Software Security Issues in Embedded Systems嵌入式系统中的软件安全问题.pptVIP

Software Security Issues inEmbedded Systems Somesh Jha University of Wisconsin Software Security Vulnerability Assessment Analysis tools for discovering vulnerabilities in source code and binaries Automated Signature Generation Generating signatures that filter our malicious inputs Malicious Code Detection Detecting whether a binary has malicious behavior Embedded Systems Increasingly used in critical sectors Defense, medical, power, … Malicious and accidental failures can have dire consequences Embedded systems are not “all hardware” They have software too? Autonomous nature Dynamic and Configurable Environment Embedded systems are highly configurable They have to work in many different scenarios Environment is highly dynamic Think about embedded systems in a battlefield Embedded system in a vehicle Changing Functional Requirements Functional requirements of embedded systems change over time Embedded system deployed in a battlefield Functional requirements change with mission Interconnected Network of Components Embedded system are of a complex network of components Components might be hardware or software Source code might be available for some components COTS components (only binary available) Failure can create cascading events Recovery is Paramount Embedded systems used in critical applications In some cases recovery is paramount Recovery complicated by complex interaction of events Failure can cause a complex cascade of events Three Software Security Projects Automated generation of vulnerability signatures Retrofitting legacy code Static analysis of binaries Malware Detection Goals for Automatic Signature Generation Create signature that matches exploits Reason about signature accuracy Does it match legitimate traffic (false +)? Does it miss exploits (false -)? Our Contribution: A Language-Centric Approach Language of a Particular Vulnerability A vulnerability is defined by: What – The Vulnerability Condition: Necessary conditions to violate safet