Académique Documents
Professionnel Documents
Culture Documents
November 9, 2010
Motivating Premise
Provide end-to-end security in networked environments Network connectivity is central to mission accomplishments Network connectivity enables remote attacks Design and build systems composed of embedded components with well understood levels of security, safety, privacy, reliability, predictability, and dependability Fortress model of computing is inadequate We operate in a malicious environment Security implies ability to isolate systems from malice An understanding of the science of security that will enable verifiable creation of systems that are sufficiently trustworthy to fulfill their missions even though the systems include untrusted components
Motivating Premises
Embedded systems are networked Critical applications included Smart grid Applications on Global Information Grid Isolation | fortress | perimeter protections are insufficient Operation is in a malicious environment End-to-end security is insufficient Realtime operations, continuity of operations, and quality of service critical Traditional availability solutions (denial of service DOS and DDOS protection) are insufficient E.g. Cyclic operations must be addressed
High
supplychain compromises
Attack Sophistication
DDoSa&acks
distributeda&acktools increaseinwidescale Trojanhorsedistribu1on widespread denialofservice a&acks techniquestoanalyzecode forvulnerabili1es withoutsourcecode Windowsbasedremote controllableTrojans (BackOrice)
widespreada&ackson webapplica1ons
Internetsocial engineeringa&acks
packetspoong
automated probes/scans
1990
2010
Trusted Computing in Embedded Systems Workshop November 2010 Copyright2010CarnegieMellonUniversityCERTDRAFTUPDATESeptember3,2010
2010 Carnegie Mellon University
Low
4
Todays Environment
Appetite for engineered systems monitored and controlled by computer and communication networks drives the steep upward growth curve in system complexity It is possible to connect virtually every computing device to a network. In fact, even critical infrastructures are connected to the Internet. Being isolated from a network does not necessarily isolate a computing device from malicious code Autonomous embedded systems are being built and deployed Trusted computing technology is currently in the building block stage i.e., fundamental advantageous capabilities exist but not as yet well integrated
Preliminary Accident investigation (August 2010) Flight cleared for takeoff at 13:00 but returned to parking for abnormally high temp on Ram Air Temp probe. Maintenance performed and plane redispatched at 14:08 Cleared for takeoff at 14:28, became briefly airborne before descending and impacting 148 passengers and 6 crew perished Takeoff was attempted while in an inappropriate configuration since the flaps and slats were fully retracted. System outfitted on the airplane to warn of inadequate takeoff configuration failed to activate
Embedded System: A combination of computer hardware and software, and perhaps additional mechanical or other parts, designed to perform a dedicated function.
Spanish daily El Pais reports that malware which had infected the airline's central computer system resulted in a failure to raise an alarm over multiple problems with the plane.
Technical Challenges
Characteristics that enable access controls and security monitoring of complex systems large-scale system homogeneity, static configuration, and software monoculture make it easier for cyber attacks to access, tamper with and destroy information Current methods are inadequate to anticipate all possible failure and attack modes and guarantee safe, predictable, efficient operation Characteristics of embedded systems* : Small CPUs, little memory, short network messages, no built-in security Harsh operating environment with high consequence for failure Real-time control of the physical world Vulnerable to real time operation attacks only a slight overload might cause real time schedule problems No roll-back in case of failure 5 to 50 year life cycle Often do NOT run on Ethernet or any 802.x network System administration / updates / upgrades often unavailable Cost is always an issue * Thanks to Philip Koopman
Trusted Computing in Embedded Systems Workshop November 2010
2010 Carnegie Mellon University
Core Needs/Challenges
New cross-domain design principles are needed Old principles are insufficient One size cannot fit all Evolving systems security Domain-specific defense-in-depth Expertise in multiple areas required to collaborate on practical solutions
10