Security observance throughout the life-cycle of embedded systems

Embedded systems are an established part of life. Their security requirements underline the importance of properly formulated, implemented, and enforced security policies throughout their life-cycle. Currently, security is just an afterthought, and most solutions are meant to thwart particular attacks. However, the increasing number of security breaches, the ensuing economical losses, and potential dangers all emphasize the importance of fundamental security solutions. This paper first surveys the current situation and then proposes a holistic approach where security is considered from the beginning of the design of embedded systems throughout their entire life-cycle. In our approach, the entire system life-cycle is analyzed and appropriate countermeasures are incorporated in the design. Obviously, prevention is not the complete solution. A 4-level defense strategy assures not only that a system has been properly designed in terms of security, but also that the liabilities of its designers are adequately covered

A Fuzz Testing Approach for Embedded Avionic Software

Fuzz testing is a technique that can be used to test software in order to discover potential flaws and vulnerabilities. This particular approach is receiving a quick widespread adoption to test also embedded software since there is a huge increase in these kinds of software. This adoption also includes the avionic field, where fuzz testing is currently used to test the software to ensure the robustness of the software and its compliance with the standards that regulate its behavior. Airbus Helicopters tried to research this approach in order to discover its potentiality, leading to the creation of this work, which will focus on researching the application of fuzz testing to embedded avionic software. The objective of the research was to find if it was possible to apply the fuzz testing on an embedded avionic software by using available fuzz tools, more specifically available open-source fuzzing tools. Moreover, since the scientific literature does not provide guidelines on how to perform this approach towards this specific kind of software, this work will try to give an idea of how to apply the fuzz testing on a targeted avionic system, which in this case is a software component of a NH90 Airbus Helicopter. The results of this study demonstrate that it is feasible to apply a fuzz testing approach to embedded avionic software, but only if the target code has undergone adequate preparations. If not, this approach may prove challenging to implement. Together with the suggested compilers and used software, it was also shown that the used components and measurements were appropriate in the fuzz testing application