Convergence of Safety, Systems & Cybersecurity Bill StClair, Director, LDRA, US Operations

Similar documents
The Remote Exploitation of Unaltered Passenger Vehicles Revisited. 20 th October 2016 Mark Pitchford, Technical Manager, EMEA

Offense & Defense in IoT World. Samuel Lv Keen Security Lab, Tencent


Preventing Cyber Attacks on Aftermarket Connectivity Solutions Zach Blumenstein, BD Director Argus Cyber Security

Securing the Connected Car. Eystein Stenberg Product Manager Mender.io

Automotive Cybersecurity: Why is it so Difficult? Steven W. Dellenback, Ph.D. Vice President R&D Intelligent Systems Division

Innovation policy for Industry 4.0

Don t Be the Developer Whose Rocket Crashes on Lift off LDRA Ltd

An Experimental Analysis of the SAE J1939 Standard

Cybersecurity Challenges for Connected and Automated Vehicles. Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute

Smart Antennas and Hypervisor: Enabling Secure Convergence. July 5, 2017

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

13W-AutoSPIN Automotive Cybersecurity

Safety and Security for Automotive using Microkernel Technology

Securing the Connected Car. Eystein Stenberg CTO Mender.io

Functional Safety and Cyber-Security Experiences and Trends

Using a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles

Cybersecurity and Communications Based Train Control

Cyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies

Towards Trustworthy Internet of Things for Mission-Critical Applications. Arjmand Samuel, Ph.D. Microsoft Azure - Internet of Things

Using a Certified Hypervisor to Secure V2X communication

Automotive Anomaly Monitors and Threat Analysis in the Cloud

IS CAR HACKING OVER? AUTOSAR SECURE ONBOARD COMMUNICATION

Hacking Exposed Wireless: Wireless Security Secrets & Colutions Ebooks Free

Car hacks 2018 (BMW, Audi) for the "not so hands-on"

Functional Safety and Cyber Security Experiences and Trends

13th Florence Rail Forum: Cyber Security in Railways Systems. Immacolata Lamberti Andrea Pepato

Christoph Schmittner, Zhendong Ma, Paul Smith

IoT and Smart Infrastructure efforts in ENISA

SECURIFY: A COMPOSITIONAL APPROACH OF BUILDING SECURITY VERIFIED SYSTEM

*NSTAC Report to the President on the Internet of Things.

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Fending Off Cyber Attacks Hardening ECUs by Fuzz Testing

Security Challenges with ITS : A law enforcement view

Hardening Attack Vectors to cars by Fuzzing

Securing Industrial Control Systems

Preventing External Connected Devices From Compromising Vehicle Systems Vector Congress November 7, 2017 Novi, MI

Cybersecurity, safety and resilience - Airline perspective

SIMPLIFYING THE CAR. Helix chassis. Helix chassis. Helix chassis WIND RIVER HELIX CHASSIS WIND RIVER HELIX DRIVE WIND RIVER HELIX CARSYNC

Advanced IP solutions enabling the autonomous driving revolution

Autonomous Driving needs Safety & Security. Embedded World 2018 Dr. Ciwan Gouma

Car Hacking for Ethical Hackers

Cybersecurity program & best practices

How to protect Automotive systems with ARM Security Architecture

Addressing Future Challenges in the Development of Safe and Secure Software Components The MathWorks, Inc. 1

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.

Why Machine Learning is More Likely to Cure Cancer Than to Stop Malware WHITE PAPER

The Perfect Storm Cyber RDT&E

Securing the SMB Cloud Generation

Measuring and Evaluating Cyber Risk in ICS Components, Products and Systems

Designing Secure Medical Devices

PENETRATION TESTING OF AUTOMOTIVE DEVICES. Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

New ARMv8-R technology for real-time control in safetyrelated

정형기법을활용한 AUTOSAR SWC 의구현확인및정적분석

Identity-Based Cyber Defense. March 2017

MEMORY AND BEHAVIORAL PROTECTION ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

Handling Top Security Threats for Connected Embedded Devices. OpenIoT Summit, San Diego, 2016

Automotive Security: Challenges, Standards and Solutions. Alexander Much 12 October 2017

Diagnostic Trends 2017 An Overview

Information Warfare Industry Day

18-642: Security Mitigation & Validation

High-Assurance Cyber Space Systems (HACSS) for Small Satellite Mission Integrity

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

Security Testing. - a requirement for a secure business. ISACA DAY in SOFIA. Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE

Automotive Gateway: A Key Component to Securing the Connected Car

Cyber Attacks & Breaches It s not if, it s When

Examining future priorities for cyber security management

Conquering Complexity: Addressing Security Challenges of the Connected Vehicle

Let's cyber: hacking, 0days and vulnerability research. PATROKLOS ARGYROUDIS CENSUS S.A.

Beyond Firewalls: The Future Of Network Security

Cybersecurity in Government

2017 Annual Meeting of Members and Board of Directors Meeting

BUILDING FUNCTIONAL SAFETY PRODUCTS WITH WIND RIVER VXWORKS RTOS

Linux in the connected car platform

Network Security Monitoring: An Open Community Approach

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Security of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.

Countermeasures against Cyber-attacks

WHITE PAPER. HELPING BANKS SECURE DATA DURING AND AFTER DIGITIZATION An Infosys solution

Secure Software Update for ITS Communication Devices in ITU-T Standardization

IEC A cybersecurity standard approaching the Rail IoT

Cyber Security Technologies

MASP Chapter on Safety and Security

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

The case for a Vehicle Gateway.

EC-Council C EH. Certified Ethical Hacker. Program Brochure

CYBER SOLUTIONS & THREAT INTELLIGENCE

AUTOMOTIVE FOUNDATIONAL SOFTWARE SOLUTIONS FOR THE MODERN VEHICLE

Multicore platform towards automotive safety challenges

Riccardo Mariani, Intel Fellow, IOTG SEG, Chief Functional Safety Technologist

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

Agenda. About TRL. What is the issue? Security Analysis. Consequences of a Cyber attack. Concluding remarks. Page 2

SGS CYBER SECURITY GROWTH OPPORTUNITIES

Connect Vehicles: A Security Throwback

Securing the future of mobility

Transcription:

Convergence of Safety, Systems & Cybersecurity Bill StClair, Director, LDRA, US Operations

Agenda Nexus of Safety and Cybersecurity Separation and Connectivity Trends in Aerospace Cybersecurity Isn t Security Testing Different?

Nexus of Safety and Cybersecurity 3

Security as a Safety Issue For LDRA s core markets, Safety and Security can be considered as one: Sicherheit IEC 61508 adopts a risk-based approach introduces safety integrity levels [SILs] for specifying the target level of safety integrity for the safety functions to be implemented by the E/E/PE safety-related systems International standard IEC 61508-3 Functional safety of electrical/electronic/programmable electronic safety-related systems ISO 26262 provides requirements for validation and confirmation measures to ensure a sufficient and acceptable level of safety being achieved International standard ISO 26262 Road vehicles Functional safety Part 6: Product development at the software level If your Jeep is driven into a tree by a hacker, that is a SAFETY issue! 4

The Changing Face of Automotive Software Until recently, automotive embedded application were static, fixed function, device specific implementations Isolation has been a sufficient guarantee of security for many years, and practices and processes have relied on that status And then http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ 5

The Connected World of the IIoT Until recently, SCADA systems and the devices they controlled had little or no connection to the outside world Isolation has been a sufficient guarantee of security for many years, and practices and processes have relied on that status And then http://www.bbc.co.uk/news/technology-15817335 http://www.bbc.co.uk/news/technology-30575104 6

And so on Transportation Medical http://www.computerworld.com/article/2473402/cybercrime-hacking/pacemakerhacker-says-worm-could-possibly--commit-mass-murder-.html#tk.drr_mlt 7

How was the Jeep hacked? From Miller & Valasek s paper Remote Exploitation of an Unaltered Passenger Vehicle : Remote Attack Surface The following table is a list of the potential entry points for an attacker. While many people only think of these items in terms of technology, someone with an attacker s mindset considers every piece of technology that interacts with the outside world a potential entry point. In order to access the security critical systems, the hackers needed an entry point, and a vulnerability to get access from that entry point 8

How was the Jeep hacked? From Miller & Valasek s paper Remote Exploitation of an Unaltered Passenger Vehicle : there are no CAN bus architectural restrictions, such as the steering being on a physically separate bus. If we can send messages from the head unit, we should be able to send them to every ECU on the CAN bus. This combination of automotive networks (e.g. CAN) and connectivity compromises traditional assumptions 9

Separation and Connectivity 10

Separation through Hardware Separation of these different domains can be achieved in several different ways This example shows how separation is achieved through hardware in the Tesla Model S SOURCE: https://www.defcon.org/html/links/dc-archives/dc-23-archive.html 11

So how was the Tesla hacked? https://electrek.co/2016/09/27/tesla-releases-more-details-on-the-chinesehack-and-the-subsequent-fix/ This Keen Laboratories hack was the second publicised attack on a Tesla Infotainment system accessed via a vulnerability in the WebKit based browser, and manipulated via a malicious Wi-Fi hotspot Access to the instrument cluster via vulnerabilities in its Linux OS allowed activation of doors, windows, and wipers but provided no access to the safety critical braking system That required them to replace the gateway software with their own.perhaps using a privilege escalation vulnerability highlighted by Rogers and Mahaffey in the earlier attack? https://iotsecurityfoundation.org/is-the-tesla-model-s-robust-against-hackers/ https://www.wired.com/2015/08/researchers -hacked-model-s-teslas-already/ 12

How About Separation in Software? 13

Scales up to Automotive Virtualization promises both a reduced processor count, and domain separation in one highly configurable package (from Lynx O/S) https://hal.archives-ouvertes.fr/hal-01291361/document 14

Not just Lynx. https://www.windriver.com/products/operating-systems/virtualization/ https://www.ghs.com/products/rtos/integrity.html http://www.qnx.com/content/qnx/en/products/hypervisor/ 15

But No Guarantee As the Tesla example illustrates, separation is important but in isolation it is no guarantee of impenetrability Cyber-security depends on vigilance in every part of the development process, including Least Privilege development principles Secure coding techniques Security focused testing THAT S where LDRA comes in. 16

Significant Components in a Security Machine! Safety Dynamic Testing Hardware Security MILS (Least Privilege) Minimization of attack surface Security Hardened OS Boot Image Integrity Verification Domain Separation Secure Coding 17

Separation Technologies Separation Technologies have a big part to play. However, they are no silver bullet. The isolation of hypervisor domains is restricted only to the processor implementing the virtualization. Other bus masters in the system, such as DMA engines and Graphics Processing Units (GPUs), can bypass the protections provided by the hypervisor For them to be useful, there needs to be application code communicating BETWEEN the domains And hypervisors themselves are not infallible http://venom.crowdstrike.com/ 18

Trends in Aerospace Cybersecurity 19

As of Today

Aerospace Risk Management Process 21

Aerospace Security 22

23 Overview of MIL-STD-882E [MIL-STD-882E] identifies the Department of Defense (DoD) Systems Engineering (SE) approach to eliminating hazards, where possible, and minimizing risks where those hazards cannot be eliminated. The standard defines the system safety approach, including security, to be used in mitigating potential software contributions to functional hazards. From the normative text: 3.2.46, System/subsystem specification. The system-level functional and performance requirements, interfaces, adaptation requirements, security and privacy requirements, computer resource requirements, design constraints (including software architecture, data standards, and programming language), software support, precedence requirements, and developmental test requirements for a given system.

24 MIL-STD-882E System Safety Process

25 MIL-STD-882E Risk Assessment

26 MIL-STD-882E Risk Assessment

27 MIL-STD-882E Risk Assessment

28 MIL-STD-882E Software Assessment

SwCl Req. Arch. Des. Code Test ID Test 178C Req. Arch. Des. Code Test ID Test 29 MIL-STD-882E SwCl vs 178C Levels 1 A 2 B 3 C 4 D 5 E Legend: SwCl = Software Control Category Req. = Requirements Analysis Arch. = Architecture Analysis Des. = Design Analysis Code = Code Analysis Test = Safety-Specific Testing ID Test = In-depth Safety-Specific Testing 178C = DO-178C Software Level

Project Standards are Critical: Not Just Industry Standards Requirements Standards Safety Functional Software Hardware Design Standards System Software Hardware Coding Standards Software Hardware 30

Isn t Security Testing Different? 31

Traditional Security Market - Testing Reactive Coding Executable Testing No Guidelines No Risk Mitigation Mostly Agile Not Dependable Not Trustworthy (Malicious Logic) Not Resilient Performance Tests Penetration Tests Load Tests Functional Tests 32

Prevention is Better than Cure Proactive Process remains same, additional considerations need to be addressed Coding Testing Executable Security Risk Assessment Drives Security Guidelines Agile/V/Waterfall Code Reviews Functional Tests Structural Coverage (No Malicious Logic) Security Tests Dependable Trustworthy Resilient 33

Best Prevention for Safety, Systems & Cybersecurity Convergence- LDRA s PCD Stack for Aerospace

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback