999; } } 29

A static and semantic code analysis tool helps you to... Identify defects Enforce coding rules Produce and monitor quality metrics 30

Key Takeaways and call to action Adressing cyber-security uses processes, methods and tools known from functional safety domain, with different scope Static and semantic code analysis provides a quick start to identify security vulnerabilities and assess coding standard compliance Model-based design streamlines efforts for meeting existing and emerging safety & security standard compliance 31

Questions!?! Thank You! 32

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback