10,191 research outputs found
Vulnerability anti-patterns:a timeless way to capture poor software practices (Vulnerabilities)
There is a distinct communication gap between the software engineering and cybersecurity communities when it comes to addressing reoccurring security problems, known as vulnerabilities. Many vulnerabilities are caused by software errors that are created by software developers. Insecure software development practices are common due to a variety of factors, which include inefficiencies within existing knowledge transfer mechanisms based on vulnerability databases (VDBs), software developers perceiving security as an afterthought, and lack of consideration of security as part of the software development lifecycle (SDLC). The resulting communication gap also prevents developers and security experts from successfully sharing essential security knowledge. The cybersecurity community makes their expert knowledge available in forms including vulnerability databases such as CAPEC and CWE, and pattern catalogues such as Security Patterns, Attack Patterns, and Software Fault Patterns. However, these sources are not effective at providing software developers with an understanding of how malicious hackers can exploit vulnerabilities in the software systems they create. As developers are familiar with pattern-based approaches, this paper proposes the use of Vulnerability Anti-Patterns (VAP) to transfer usable vulnerability knowledge to developers, bridging the communication gap between security experts and software developers. The primary contribution of this paper is twofold: (1) it proposes a new pattern template – Vulnerability Anti-Pattern – that uses anti-patterns rather than patterns to capture and communicate knowledge of existing vulnerabilities, and (2) it proposes a catalogue of Vulnerability Anti-Patterns (VAP) based on the most commonly occurring vulnerabilities that software developers can use to learn how malicious hackers can exploit errors in software
A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components
The semiconductor industry is fully globalized and integrated circuits (ICs)
are commonly defined, designed and fabricated in different premises across the
world. This reduces production costs, but also exposes ICs to supply chain
attacks, where insiders introduce malicious circuitry into the final products.
Additionally, despite extensive post-fabrication testing, it is not uncommon
for ICs with subtle fabrication errors to make it into production systems.
While many systems may be able to tolerate a few byzantine components, this is
not the case for cryptographic hardware, storing and computing on confidential
data. For this reason, many error and backdoor detection techniques have been
proposed over the years. So far all attempts have been either quickly
circumvented, or come with unrealistically high manufacturing costs and
complexity.
This paper proposes Myst, a practical high-assurance architecture, that uses
commercial off-the-shelf (COTS) hardware, and provides strong security
guarantees, even in the presence of multiple malicious or faulty components.
The key idea is to combine protective-redundancy with modern threshold
cryptographic techniques to build a system tolerant to hardware trojans and
errors. To evaluate our design, we build a Hardware Security Module that
provides the highest level of assurance possible with COTS components.
Specifically, we employ more than a hundred COTS secure crypto-coprocessors,
verified to FIPS140-2 Level 4 tamper-resistance standards, and use them to
realize high-confidentiality random number generation, key derivation, public
key decryption and signing. Our experiments show a reasonable computational
overhead (less than 1% for both Decryption and Signing) and an exponential
increase in backdoor-tolerance as more ICs are added
Safety arguments for next generation location aware computing
Concerns over the accuracy, availability, integrity and
continuity of Global Navigation Satellite Systems (GNSS)
have limited the integration of GPS and GLONASS for
safety-critical applications. More recent augmentation
systems, such as the European Geostationary Navigation
Overlay Service (EGNOS) and the North American Wide
Area Augmentation System (WAAS) have begun to address
these concerns. Augmentation architectures build on the
existing GPS/GLONASS infrastructures to support locationbased services in Safety of Life (SoL) applications. Much of the technical development has been directed by air traffic management requirements, in anticipation of the more extensive support to be offered by GPS III and Galileo. WAAS has already been approved to provide vertical guidance against ICAO safety performance criteria for aviation applications. During the next twelve months, we will see the full certification of EGNOS for SoL applications.
This paper identifies strong similarities between the safety
assessment techniques used in Europe and North America.
Both have relied on hazard analysis techniques to derive
estimates of the Probability of Hazardously Misleading
Information (PHMI). Later sections identify significant
differences between the approaches adopted in application
development. Integrated fault trees have been developed by
regulatory and commercial organisations to consider both
infrastructure hazards and their impact on non-precision
RNAV/VNAV approaches using WAAS. In contrast,
EUROCONTROL and the European Space Agency have
developed a more modular approach to safety-case
development for EGNOS. It remains to be seen whether the
European or North American strategy offers the greatest
support as satellite based augmentation systems are used
within a growing range of SoL applications from railway
signalling through to Unmanned Airborne Systems. The key
contribution of this paper is to focus attention on the safety
arguments that might support this wider class of location
based services
Assurance Benefits of ISO 26262 compliant Microcontrollers for safety-critical Avionics
The usage of complex Microcontroller Units (MCUs) in avionic systems
constitutes a challenge in assuring their safety. They are not developed
according to the development requirements accepted by the aerospace industry.
These Commercial off-the-shelf (COTS) hardware components usually target other
domains like the telecommunication branch. In the last years MCUs developed in
compliance to the ISO 26262 have been released on the market for safety-related
automotive applications. The avionic assurance process could profit from these
safety MCUs. In this paper we present evaluation results based on the current
assurance practice that demonstrates expected assurance activities benefit from
ISO 26262 compliant MCUs.Comment: Submitted to SafeComp 2018: http://www.es.mdh.se/safecomp2018
Radiation Hardness Assurance: Evolving for NewSpace
During the past decade, numerous small satellites have been launched into space, with dramatically expanded dependence on advanced commercial-off-the-shelf (COTS) technologies and systems required for mission success. While the radiation effects vulnerabilities of small satellites are the same as those of their larger, traditional relatives, revised approaches are needed for risk management because of differences in technical requirements and programmatic resources. While moving to COTS components and systems may reduce direct costs and procurement lead times, it undermines many cost-reduction strategies used for conventional radiation hardness assurance (RHA). Limited resources are accompanied by a lack of radiation testing and analysis, which can pose significant risksor worse, be neglected altogether. Small satellites have benefited from short mission durations in low Earth orbits with respect to their radiation response, but as mission objectives grow and become reliant on advanced technologies operating for longer and in harsher environments, requirements need to reflect the changing scope without hindering developers that provide new capabilities
Recommended from our members
Computer trading and systemic risk: a nuclear perspective
Financial markets have evolved to become complex adaptive systems highly reliant on the communication speeds and processing power afforded by digital systems. Their failure could cause severe disruption to the provision of financial services and possibly the wider economy. In this study we consider whether a perspective from the nuclear industry can provide additional insights
Safety-related challenges and opportunities for GPUs in the automotive domain
GPUs have been shown to cover the computing performance needs of autonomous driving (AD) systems. However, since the GPUs used for AD build on designs for the mainstream market, they may lack fundamental properties for correct operation under automotive's safety regulations. In this paper, we analyze some of the main challenges in hardware and software design to embrace GPUs as the reference computing solution for AD, with the emphasis in ISO 26262 functional safety requirements.Authors would like to thank Guillem Bernat from Rapita Systems for his technical feedback on this work. The research leading to this work has received funding from the European Re-search Council (ERC) under the European Union's Horizon 2020 research and innovation programme (grant agreement No. 772773). This work has also been partially supported by the Spanish Ministry of Science and Innovation under grant TIN2015-65316-P and the HiPEAC Network of Excellence. Jaume Abella has been partially supported by the Ministry of Economy and Competitiveness under Ramon y Cajal postdoctoral fellowship number RYC-2013-14717. Carles Hernández is jointly funded by the Spanish Ministry of Economy and Competitiveness and FEDER funds through grant TIN2014-60404-JIN.Peer ReviewedPostprint (author's final draft
- …