08-01-2013, 11:32 AM
Software Security Issues in Embedded Systems
Software Security.ppt (Size: 877 KB / Downloads: 122)
Software Security
Vulnerability Assessment
Analysis tools for discovering vulnerabilities in source code and binaries
Automated Signature Generation
Generating signatures that filter our malicious inputs
Malicious Code Detection
Detecting whether a binary has malicious behavior
Embedded Systems
Increasingly used in critical sectors
Defense, medical, power, …
Malicious and accidental failures can have dire consequences
Embedded systems are not “all hardware”
They have software too
Autonomous nature
Dynamic and Configurable Environment
Embedded systems are highly configurable
They have to work in many different scenarios
Environment is highly dynamic
Think about embedded systems in a battlefield
Embedded system in a vehicle
Changing Functional Requirements
Functional requirements of embedded systems change over time
Embedded system deployed in a battlefield
Functional requirements change with mission
Interconnected Network of Components
Embedded system are of a complex network of components
Components might be hardware or software
Source code might be available for some components
COTS components (only binary available)
Failure can create cascading events
Recovery is Paramount
Embedded systems used in critical applications
In some cases recovery is paramount
Recovery complicated by complex interaction of events
Failure can cause a complex cascade of events
Stable Environment Assumption
All the above mentioned work assumes a “nearly” stable environment
Example: web server
Is configurable, but the environment is not that rich
Environment is not too dynamic
Not rich interaction with other components
Incorporating “dynamic environments” into the techniques described before is a challenge