5 research outputs found
Security observance throughout the life-cycle of embedded systems
Embedded systems are an established part of life. Their security requirements underline the importance of properly formulated, implemented, and enforced security policies throughout their life-cycle. Currently, security is just an afterthought, and most solutions are meant to thwart particular attacks. However, the increasing number of security breaches, the ensuing economical losses, and potential dangers all emphasize the importance of fundamental security solutions. This paper first surveys the current situation and then proposes a holistic approach where security is considered from the beginning of the design of embedded systems throughout their entire life-cycle. In our approach, the entire system life-cycle is analyzed and appropriate countermeasures are incorporated in the design. Obviously, prevention is not the complete solution. A 4-level defense strategy assures not only that a system has been properly designed in terms of security, but also that the liabilities of its designers are adequately covered
A Fuzz Testing Approach for Embedded Avionic Software
Fuzz testing is a technique that can be used to test software in order to discover
potential flaws and vulnerabilities. This particular approach is receiving a quick
widespread adoption to test also embedded software since there is a huge increase in
these kinds of software. This adoption also includes the avionic field, where fuzz
testing is currently used to test the software to ensure the robustness of the software
and its compliance with the standards that regulate its behavior. Airbus Helicopters
tried to research this approach in order to discover its potentiality, leading to the
creation of this work, which will focus on researching the application of fuzz testing to
embedded avionic software.
The objective of the research was to find if it was possible to apply the fuzz testing
on an embedded avionic software by using available fuzz tools, more specifically
available open-source fuzzing tools. Moreover, since the scientific literature does
not provide guidelines on how to perform this approach towards this specific kind
of software, this work will try to give an idea of how to apply the fuzz testing on a
targeted avionic system, which in this case is a software component of a NH90
Airbus Helicopter.
The results of this study demonstrate that it is feasible to apply a fuzz testing
approach to embedded avionic software, but only if the target code has undergone
adequate preparations. If not, this approach may prove challenging to implement.
Together with the suggested compilers and used software, it was also shown that the
used components and measurements were appropriate in the fuzz testing application