Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
LLNL-PRES-722772This work was performed under the auspices of the US Department of Energy by Lawrence Livermore National Laboratory under contract DE-AC52-07NA27344 Lawrence Livermore National Security LLC
Gregory Pope CSQE
Lawrence Livermore National Laboratory LLNL-PRES-7227722
The Internet of things (IoT) is the internetworking of physical devices vehicles (also referred to as connected devices and smart devices) buildings and other itemsmdashembedded with electronics software sensors actuators and network connectivity that enable these objects to collect and exchange data[1][2][3]
1 Brown Eric (13 September 2016) Who Needs the Internet of Things Linuxcom Retrieved 23 October 20162 Eric (20 September 2016) 21 Open Source Projects for IoT Linuxcom Retrieved 23 October 20163 Internet of Things Global Standards Initiative ITU Retrieved 26 June 2015
SourceCisco (Smart Cities)
Lawrence Livermore National Laboratory LLNL-PRES-7227723
Lawrence Livermore National Laboratory LLNL-PRES-7227724
The Internet Of Things Heat Map 2016 Where IoT Will Have The Biggest Impact On Digital Business by Michele Pelino and Frank E Gillett January 14 2016
Lawrence Livermore National Laboratory LLNL-PRES-7227725
ldquoInternet of Thingsrdquo security is hilariously broken and getting worse
Shodan search engine is only the latest reminder of why we need to fix IoT security1
1 J M Porup httpsarstechnicacomsecurity201601how-to-search-the-internet-of-things-for-photos-of-sleeping-babies
JM Porup
Lawrence Livermore National Laboratory LLNL-PRES-7227726
During software development identifybull Hazards Accidents (Death Injury) bull Risks Loss (Time Money Trust)bull Vulnerabilities Cyber Attack
Lawrence Livermore National Laboratory LLNL-PRES-7227727
Root Cause Analysis (RCA or the Five Whyrsquos) Developed by Sakichi Toyoda RCA was first used during the development of Toyotarsquos manufacturing processes in 1958
httpschapterstheiiaorgpittsburghEventsDocumentsRoot20Cause20Analysis20Presentationppt
Lawrence Livermore National Laboratory LLNL-PRES-7227728
Failure Modes and Effect Analysis (FMEA) was developed by reliability engineers in the late 1950s to study problems that might arise from malfunctions of military systems
Lawrence Livermore National Laboratory LLNL-PRES-7227729
Fault Tree Analysis (FTA) was originally developed in 1962 at Bell Laboratories by HA Watson under a US Air Force Ballistics Systems Division contract to evaluate the Minuteman I Intercontinental Ballistic Missile (ICBM) Launch Control System
Bill VeselyNASA HQ
Lawrence Livermore National Laboratory LLNL-PRES-72277210
IBM 709432768 words of memory36 bit wordFloating Point double precision300MB DiskCost 29 Million Safety Hazard ndash Dropping the 25
inch disk onto your foot
Lawrence Livermore National Laboratory LLNL-PRES-72277211
100 Million lines of code
14 Million lines of code
12 Million lines of code
wwhttpwinformationisbeautifulnetvisualizationsmillion-lines-of-code2 Billion lines of code
Lawrence Livermore National Laboratory LLNL-PRES-72277212
Nancy Leveson MIT Aeronautics and Aerospace Professor
One cannot rely solely on hazard analysis methods developed for hardware when performing hazard analysis for software
1995 2011
Lawrence Livermore National Laboratory LLNL-PRES-72277213
Hardware wears out
Software wears inhttpwwwonlineclassnotescom201301software-doesnt-wear-out-explain-thishtml
Lawrence Livermore National Laboratory LLNL-PRES-72277214
1 Three Mile Island
2 Vincennes (Iran Air Flight 655)
3 Cali (American Airlines Flight 965)
4 Ariane 501
5 Mars Climate Orbiter (MCO)
6 Mars Polar Lander (MPL)
7 TitanCentaurMilstar
8 SOHO (Solar Heliospheric Observatory)
9 Therac 25
10 ATT Phone System
11Kegworth British Midlands
12Asiana Flight 214
In no case did the software fail to execute Usual problem is requirements and interactions between components
Lawrence Livermore National Laboratory LLNL-PRES-72277215
Step 1Identify
PotentialAccidents
Step 2Identify
PotentialHazards
Risks
Step 3ModelThe
System
Step 4Create
TheContextTables
Step 5Plan
HazardRisk
MitigationStrategies
Lawrence Livermore National Laboratory LLNL-PRES-72277216
High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway
Doors shall open in an emergency
Lawrence Livermore National Laboratory LLNL-PRES-72277217
Doors shall remain open when someone is in the doorway
Doorway A volume of space extending from the top edge of the door frame to the floor of the car and 6 inches to either side
Someone A person or object that is detected within the doorway volume
Lawrence Livermore National Laboratory LLNL-PRES-72277218
A1 - Passenger falls out of moving train
A2 - Passengers not able to escape train during emergency
A3 - Passenger steps off stopped train not at platform
A4 ndash Doors close on passenger in doorway
Lawrence Livermore National Laboratory LLNL-PRES-72277219
H-1 Doors open when the train is moving (A-1)
H-2 Doors close while person in the doorway (A-4)
H-3 Doors stuck closed during emergency (A-2)
H-4 Doors stuck open (A-1 A-3)
H-5 Doors open when not aligned to platform (A-3)
Lawrence Livermore National Laboratory LLNL-PRES-72277220
Diagram the system as a control structure
Control Algorithm
Model of Process
Actuator Sensor
Controlled Process
AutomatedController
Lawrence Livermore National Laboratory LLNL-PRES-72277221
Control Algorithm
Model of Process
DoorActuator
DoorSensor
Physical DoorMechanical Force Mechanical Position
Commands-Open door stop opening door-Close door stop closing door
Other Inputs-Train motion-Train position-Emergency Indicator
Feedback-Door position-Door clear
Control Commands Status
Lawrence Livermore National Laboratory LLNL-PRES-72277222
Identify Hazards that can cause accidents using guide phrases
1 A safety control action is not provided or is not followed
2 An unsafe control action is provided
3 A safety control action is provided too late or out of sequence
4 A safety control action is stopped too soon or applied too long
Lawrence Livermore National Laboratory LLNL-PRES-72277223
Control Action
Train Motion
Train Position Emer Door State
HazardRisk
Open not provided Stopped Aligned No
Person not in doorway No
Open not provided Stopped Not AlignedNo
Person not in doorway No
Open not provided Stopped Aligned No
Person in doorway Yes (H-2)
Open not provided Stopped Not AlignedNo
Person in doorway No
Open not provided Stopped NA Yes NA Yes (H-3)Open not provided Moving NA NA NA No
Prefatory STPA context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277224
Control Action
Train Motion
Train Position Emer
HazardRisk Any
HazardRisk Early
HazardRisk Late
Open Moving NA No Yes (H-1) Yes (H-1) Yes (H-1)
Open Moving NA Yes Yes (H-1) Yes (H-1) Yes (H-1)
Open Stopped NA Yes No No Yes (H-3)
Open StoppedNot Aligned No Yes (H-5) Yes (H-5) Yes (H-5)
Open Stopped Aligned No No No No
Prefatory STPAcontext tables
Lawrence Livermore National Laboratory LLNL-PRES-72277225
Prefatory STPAAnalysis of context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277226
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277227
Open Provided Open Not Provided
Open Provided Too Late or Out of Sequence Open Stopped Too Soon or Applied Too Long
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not P
Ope
Case 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uen
Open
Prov
ided
Too
Late
or O
ut o
f S
Open
Prov
ided
Too
Late
or O
Open
Prov
ided
Too
Lat
Open
Prov
ided
T
Open
Pro
Op
Case 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o
Open St
opped Too So
on or App
Open St
opped Too So
on
Open St
opped To
Open St
op
Op
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277228
And Or ChartOr
Stopped F T Aligned F
And Emergency F Obstructed ClosedUse null (del) or blank for d
Open Not Provided WhenStopped = F Or (Stopped = T And Aligned = F And Alarm = F) Or (Stopped = T And Closed = F)
And Or ChartOr
Stopped T T TAligned T F T
And Alarm TObstructed TClosed Use null (del) or blank for don
Open Provided When(Stopped = T And Aligned = T) Or (Stopped = T And Aligned = T And Obstructed = T) Or (Stopped = T And Alarm = T)
Lawrence Livermore National Laboratory LLNL-PRES-72277229
And Or ChartOr
Stopped T T TAligned T T F
And Alarm TObstructed TClosedUse null (del) or blank for dont care
And Or ChartOr
Stopped T F Aligned
And Alarm Obstructed Closed
Open Provided Too Late of Out of SequenceStopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Open Stopped Too Soon or Applied Too Long Stopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Lawrence Livermore National Laboratory LLNL-PRES-72277230
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32And Or Chart
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F OrStopped F T
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F Aligned FAnd Emergency F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T Obstructed Closed
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T Use null (del) or blank for d
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T FHazards
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20
Hazomatic
Clear
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-7227722
The Internet of things (IoT) is the internetworking of physical devices vehicles (also referred to as connected devices and smart devices) buildings and other itemsmdashembedded with electronics software sensors actuators and network connectivity that enable these objects to collect and exchange data[1][2][3]
1 Brown Eric (13 September 2016) Who Needs the Internet of Things Linuxcom Retrieved 23 October 20162 Eric (20 September 2016) 21 Open Source Projects for IoT Linuxcom Retrieved 23 October 20163 Internet of Things Global Standards Initiative ITU Retrieved 26 June 2015
SourceCisco (Smart Cities)
Lawrence Livermore National Laboratory LLNL-PRES-7227723
Lawrence Livermore National Laboratory LLNL-PRES-7227724
The Internet Of Things Heat Map 2016 Where IoT Will Have The Biggest Impact On Digital Business by Michele Pelino and Frank E Gillett January 14 2016
Lawrence Livermore National Laboratory LLNL-PRES-7227725
ldquoInternet of Thingsrdquo security is hilariously broken and getting worse
Shodan search engine is only the latest reminder of why we need to fix IoT security1
1 J M Porup httpsarstechnicacomsecurity201601how-to-search-the-internet-of-things-for-photos-of-sleeping-babies
JM Porup
Lawrence Livermore National Laboratory LLNL-PRES-7227726
During software development identifybull Hazards Accidents (Death Injury) bull Risks Loss (Time Money Trust)bull Vulnerabilities Cyber Attack
Lawrence Livermore National Laboratory LLNL-PRES-7227727
Root Cause Analysis (RCA or the Five Whyrsquos) Developed by Sakichi Toyoda RCA was first used during the development of Toyotarsquos manufacturing processes in 1958
httpschapterstheiiaorgpittsburghEventsDocumentsRoot20Cause20Analysis20Presentationppt
Lawrence Livermore National Laboratory LLNL-PRES-7227728
Failure Modes and Effect Analysis (FMEA) was developed by reliability engineers in the late 1950s to study problems that might arise from malfunctions of military systems
Lawrence Livermore National Laboratory LLNL-PRES-7227729
Fault Tree Analysis (FTA) was originally developed in 1962 at Bell Laboratories by HA Watson under a US Air Force Ballistics Systems Division contract to evaluate the Minuteman I Intercontinental Ballistic Missile (ICBM) Launch Control System
Bill VeselyNASA HQ
Lawrence Livermore National Laboratory LLNL-PRES-72277210
IBM 709432768 words of memory36 bit wordFloating Point double precision300MB DiskCost 29 Million Safety Hazard ndash Dropping the 25
inch disk onto your foot
Lawrence Livermore National Laboratory LLNL-PRES-72277211
100 Million lines of code
14 Million lines of code
12 Million lines of code
wwhttpwinformationisbeautifulnetvisualizationsmillion-lines-of-code2 Billion lines of code
Lawrence Livermore National Laboratory LLNL-PRES-72277212
Nancy Leveson MIT Aeronautics and Aerospace Professor
One cannot rely solely on hazard analysis methods developed for hardware when performing hazard analysis for software
1995 2011
Lawrence Livermore National Laboratory LLNL-PRES-72277213
Hardware wears out
Software wears inhttpwwwonlineclassnotescom201301software-doesnt-wear-out-explain-thishtml
Lawrence Livermore National Laboratory LLNL-PRES-72277214
1 Three Mile Island
2 Vincennes (Iran Air Flight 655)
3 Cali (American Airlines Flight 965)
4 Ariane 501
5 Mars Climate Orbiter (MCO)
6 Mars Polar Lander (MPL)
7 TitanCentaurMilstar
8 SOHO (Solar Heliospheric Observatory)
9 Therac 25
10 ATT Phone System
11Kegworth British Midlands
12Asiana Flight 214
In no case did the software fail to execute Usual problem is requirements and interactions between components
Lawrence Livermore National Laboratory LLNL-PRES-72277215
Step 1Identify
PotentialAccidents
Step 2Identify
PotentialHazards
Risks
Step 3ModelThe
System
Step 4Create
TheContextTables
Step 5Plan
HazardRisk
MitigationStrategies
Lawrence Livermore National Laboratory LLNL-PRES-72277216
High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway
Doors shall open in an emergency
Lawrence Livermore National Laboratory LLNL-PRES-72277217
Doors shall remain open when someone is in the doorway
Doorway A volume of space extending from the top edge of the door frame to the floor of the car and 6 inches to either side
Someone A person or object that is detected within the doorway volume
Lawrence Livermore National Laboratory LLNL-PRES-72277218
A1 - Passenger falls out of moving train
A2 - Passengers not able to escape train during emergency
A3 - Passenger steps off stopped train not at platform
A4 ndash Doors close on passenger in doorway
Lawrence Livermore National Laboratory LLNL-PRES-72277219
H-1 Doors open when the train is moving (A-1)
H-2 Doors close while person in the doorway (A-4)
H-3 Doors stuck closed during emergency (A-2)
H-4 Doors stuck open (A-1 A-3)
H-5 Doors open when not aligned to platform (A-3)
Lawrence Livermore National Laboratory LLNL-PRES-72277220
Diagram the system as a control structure
Control Algorithm
Model of Process
Actuator Sensor
Controlled Process
AutomatedController
Lawrence Livermore National Laboratory LLNL-PRES-72277221
Control Algorithm
Model of Process
DoorActuator
DoorSensor
Physical DoorMechanical Force Mechanical Position
Commands-Open door stop opening door-Close door stop closing door
Other Inputs-Train motion-Train position-Emergency Indicator
Feedback-Door position-Door clear
Control Commands Status
Lawrence Livermore National Laboratory LLNL-PRES-72277222
Identify Hazards that can cause accidents using guide phrases
1 A safety control action is not provided or is not followed
2 An unsafe control action is provided
3 A safety control action is provided too late or out of sequence
4 A safety control action is stopped too soon or applied too long
Lawrence Livermore National Laboratory LLNL-PRES-72277223
Control Action
Train Motion
Train Position Emer Door State
HazardRisk
Open not provided Stopped Aligned No
Person not in doorway No
Open not provided Stopped Not AlignedNo
Person not in doorway No
Open not provided Stopped Aligned No
Person in doorway Yes (H-2)
Open not provided Stopped Not AlignedNo
Person in doorway No
Open not provided Stopped NA Yes NA Yes (H-3)Open not provided Moving NA NA NA No
Prefatory STPA context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277224
Control Action
Train Motion
Train Position Emer
HazardRisk Any
HazardRisk Early
HazardRisk Late
Open Moving NA No Yes (H-1) Yes (H-1) Yes (H-1)
Open Moving NA Yes Yes (H-1) Yes (H-1) Yes (H-1)
Open Stopped NA Yes No No Yes (H-3)
Open StoppedNot Aligned No Yes (H-5) Yes (H-5) Yes (H-5)
Open Stopped Aligned No No No No
Prefatory STPAcontext tables
Lawrence Livermore National Laboratory LLNL-PRES-72277225
Prefatory STPAAnalysis of context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277226
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277227
Open Provided Open Not Provided
Open Provided Too Late or Out of Sequence Open Stopped Too Soon or Applied Too Long
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not P
Ope
Case 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uen
Open
Prov
ided
Too
Late
or O
ut o
f S
Open
Prov
ided
Too
Late
or O
Open
Prov
ided
Too
Lat
Open
Prov
ided
T
Open
Pro
Op
Case 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o
Open St
opped Too So
on or App
Open St
opped Too So
on
Open St
opped To
Open St
op
Op
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277228
And Or ChartOr
Stopped F T Aligned F
And Emergency F Obstructed ClosedUse null (del) or blank for d
Open Not Provided WhenStopped = F Or (Stopped = T And Aligned = F And Alarm = F) Or (Stopped = T And Closed = F)
And Or ChartOr
Stopped T T TAligned T F T
And Alarm TObstructed TClosed Use null (del) or blank for don
Open Provided When(Stopped = T And Aligned = T) Or (Stopped = T And Aligned = T And Obstructed = T) Or (Stopped = T And Alarm = T)
Lawrence Livermore National Laboratory LLNL-PRES-72277229
And Or ChartOr
Stopped T T TAligned T T F
And Alarm TObstructed TClosedUse null (del) or blank for dont care
And Or ChartOr
Stopped T F Aligned
And Alarm Obstructed Closed
Open Provided Too Late of Out of SequenceStopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Open Stopped Too Soon or Applied Too Long Stopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Lawrence Livermore National Laboratory LLNL-PRES-72277230
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32And Or Chart
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F OrStopped F T
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F Aligned FAnd Emergency F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T Obstructed Closed
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T Use null (del) or blank for d
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T FHazards
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20
Hazomatic
Clear
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-7227723
Lawrence Livermore National Laboratory LLNL-PRES-7227724
The Internet Of Things Heat Map 2016 Where IoT Will Have The Biggest Impact On Digital Business by Michele Pelino and Frank E Gillett January 14 2016
Lawrence Livermore National Laboratory LLNL-PRES-7227725
ldquoInternet of Thingsrdquo security is hilariously broken and getting worse
Shodan search engine is only the latest reminder of why we need to fix IoT security1
1 J M Porup httpsarstechnicacomsecurity201601how-to-search-the-internet-of-things-for-photos-of-sleeping-babies
JM Porup
Lawrence Livermore National Laboratory LLNL-PRES-7227726
During software development identifybull Hazards Accidents (Death Injury) bull Risks Loss (Time Money Trust)bull Vulnerabilities Cyber Attack
Lawrence Livermore National Laboratory LLNL-PRES-7227727
Root Cause Analysis (RCA or the Five Whyrsquos) Developed by Sakichi Toyoda RCA was first used during the development of Toyotarsquos manufacturing processes in 1958
httpschapterstheiiaorgpittsburghEventsDocumentsRoot20Cause20Analysis20Presentationppt
Lawrence Livermore National Laboratory LLNL-PRES-7227728
Failure Modes and Effect Analysis (FMEA) was developed by reliability engineers in the late 1950s to study problems that might arise from malfunctions of military systems
Lawrence Livermore National Laboratory LLNL-PRES-7227729
Fault Tree Analysis (FTA) was originally developed in 1962 at Bell Laboratories by HA Watson under a US Air Force Ballistics Systems Division contract to evaluate the Minuteman I Intercontinental Ballistic Missile (ICBM) Launch Control System
Bill VeselyNASA HQ
Lawrence Livermore National Laboratory LLNL-PRES-72277210
IBM 709432768 words of memory36 bit wordFloating Point double precision300MB DiskCost 29 Million Safety Hazard ndash Dropping the 25
inch disk onto your foot
Lawrence Livermore National Laboratory LLNL-PRES-72277211
100 Million lines of code
14 Million lines of code
12 Million lines of code
wwhttpwinformationisbeautifulnetvisualizationsmillion-lines-of-code2 Billion lines of code
Lawrence Livermore National Laboratory LLNL-PRES-72277212
Nancy Leveson MIT Aeronautics and Aerospace Professor
One cannot rely solely on hazard analysis methods developed for hardware when performing hazard analysis for software
1995 2011
Lawrence Livermore National Laboratory LLNL-PRES-72277213
Hardware wears out
Software wears inhttpwwwonlineclassnotescom201301software-doesnt-wear-out-explain-thishtml
Lawrence Livermore National Laboratory LLNL-PRES-72277214
1 Three Mile Island
2 Vincennes (Iran Air Flight 655)
3 Cali (American Airlines Flight 965)
4 Ariane 501
5 Mars Climate Orbiter (MCO)
6 Mars Polar Lander (MPL)
7 TitanCentaurMilstar
8 SOHO (Solar Heliospheric Observatory)
9 Therac 25
10 ATT Phone System
11Kegworth British Midlands
12Asiana Flight 214
In no case did the software fail to execute Usual problem is requirements and interactions between components
Lawrence Livermore National Laboratory LLNL-PRES-72277215
Step 1Identify
PotentialAccidents
Step 2Identify
PotentialHazards
Risks
Step 3ModelThe
System
Step 4Create
TheContextTables
Step 5Plan
HazardRisk
MitigationStrategies
Lawrence Livermore National Laboratory LLNL-PRES-72277216
High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway
Doors shall open in an emergency
Lawrence Livermore National Laboratory LLNL-PRES-72277217
Doors shall remain open when someone is in the doorway
Doorway A volume of space extending from the top edge of the door frame to the floor of the car and 6 inches to either side
Someone A person or object that is detected within the doorway volume
Lawrence Livermore National Laboratory LLNL-PRES-72277218
A1 - Passenger falls out of moving train
A2 - Passengers not able to escape train during emergency
A3 - Passenger steps off stopped train not at platform
A4 ndash Doors close on passenger in doorway
Lawrence Livermore National Laboratory LLNL-PRES-72277219
H-1 Doors open when the train is moving (A-1)
H-2 Doors close while person in the doorway (A-4)
H-3 Doors stuck closed during emergency (A-2)
H-4 Doors stuck open (A-1 A-3)
H-5 Doors open when not aligned to platform (A-3)
Lawrence Livermore National Laboratory LLNL-PRES-72277220
Diagram the system as a control structure
Control Algorithm
Model of Process
Actuator Sensor
Controlled Process
AutomatedController
Lawrence Livermore National Laboratory LLNL-PRES-72277221
Control Algorithm
Model of Process
DoorActuator
DoorSensor
Physical DoorMechanical Force Mechanical Position
Commands-Open door stop opening door-Close door stop closing door
Other Inputs-Train motion-Train position-Emergency Indicator
Feedback-Door position-Door clear
Control Commands Status
Lawrence Livermore National Laboratory LLNL-PRES-72277222
Identify Hazards that can cause accidents using guide phrases
1 A safety control action is not provided or is not followed
2 An unsafe control action is provided
3 A safety control action is provided too late or out of sequence
4 A safety control action is stopped too soon or applied too long
Lawrence Livermore National Laboratory LLNL-PRES-72277223
Control Action
Train Motion
Train Position Emer Door State
HazardRisk
Open not provided Stopped Aligned No
Person not in doorway No
Open not provided Stopped Not AlignedNo
Person not in doorway No
Open not provided Stopped Aligned No
Person in doorway Yes (H-2)
Open not provided Stopped Not AlignedNo
Person in doorway No
Open not provided Stopped NA Yes NA Yes (H-3)Open not provided Moving NA NA NA No
Prefatory STPA context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277224
Control Action
Train Motion
Train Position Emer
HazardRisk Any
HazardRisk Early
HazardRisk Late
Open Moving NA No Yes (H-1) Yes (H-1) Yes (H-1)
Open Moving NA Yes Yes (H-1) Yes (H-1) Yes (H-1)
Open Stopped NA Yes No No Yes (H-3)
Open StoppedNot Aligned No Yes (H-5) Yes (H-5) Yes (H-5)
Open Stopped Aligned No No No No
Prefatory STPAcontext tables
Lawrence Livermore National Laboratory LLNL-PRES-72277225
Prefatory STPAAnalysis of context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277226
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277227
Open Provided Open Not Provided
Open Provided Too Late or Out of Sequence Open Stopped Too Soon or Applied Too Long
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not P
Ope
Case 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uen
Open
Prov
ided
Too
Late
or O
ut o
f S
Open
Prov
ided
Too
Late
or O
Open
Prov
ided
Too
Lat
Open
Prov
ided
T
Open
Pro
Op
Case 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o
Open St
opped Too So
on or App
Open St
opped Too So
on
Open St
opped To
Open St
op
Op
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277228
And Or ChartOr
Stopped F T Aligned F
And Emergency F Obstructed ClosedUse null (del) or blank for d
Open Not Provided WhenStopped = F Or (Stopped = T And Aligned = F And Alarm = F) Or (Stopped = T And Closed = F)
And Or ChartOr
Stopped T T TAligned T F T
And Alarm TObstructed TClosed Use null (del) or blank for don
Open Provided When(Stopped = T And Aligned = T) Or (Stopped = T And Aligned = T And Obstructed = T) Or (Stopped = T And Alarm = T)
Lawrence Livermore National Laboratory LLNL-PRES-72277229
And Or ChartOr
Stopped T T TAligned T T F
And Alarm TObstructed TClosedUse null (del) or blank for dont care
And Or ChartOr
Stopped T F Aligned
And Alarm Obstructed Closed
Open Provided Too Late of Out of SequenceStopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Open Stopped Too Soon or Applied Too Long Stopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Lawrence Livermore National Laboratory LLNL-PRES-72277230
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32And Or Chart
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F OrStopped F T
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F Aligned FAnd Emergency F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T Obstructed Closed
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T Use null (del) or blank for d
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T FHazards
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20
Hazomatic
Clear
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-7227724
The Internet Of Things Heat Map 2016 Where IoT Will Have The Biggest Impact On Digital Business by Michele Pelino and Frank E Gillett January 14 2016
Lawrence Livermore National Laboratory LLNL-PRES-7227725
ldquoInternet of Thingsrdquo security is hilariously broken and getting worse
Shodan search engine is only the latest reminder of why we need to fix IoT security1
1 J M Porup httpsarstechnicacomsecurity201601how-to-search-the-internet-of-things-for-photos-of-sleeping-babies
JM Porup
Lawrence Livermore National Laboratory LLNL-PRES-7227726
During software development identifybull Hazards Accidents (Death Injury) bull Risks Loss (Time Money Trust)bull Vulnerabilities Cyber Attack
Lawrence Livermore National Laboratory LLNL-PRES-7227727
Root Cause Analysis (RCA or the Five Whyrsquos) Developed by Sakichi Toyoda RCA was first used during the development of Toyotarsquos manufacturing processes in 1958
httpschapterstheiiaorgpittsburghEventsDocumentsRoot20Cause20Analysis20Presentationppt
Lawrence Livermore National Laboratory LLNL-PRES-7227728
Failure Modes and Effect Analysis (FMEA) was developed by reliability engineers in the late 1950s to study problems that might arise from malfunctions of military systems
Lawrence Livermore National Laboratory LLNL-PRES-7227729
Fault Tree Analysis (FTA) was originally developed in 1962 at Bell Laboratories by HA Watson under a US Air Force Ballistics Systems Division contract to evaluate the Minuteman I Intercontinental Ballistic Missile (ICBM) Launch Control System
Bill VeselyNASA HQ
Lawrence Livermore National Laboratory LLNL-PRES-72277210
IBM 709432768 words of memory36 bit wordFloating Point double precision300MB DiskCost 29 Million Safety Hazard ndash Dropping the 25
inch disk onto your foot
Lawrence Livermore National Laboratory LLNL-PRES-72277211
100 Million lines of code
14 Million lines of code
12 Million lines of code
wwhttpwinformationisbeautifulnetvisualizationsmillion-lines-of-code2 Billion lines of code
Lawrence Livermore National Laboratory LLNL-PRES-72277212
Nancy Leveson MIT Aeronautics and Aerospace Professor
One cannot rely solely on hazard analysis methods developed for hardware when performing hazard analysis for software
1995 2011
Lawrence Livermore National Laboratory LLNL-PRES-72277213
Hardware wears out
Software wears inhttpwwwonlineclassnotescom201301software-doesnt-wear-out-explain-thishtml
Lawrence Livermore National Laboratory LLNL-PRES-72277214
1 Three Mile Island
2 Vincennes (Iran Air Flight 655)
3 Cali (American Airlines Flight 965)
4 Ariane 501
5 Mars Climate Orbiter (MCO)
6 Mars Polar Lander (MPL)
7 TitanCentaurMilstar
8 SOHO (Solar Heliospheric Observatory)
9 Therac 25
10 ATT Phone System
11Kegworth British Midlands
12Asiana Flight 214
In no case did the software fail to execute Usual problem is requirements and interactions between components
Lawrence Livermore National Laboratory LLNL-PRES-72277215
Step 1Identify
PotentialAccidents
Step 2Identify
PotentialHazards
Risks
Step 3ModelThe
System
Step 4Create
TheContextTables
Step 5Plan
HazardRisk
MitigationStrategies
Lawrence Livermore National Laboratory LLNL-PRES-72277216
High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway
Doors shall open in an emergency
Lawrence Livermore National Laboratory LLNL-PRES-72277217
Doors shall remain open when someone is in the doorway
Doorway A volume of space extending from the top edge of the door frame to the floor of the car and 6 inches to either side
Someone A person or object that is detected within the doorway volume
Lawrence Livermore National Laboratory LLNL-PRES-72277218
A1 - Passenger falls out of moving train
A2 - Passengers not able to escape train during emergency
A3 - Passenger steps off stopped train not at platform
A4 ndash Doors close on passenger in doorway
Lawrence Livermore National Laboratory LLNL-PRES-72277219
H-1 Doors open when the train is moving (A-1)
H-2 Doors close while person in the doorway (A-4)
H-3 Doors stuck closed during emergency (A-2)
H-4 Doors stuck open (A-1 A-3)
H-5 Doors open when not aligned to platform (A-3)
Lawrence Livermore National Laboratory LLNL-PRES-72277220
Diagram the system as a control structure
Control Algorithm
Model of Process
Actuator Sensor
Controlled Process
AutomatedController
Lawrence Livermore National Laboratory LLNL-PRES-72277221
Control Algorithm
Model of Process
DoorActuator
DoorSensor
Physical DoorMechanical Force Mechanical Position
Commands-Open door stop opening door-Close door stop closing door
Other Inputs-Train motion-Train position-Emergency Indicator
Feedback-Door position-Door clear
Control Commands Status
Lawrence Livermore National Laboratory LLNL-PRES-72277222
Identify Hazards that can cause accidents using guide phrases
1 A safety control action is not provided or is not followed
2 An unsafe control action is provided
3 A safety control action is provided too late or out of sequence
4 A safety control action is stopped too soon or applied too long
Lawrence Livermore National Laboratory LLNL-PRES-72277223
Control Action
Train Motion
Train Position Emer Door State
HazardRisk
Open not provided Stopped Aligned No
Person not in doorway No
Open not provided Stopped Not AlignedNo
Person not in doorway No
Open not provided Stopped Aligned No
Person in doorway Yes (H-2)
Open not provided Stopped Not AlignedNo
Person in doorway No
Open not provided Stopped NA Yes NA Yes (H-3)Open not provided Moving NA NA NA No
Prefatory STPA context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277224
Control Action
Train Motion
Train Position Emer
HazardRisk Any
HazardRisk Early
HazardRisk Late
Open Moving NA No Yes (H-1) Yes (H-1) Yes (H-1)
Open Moving NA Yes Yes (H-1) Yes (H-1) Yes (H-1)
Open Stopped NA Yes No No Yes (H-3)
Open StoppedNot Aligned No Yes (H-5) Yes (H-5) Yes (H-5)
Open Stopped Aligned No No No No
Prefatory STPAcontext tables
Lawrence Livermore National Laboratory LLNL-PRES-72277225
Prefatory STPAAnalysis of context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277226
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277227
Open Provided Open Not Provided
Open Provided Too Late or Out of Sequence Open Stopped Too Soon or Applied Too Long
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not P
Ope
Case 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uen
Open
Prov
ided
Too
Late
or O
ut o
f S
Open
Prov
ided
Too
Late
or O
Open
Prov
ided
Too
Lat
Open
Prov
ided
T
Open
Pro
Op
Case 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o
Open St
opped Too So
on or App
Open St
opped Too So
on
Open St
opped To
Open St
op
Op
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277228
And Or ChartOr
Stopped F T Aligned F
And Emergency F Obstructed ClosedUse null (del) or blank for d
Open Not Provided WhenStopped = F Or (Stopped = T And Aligned = F And Alarm = F) Or (Stopped = T And Closed = F)
And Or ChartOr
Stopped T T TAligned T F T
And Alarm TObstructed TClosed Use null (del) or blank for don
Open Provided When(Stopped = T And Aligned = T) Or (Stopped = T And Aligned = T And Obstructed = T) Or (Stopped = T And Alarm = T)
Lawrence Livermore National Laboratory LLNL-PRES-72277229
And Or ChartOr
Stopped T T TAligned T T F
And Alarm TObstructed TClosedUse null (del) or blank for dont care
And Or ChartOr
Stopped T F Aligned
And Alarm Obstructed Closed
Open Provided Too Late of Out of SequenceStopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Open Stopped Too Soon or Applied Too Long Stopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Lawrence Livermore National Laboratory LLNL-PRES-72277230
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32And Or Chart
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F OrStopped F T
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F Aligned FAnd Emergency F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T Obstructed Closed
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T Use null (del) or blank for d
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T FHazards
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20
Hazomatic
Clear
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-7227725
ldquoInternet of Thingsrdquo security is hilariously broken and getting worse
Shodan search engine is only the latest reminder of why we need to fix IoT security1
1 J M Porup httpsarstechnicacomsecurity201601how-to-search-the-internet-of-things-for-photos-of-sleeping-babies
JM Porup
Lawrence Livermore National Laboratory LLNL-PRES-7227726
During software development identifybull Hazards Accidents (Death Injury) bull Risks Loss (Time Money Trust)bull Vulnerabilities Cyber Attack
Lawrence Livermore National Laboratory LLNL-PRES-7227727
Root Cause Analysis (RCA or the Five Whyrsquos) Developed by Sakichi Toyoda RCA was first used during the development of Toyotarsquos manufacturing processes in 1958
httpschapterstheiiaorgpittsburghEventsDocumentsRoot20Cause20Analysis20Presentationppt
Lawrence Livermore National Laboratory LLNL-PRES-7227728
Failure Modes and Effect Analysis (FMEA) was developed by reliability engineers in the late 1950s to study problems that might arise from malfunctions of military systems
Lawrence Livermore National Laboratory LLNL-PRES-7227729
Fault Tree Analysis (FTA) was originally developed in 1962 at Bell Laboratories by HA Watson under a US Air Force Ballistics Systems Division contract to evaluate the Minuteman I Intercontinental Ballistic Missile (ICBM) Launch Control System
Bill VeselyNASA HQ
Lawrence Livermore National Laboratory LLNL-PRES-72277210
IBM 709432768 words of memory36 bit wordFloating Point double precision300MB DiskCost 29 Million Safety Hazard ndash Dropping the 25
inch disk onto your foot
Lawrence Livermore National Laboratory LLNL-PRES-72277211
100 Million lines of code
14 Million lines of code
12 Million lines of code
wwhttpwinformationisbeautifulnetvisualizationsmillion-lines-of-code2 Billion lines of code
Lawrence Livermore National Laboratory LLNL-PRES-72277212
Nancy Leveson MIT Aeronautics and Aerospace Professor
One cannot rely solely on hazard analysis methods developed for hardware when performing hazard analysis for software
1995 2011
Lawrence Livermore National Laboratory LLNL-PRES-72277213
Hardware wears out
Software wears inhttpwwwonlineclassnotescom201301software-doesnt-wear-out-explain-thishtml
Lawrence Livermore National Laboratory LLNL-PRES-72277214
1 Three Mile Island
2 Vincennes (Iran Air Flight 655)
3 Cali (American Airlines Flight 965)
4 Ariane 501
5 Mars Climate Orbiter (MCO)
6 Mars Polar Lander (MPL)
7 TitanCentaurMilstar
8 SOHO (Solar Heliospheric Observatory)
9 Therac 25
10 ATT Phone System
11Kegworth British Midlands
12Asiana Flight 214
In no case did the software fail to execute Usual problem is requirements and interactions between components
Lawrence Livermore National Laboratory LLNL-PRES-72277215
Step 1Identify
PotentialAccidents
Step 2Identify
PotentialHazards
Risks
Step 3ModelThe
System
Step 4Create
TheContextTables
Step 5Plan
HazardRisk
MitigationStrategies
Lawrence Livermore National Laboratory LLNL-PRES-72277216
High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway
Doors shall open in an emergency
Lawrence Livermore National Laboratory LLNL-PRES-72277217
Doors shall remain open when someone is in the doorway
Doorway A volume of space extending from the top edge of the door frame to the floor of the car and 6 inches to either side
Someone A person or object that is detected within the doorway volume
Lawrence Livermore National Laboratory LLNL-PRES-72277218
A1 - Passenger falls out of moving train
A2 - Passengers not able to escape train during emergency
A3 - Passenger steps off stopped train not at platform
A4 ndash Doors close on passenger in doorway
Lawrence Livermore National Laboratory LLNL-PRES-72277219
H-1 Doors open when the train is moving (A-1)
H-2 Doors close while person in the doorway (A-4)
H-3 Doors stuck closed during emergency (A-2)
H-4 Doors stuck open (A-1 A-3)
H-5 Doors open when not aligned to platform (A-3)
Lawrence Livermore National Laboratory LLNL-PRES-72277220
Diagram the system as a control structure
Control Algorithm
Model of Process
Actuator Sensor
Controlled Process
AutomatedController
Lawrence Livermore National Laboratory LLNL-PRES-72277221
Control Algorithm
Model of Process
DoorActuator
DoorSensor
Physical DoorMechanical Force Mechanical Position
Commands-Open door stop opening door-Close door stop closing door
Other Inputs-Train motion-Train position-Emergency Indicator
Feedback-Door position-Door clear
Control Commands Status
Lawrence Livermore National Laboratory LLNL-PRES-72277222
Identify Hazards that can cause accidents using guide phrases
1 A safety control action is not provided or is not followed
2 An unsafe control action is provided
3 A safety control action is provided too late or out of sequence
4 A safety control action is stopped too soon or applied too long
Lawrence Livermore National Laboratory LLNL-PRES-72277223
Control Action
Train Motion
Train Position Emer Door State
HazardRisk
Open not provided Stopped Aligned No
Person not in doorway No
Open not provided Stopped Not AlignedNo
Person not in doorway No
Open not provided Stopped Aligned No
Person in doorway Yes (H-2)
Open not provided Stopped Not AlignedNo
Person in doorway No
Open not provided Stopped NA Yes NA Yes (H-3)Open not provided Moving NA NA NA No
Prefatory STPA context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277224
Control Action
Train Motion
Train Position Emer
HazardRisk Any
HazardRisk Early
HazardRisk Late
Open Moving NA No Yes (H-1) Yes (H-1) Yes (H-1)
Open Moving NA Yes Yes (H-1) Yes (H-1) Yes (H-1)
Open Stopped NA Yes No No Yes (H-3)
Open StoppedNot Aligned No Yes (H-5) Yes (H-5) Yes (H-5)
Open Stopped Aligned No No No No
Prefatory STPAcontext tables
Lawrence Livermore National Laboratory LLNL-PRES-72277225
Prefatory STPAAnalysis of context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277226
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277227
Open Provided Open Not Provided
Open Provided Too Late or Out of Sequence Open Stopped Too Soon or Applied Too Long
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not P
Ope
Case 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uen
Open
Prov
ided
Too
Late
or O
ut o
f S
Open
Prov
ided
Too
Late
or O
Open
Prov
ided
Too
Lat
Open
Prov
ided
T
Open
Pro
Op
Case 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o
Open St
opped Too So
on or App
Open St
opped Too So
on
Open St
opped To
Open St
op
Op
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277228
And Or ChartOr
Stopped F T Aligned F
And Emergency F Obstructed ClosedUse null (del) or blank for d
Open Not Provided WhenStopped = F Or (Stopped = T And Aligned = F And Alarm = F) Or (Stopped = T And Closed = F)
And Or ChartOr
Stopped T T TAligned T F T
And Alarm TObstructed TClosed Use null (del) or blank for don
Open Provided When(Stopped = T And Aligned = T) Or (Stopped = T And Aligned = T And Obstructed = T) Or (Stopped = T And Alarm = T)
Lawrence Livermore National Laboratory LLNL-PRES-72277229
And Or ChartOr
Stopped T T TAligned T T F
And Alarm TObstructed TClosedUse null (del) or blank for dont care
And Or ChartOr
Stopped T F Aligned
And Alarm Obstructed Closed
Open Provided Too Late of Out of SequenceStopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Open Stopped Too Soon or Applied Too Long Stopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Lawrence Livermore National Laboratory LLNL-PRES-72277230
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32And Or Chart
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F OrStopped F T
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F Aligned FAnd Emergency F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T Obstructed Closed
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T Use null (del) or blank for d
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T FHazards
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20
Hazomatic
Clear
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-7227726
During software development identifybull Hazards Accidents (Death Injury) bull Risks Loss (Time Money Trust)bull Vulnerabilities Cyber Attack
Lawrence Livermore National Laboratory LLNL-PRES-7227727
Root Cause Analysis (RCA or the Five Whyrsquos) Developed by Sakichi Toyoda RCA was first used during the development of Toyotarsquos manufacturing processes in 1958
httpschapterstheiiaorgpittsburghEventsDocumentsRoot20Cause20Analysis20Presentationppt
Lawrence Livermore National Laboratory LLNL-PRES-7227728
Failure Modes and Effect Analysis (FMEA) was developed by reliability engineers in the late 1950s to study problems that might arise from malfunctions of military systems
Lawrence Livermore National Laboratory LLNL-PRES-7227729
Fault Tree Analysis (FTA) was originally developed in 1962 at Bell Laboratories by HA Watson under a US Air Force Ballistics Systems Division contract to evaluate the Minuteman I Intercontinental Ballistic Missile (ICBM) Launch Control System
Bill VeselyNASA HQ
Lawrence Livermore National Laboratory LLNL-PRES-72277210
IBM 709432768 words of memory36 bit wordFloating Point double precision300MB DiskCost 29 Million Safety Hazard ndash Dropping the 25
inch disk onto your foot
Lawrence Livermore National Laboratory LLNL-PRES-72277211
100 Million lines of code
14 Million lines of code
12 Million lines of code
wwhttpwinformationisbeautifulnetvisualizationsmillion-lines-of-code2 Billion lines of code
Lawrence Livermore National Laboratory LLNL-PRES-72277212
Nancy Leveson MIT Aeronautics and Aerospace Professor
One cannot rely solely on hazard analysis methods developed for hardware when performing hazard analysis for software
1995 2011
Lawrence Livermore National Laboratory LLNL-PRES-72277213
Hardware wears out
Software wears inhttpwwwonlineclassnotescom201301software-doesnt-wear-out-explain-thishtml
Lawrence Livermore National Laboratory LLNL-PRES-72277214
1 Three Mile Island
2 Vincennes (Iran Air Flight 655)
3 Cali (American Airlines Flight 965)
4 Ariane 501
5 Mars Climate Orbiter (MCO)
6 Mars Polar Lander (MPL)
7 TitanCentaurMilstar
8 SOHO (Solar Heliospheric Observatory)
9 Therac 25
10 ATT Phone System
11Kegworth British Midlands
12Asiana Flight 214
In no case did the software fail to execute Usual problem is requirements and interactions between components
Lawrence Livermore National Laboratory LLNL-PRES-72277215
Step 1Identify
PotentialAccidents
Step 2Identify
PotentialHazards
Risks
Step 3ModelThe
System
Step 4Create
TheContextTables
Step 5Plan
HazardRisk
MitigationStrategies
Lawrence Livermore National Laboratory LLNL-PRES-72277216
High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway
Doors shall open in an emergency
Lawrence Livermore National Laboratory LLNL-PRES-72277217
Doors shall remain open when someone is in the doorway
Doorway A volume of space extending from the top edge of the door frame to the floor of the car and 6 inches to either side
Someone A person or object that is detected within the doorway volume
Lawrence Livermore National Laboratory LLNL-PRES-72277218
A1 - Passenger falls out of moving train
A2 - Passengers not able to escape train during emergency
A3 - Passenger steps off stopped train not at platform
A4 ndash Doors close on passenger in doorway
Lawrence Livermore National Laboratory LLNL-PRES-72277219
H-1 Doors open when the train is moving (A-1)
H-2 Doors close while person in the doorway (A-4)
H-3 Doors stuck closed during emergency (A-2)
H-4 Doors stuck open (A-1 A-3)
H-5 Doors open when not aligned to platform (A-3)
Lawrence Livermore National Laboratory LLNL-PRES-72277220
Diagram the system as a control structure
Control Algorithm
Model of Process
Actuator Sensor
Controlled Process
AutomatedController
Lawrence Livermore National Laboratory LLNL-PRES-72277221
Control Algorithm
Model of Process
DoorActuator
DoorSensor
Physical DoorMechanical Force Mechanical Position
Commands-Open door stop opening door-Close door stop closing door
Other Inputs-Train motion-Train position-Emergency Indicator
Feedback-Door position-Door clear
Control Commands Status
Lawrence Livermore National Laboratory LLNL-PRES-72277222
Identify Hazards that can cause accidents using guide phrases
1 A safety control action is not provided or is not followed
2 An unsafe control action is provided
3 A safety control action is provided too late or out of sequence
4 A safety control action is stopped too soon or applied too long
Lawrence Livermore National Laboratory LLNL-PRES-72277223
Control Action
Train Motion
Train Position Emer Door State
HazardRisk
Open not provided Stopped Aligned No
Person not in doorway No
Open not provided Stopped Not AlignedNo
Person not in doorway No
Open not provided Stopped Aligned No
Person in doorway Yes (H-2)
Open not provided Stopped Not AlignedNo
Person in doorway No
Open not provided Stopped NA Yes NA Yes (H-3)Open not provided Moving NA NA NA No
Prefatory STPA context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277224
Control Action
Train Motion
Train Position Emer
HazardRisk Any
HazardRisk Early
HazardRisk Late
Open Moving NA No Yes (H-1) Yes (H-1) Yes (H-1)
Open Moving NA Yes Yes (H-1) Yes (H-1) Yes (H-1)
Open Stopped NA Yes No No Yes (H-3)
Open StoppedNot Aligned No Yes (H-5) Yes (H-5) Yes (H-5)
Open Stopped Aligned No No No No
Prefatory STPAcontext tables
Lawrence Livermore National Laboratory LLNL-PRES-72277225
Prefatory STPAAnalysis of context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277226
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277227
Open Provided Open Not Provided
Open Provided Too Late or Out of Sequence Open Stopped Too Soon or Applied Too Long
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not P
Ope
Case 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uen
Open
Prov
ided
Too
Late
or O
ut o
f S
Open
Prov
ided
Too
Late
or O
Open
Prov
ided
Too
Lat
Open
Prov
ided
T
Open
Pro
Op
Case 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o
Open St
opped Too So
on or App
Open St
opped Too So
on
Open St
opped To
Open St
op
Op
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277228
And Or ChartOr
Stopped F T Aligned F
And Emergency F Obstructed ClosedUse null (del) or blank for d
Open Not Provided WhenStopped = F Or (Stopped = T And Aligned = F And Alarm = F) Or (Stopped = T And Closed = F)
And Or ChartOr
Stopped T T TAligned T F T
And Alarm TObstructed TClosed Use null (del) or blank for don
Open Provided When(Stopped = T And Aligned = T) Or (Stopped = T And Aligned = T And Obstructed = T) Or (Stopped = T And Alarm = T)
Lawrence Livermore National Laboratory LLNL-PRES-72277229
And Or ChartOr
Stopped T T TAligned T T F
And Alarm TObstructed TClosedUse null (del) or blank for dont care
And Or ChartOr
Stopped T F Aligned
And Alarm Obstructed Closed
Open Provided Too Late of Out of SequenceStopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Open Stopped Too Soon or Applied Too Long Stopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Lawrence Livermore National Laboratory LLNL-PRES-72277230
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32And Or Chart
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F OrStopped F T
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F Aligned FAnd Emergency F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T Obstructed Closed
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T Use null (del) or blank for d
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T FHazards
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20
Hazomatic
Clear
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-7227727
Root Cause Analysis (RCA or the Five Whyrsquos) Developed by Sakichi Toyoda RCA was first used during the development of Toyotarsquos manufacturing processes in 1958
httpschapterstheiiaorgpittsburghEventsDocumentsRoot20Cause20Analysis20Presentationppt
Lawrence Livermore National Laboratory LLNL-PRES-7227728
Failure Modes and Effect Analysis (FMEA) was developed by reliability engineers in the late 1950s to study problems that might arise from malfunctions of military systems
Lawrence Livermore National Laboratory LLNL-PRES-7227729
Fault Tree Analysis (FTA) was originally developed in 1962 at Bell Laboratories by HA Watson under a US Air Force Ballistics Systems Division contract to evaluate the Minuteman I Intercontinental Ballistic Missile (ICBM) Launch Control System
Bill VeselyNASA HQ
Lawrence Livermore National Laboratory LLNL-PRES-72277210
IBM 709432768 words of memory36 bit wordFloating Point double precision300MB DiskCost 29 Million Safety Hazard ndash Dropping the 25
inch disk onto your foot
Lawrence Livermore National Laboratory LLNL-PRES-72277211
100 Million lines of code
14 Million lines of code
12 Million lines of code
wwhttpwinformationisbeautifulnetvisualizationsmillion-lines-of-code2 Billion lines of code
Lawrence Livermore National Laboratory LLNL-PRES-72277212
Nancy Leveson MIT Aeronautics and Aerospace Professor
One cannot rely solely on hazard analysis methods developed for hardware when performing hazard analysis for software
1995 2011
Lawrence Livermore National Laboratory LLNL-PRES-72277213
Hardware wears out
Software wears inhttpwwwonlineclassnotescom201301software-doesnt-wear-out-explain-thishtml
Lawrence Livermore National Laboratory LLNL-PRES-72277214
1 Three Mile Island
2 Vincennes (Iran Air Flight 655)
3 Cali (American Airlines Flight 965)
4 Ariane 501
5 Mars Climate Orbiter (MCO)
6 Mars Polar Lander (MPL)
7 TitanCentaurMilstar
8 SOHO (Solar Heliospheric Observatory)
9 Therac 25
10 ATT Phone System
11Kegworth British Midlands
12Asiana Flight 214
In no case did the software fail to execute Usual problem is requirements and interactions between components
Lawrence Livermore National Laboratory LLNL-PRES-72277215
Step 1Identify
PotentialAccidents
Step 2Identify
PotentialHazards
Risks
Step 3ModelThe
System
Step 4Create
TheContextTables
Step 5Plan
HazardRisk
MitigationStrategies
Lawrence Livermore National Laboratory LLNL-PRES-72277216
High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway
Doors shall open in an emergency
Lawrence Livermore National Laboratory LLNL-PRES-72277217
Doors shall remain open when someone is in the doorway
Doorway A volume of space extending from the top edge of the door frame to the floor of the car and 6 inches to either side
Someone A person or object that is detected within the doorway volume
Lawrence Livermore National Laboratory LLNL-PRES-72277218
A1 - Passenger falls out of moving train
A2 - Passengers not able to escape train during emergency
A3 - Passenger steps off stopped train not at platform
A4 ndash Doors close on passenger in doorway
Lawrence Livermore National Laboratory LLNL-PRES-72277219
H-1 Doors open when the train is moving (A-1)
H-2 Doors close while person in the doorway (A-4)
H-3 Doors stuck closed during emergency (A-2)
H-4 Doors stuck open (A-1 A-3)
H-5 Doors open when not aligned to platform (A-3)
Lawrence Livermore National Laboratory LLNL-PRES-72277220
Diagram the system as a control structure
Control Algorithm
Model of Process
Actuator Sensor
Controlled Process
AutomatedController
Lawrence Livermore National Laboratory LLNL-PRES-72277221
Control Algorithm
Model of Process
DoorActuator
DoorSensor
Physical DoorMechanical Force Mechanical Position
Commands-Open door stop opening door-Close door stop closing door
Other Inputs-Train motion-Train position-Emergency Indicator
Feedback-Door position-Door clear
Control Commands Status
Lawrence Livermore National Laboratory LLNL-PRES-72277222
Identify Hazards that can cause accidents using guide phrases
1 A safety control action is not provided or is not followed
2 An unsafe control action is provided
3 A safety control action is provided too late or out of sequence
4 A safety control action is stopped too soon or applied too long
Lawrence Livermore National Laboratory LLNL-PRES-72277223
Control Action
Train Motion
Train Position Emer Door State
HazardRisk
Open not provided Stopped Aligned No
Person not in doorway No
Open not provided Stopped Not AlignedNo
Person not in doorway No
Open not provided Stopped Aligned No
Person in doorway Yes (H-2)
Open not provided Stopped Not AlignedNo
Person in doorway No
Open not provided Stopped NA Yes NA Yes (H-3)Open not provided Moving NA NA NA No
Prefatory STPA context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277224
Control Action
Train Motion
Train Position Emer
HazardRisk Any
HazardRisk Early
HazardRisk Late
Open Moving NA No Yes (H-1) Yes (H-1) Yes (H-1)
Open Moving NA Yes Yes (H-1) Yes (H-1) Yes (H-1)
Open Stopped NA Yes No No Yes (H-3)
Open StoppedNot Aligned No Yes (H-5) Yes (H-5) Yes (H-5)
Open Stopped Aligned No No No No
Prefatory STPAcontext tables
Lawrence Livermore National Laboratory LLNL-PRES-72277225
Prefatory STPAAnalysis of context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277226
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277227
Open Provided Open Not Provided
Open Provided Too Late or Out of Sequence Open Stopped Too Soon or Applied Too Long
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not P
Ope
Case 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uen
Open
Prov
ided
Too
Late
or O
ut o
f S
Open
Prov
ided
Too
Late
or O
Open
Prov
ided
Too
Lat
Open
Prov
ided
T
Open
Pro
Op
Case 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o
Open St
opped Too So
on or App
Open St
opped Too So
on
Open St
opped To
Open St
op
Op
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277228
And Or ChartOr
Stopped F T Aligned F
And Emergency F Obstructed ClosedUse null (del) or blank for d
Open Not Provided WhenStopped = F Or (Stopped = T And Aligned = F And Alarm = F) Or (Stopped = T And Closed = F)
And Or ChartOr
Stopped T T TAligned T F T
And Alarm TObstructed TClosed Use null (del) or blank for don
Open Provided When(Stopped = T And Aligned = T) Or (Stopped = T And Aligned = T And Obstructed = T) Or (Stopped = T And Alarm = T)
Lawrence Livermore National Laboratory LLNL-PRES-72277229
And Or ChartOr
Stopped T T TAligned T T F
And Alarm TObstructed TClosedUse null (del) or blank for dont care
And Or ChartOr
Stopped T F Aligned
And Alarm Obstructed Closed
Open Provided Too Late of Out of SequenceStopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Open Stopped Too Soon or Applied Too Long Stopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Lawrence Livermore National Laboratory LLNL-PRES-72277230
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32And Or Chart
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F OrStopped F T
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F Aligned FAnd Emergency F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T Obstructed Closed
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T Use null (del) or blank for d
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T FHazards
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20
Hazomatic
Clear
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-7227728
Failure Modes and Effect Analysis (FMEA) was developed by reliability engineers in the late 1950s to study problems that might arise from malfunctions of military systems
Lawrence Livermore National Laboratory LLNL-PRES-7227729
Fault Tree Analysis (FTA) was originally developed in 1962 at Bell Laboratories by HA Watson under a US Air Force Ballistics Systems Division contract to evaluate the Minuteman I Intercontinental Ballistic Missile (ICBM) Launch Control System
Bill VeselyNASA HQ
Lawrence Livermore National Laboratory LLNL-PRES-72277210
IBM 709432768 words of memory36 bit wordFloating Point double precision300MB DiskCost 29 Million Safety Hazard ndash Dropping the 25
inch disk onto your foot
Lawrence Livermore National Laboratory LLNL-PRES-72277211
100 Million lines of code
14 Million lines of code
12 Million lines of code
wwhttpwinformationisbeautifulnetvisualizationsmillion-lines-of-code2 Billion lines of code
Lawrence Livermore National Laboratory LLNL-PRES-72277212
Nancy Leveson MIT Aeronautics and Aerospace Professor
One cannot rely solely on hazard analysis methods developed for hardware when performing hazard analysis for software
1995 2011
Lawrence Livermore National Laboratory LLNL-PRES-72277213
Hardware wears out
Software wears inhttpwwwonlineclassnotescom201301software-doesnt-wear-out-explain-thishtml
Lawrence Livermore National Laboratory LLNL-PRES-72277214
1 Three Mile Island
2 Vincennes (Iran Air Flight 655)
3 Cali (American Airlines Flight 965)
4 Ariane 501
5 Mars Climate Orbiter (MCO)
6 Mars Polar Lander (MPL)
7 TitanCentaurMilstar
8 SOHO (Solar Heliospheric Observatory)
9 Therac 25
10 ATT Phone System
11Kegworth British Midlands
12Asiana Flight 214
In no case did the software fail to execute Usual problem is requirements and interactions between components
Lawrence Livermore National Laboratory LLNL-PRES-72277215
Step 1Identify
PotentialAccidents
Step 2Identify
PotentialHazards
Risks
Step 3ModelThe
System
Step 4Create
TheContextTables
Step 5Plan
HazardRisk
MitigationStrategies
Lawrence Livermore National Laboratory LLNL-PRES-72277216
High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway
Doors shall open in an emergency
Lawrence Livermore National Laboratory LLNL-PRES-72277217
Doors shall remain open when someone is in the doorway
Doorway A volume of space extending from the top edge of the door frame to the floor of the car and 6 inches to either side
Someone A person or object that is detected within the doorway volume
Lawrence Livermore National Laboratory LLNL-PRES-72277218
A1 - Passenger falls out of moving train
A2 - Passengers not able to escape train during emergency
A3 - Passenger steps off stopped train not at platform
A4 ndash Doors close on passenger in doorway
Lawrence Livermore National Laboratory LLNL-PRES-72277219
H-1 Doors open when the train is moving (A-1)
H-2 Doors close while person in the doorway (A-4)
H-3 Doors stuck closed during emergency (A-2)
H-4 Doors stuck open (A-1 A-3)
H-5 Doors open when not aligned to platform (A-3)
Lawrence Livermore National Laboratory LLNL-PRES-72277220
Diagram the system as a control structure
Control Algorithm
Model of Process
Actuator Sensor
Controlled Process
AutomatedController
Lawrence Livermore National Laboratory LLNL-PRES-72277221
Control Algorithm
Model of Process
DoorActuator
DoorSensor
Physical DoorMechanical Force Mechanical Position
Commands-Open door stop opening door-Close door stop closing door
Other Inputs-Train motion-Train position-Emergency Indicator
Feedback-Door position-Door clear
Control Commands Status
Lawrence Livermore National Laboratory LLNL-PRES-72277222
Identify Hazards that can cause accidents using guide phrases
1 A safety control action is not provided or is not followed
2 An unsafe control action is provided
3 A safety control action is provided too late or out of sequence
4 A safety control action is stopped too soon or applied too long
Lawrence Livermore National Laboratory LLNL-PRES-72277223
Control Action
Train Motion
Train Position Emer Door State
HazardRisk
Open not provided Stopped Aligned No
Person not in doorway No
Open not provided Stopped Not AlignedNo
Person not in doorway No
Open not provided Stopped Aligned No
Person in doorway Yes (H-2)
Open not provided Stopped Not AlignedNo
Person in doorway No
Open not provided Stopped NA Yes NA Yes (H-3)Open not provided Moving NA NA NA No
Prefatory STPA context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277224
Control Action
Train Motion
Train Position Emer
HazardRisk Any
HazardRisk Early
HazardRisk Late
Open Moving NA No Yes (H-1) Yes (H-1) Yes (H-1)
Open Moving NA Yes Yes (H-1) Yes (H-1) Yes (H-1)
Open Stopped NA Yes No No Yes (H-3)
Open StoppedNot Aligned No Yes (H-5) Yes (H-5) Yes (H-5)
Open Stopped Aligned No No No No
Prefatory STPAcontext tables
Lawrence Livermore National Laboratory LLNL-PRES-72277225
Prefatory STPAAnalysis of context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277226
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277227
Open Provided Open Not Provided
Open Provided Too Late or Out of Sequence Open Stopped Too Soon or Applied Too Long
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not P
Ope
Case 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uen
Open
Prov
ided
Too
Late
or O
ut o
f S
Open
Prov
ided
Too
Late
or O
Open
Prov
ided
Too
Lat
Open
Prov
ided
T
Open
Pro
Op
Case 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o
Open St
opped Too So
on or App
Open St
opped Too So
on
Open St
opped To
Open St
op
Op
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277228
And Or ChartOr
Stopped F T Aligned F
And Emergency F Obstructed ClosedUse null (del) or blank for d
Open Not Provided WhenStopped = F Or (Stopped = T And Aligned = F And Alarm = F) Or (Stopped = T And Closed = F)
And Or ChartOr
Stopped T T TAligned T F T
And Alarm TObstructed TClosed Use null (del) or blank for don
Open Provided When(Stopped = T And Aligned = T) Or (Stopped = T And Aligned = T And Obstructed = T) Or (Stopped = T And Alarm = T)
Lawrence Livermore National Laboratory LLNL-PRES-72277229
And Or ChartOr
Stopped T T TAligned T T F
And Alarm TObstructed TClosedUse null (del) or blank for dont care
And Or ChartOr
Stopped T F Aligned
And Alarm Obstructed Closed
Open Provided Too Late of Out of SequenceStopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Open Stopped Too Soon or Applied Too Long Stopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Lawrence Livermore National Laboratory LLNL-PRES-72277230
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32And Or Chart
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F OrStopped F T
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F Aligned FAnd Emergency F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T Obstructed Closed
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T Use null (del) or blank for d
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T FHazards
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20
Hazomatic
Clear
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-7227729
Fault Tree Analysis (FTA) was originally developed in 1962 at Bell Laboratories by HA Watson under a US Air Force Ballistics Systems Division contract to evaluate the Minuteman I Intercontinental Ballistic Missile (ICBM) Launch Control System
Bill VeselyNASA HQ
Lawrence Livermore National Laboratory LLNL-PRES-72277210
IBM 709432768 words of memory36 bit wordFloating Point double precision300MB DiskCost 29 Million Safety Hazard ndash Dropping the 25
inch disk onto your foot
Lawrence Livermore National Laboratory LLNL-PRES-72277211
100 Million lines of code
14 Million lines of code
12 Million lines of code
wwhttpwinformationisbeautifulnetvisualizationsmillion-lines-of-code2 Billion lines of code
Lawrence Livermore National Laboratory LLNL-PRES-72277212
Nancy Leveson MIT Aeronautics and Aerospace Professor
One cannot rely solely on hazard analysis methods developed for hardware when performing hazard analysis for software
1995 2011
Lawrence Livermore National Laboratory LLNL-PRES-72277213
Hardware wears out
Software wears inhttpwwwonlineclassnotescom201301software-doesnt-wear-out-explain-thishtml
Lawrence Livermore National Laboratory LLNL-PRES-72277214
1 Three Mile Island
2 Vincennes (Iran Air Flight 655)
3 Cali (American Airlines Flight 965)
4 Ariane 501
5 Mars Climate Orbiter (MCO)
6 Mars Polar Lander (MPL)
7 TitanCentaurMilstar
8 SOHO (Solar Heliospheric Observatory)
9 Therac 25
10 ATT Phone System
11Kegworth British Midlands
12Asiana Flight 214
In no case did the software fail to execute Usual problem is requirements and interactions between components
Lawrence Livermore National Laboratory LLNL-PRES-72277215
Step 1Identify
PotentialAccidents
Step 2Identify
PotentialHazards
Risks
Step 3ModelThe
System
Step 4Create
TheContextTables
Step 5Plan
HazardRisk
MitigationStrategies
Lawrence Livermore National Laboratory LLNL-PRES-72277216
High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway
Doors shall open in an emergency
Lawrence Livermore National Laboratory LLNL-PRES-72277217
Doors shall remain open when someone is in the doorway
Doorway A volume of space extending from the top edge of the door frame to the floor of the car and 6 inches to either side
Someone A person or object that is detected within the doorway volume
Lawrence Livermore National Laboratory LLNL-PRES-72277218
A1 - Passenger falls out of moving train
A2 - Passengers not able to escape train during emergency
A3 - Passenger steps off stopped train not at platform
A4 ndash Doors close on passenger in doorway
Lawrence Livermore National Laboratory LLNL-PRES-72277219
H-1 Doors open when the train is moving (A-1)
H-2 Doors close while person in the doorway (A-4)
H-3 Doors stuck closed during emergency (A-2)
H-4 Doors stuck open (A-1 A-3)
H-5 Doors open when not aligned to platform (A-3)
Lawrence Livermore National Laboratory LLNL-PRES-72277220
Diagram the system as a control structure
Control Algorithm
Model of Process
Actuator Sensor
Controlled Process
AutomatedController
Lawrence Livermore National Laboratory LLNL-PRES-72277221
Control Algorithm
Model of Process
DoorActuator
DoorSensor
Physical DoorMechanical Force Mechanical Position
Commands-Open door stop opening door-Close door stop closing door
Other Inputs-Train motion-Train position-Emergency Indicator
Feedback-Door position-Door clear
Control Commands Status
Lawrence Livermore National Laboratory LLNL-PRES-72277222
Identify Hazards that can cause accidents using guide phrases
1 A safety control action is not provided or is not followed
2 An unsafe control action is provided
3 A safety control action is provided too late or out of sequence
4 A safety control action is stopped too soon or applied too long
Lawrence Livermore National Laboratory LLNL-PRES-72277223
Control Action
Train Motion
Train Position Emer Door State
HazardRisk
Open not provided Stopped Aligned No
Person not in doorway No
Open not provided Stopped Not AlignedNo
Person not in doorway No
Open not provided Stopped Aligned No
Person in doorway Yes (H-2)
Open not provided Stopped Not AlignedNo
Person in doorway No
Open not provided Stopped NA Yes NA Yes (H-3)Open not provided Moving NA NA NA No
Prefatory STPA context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277224
Control Action
Train Motion
Train Position Emer
HazardRisk Any
HazardRisk Early
HazardRisk Late
Open Moving NA No Yes (H-1) Yes (H-1) Yes (H-1)
Open Moving NA Yes Yes (H-1) Yes (H-1) Yes (H-1)
Open Stopped NA Yes No No Yes (H-3)
Open StoppedNot Aligned No Yes (H-5) Yes (H-5) Yes (H-5)
Open Stopped Aligned No No No No
Prefatory STPAcontext tables
Lawrence Livermore National Laboratory LLNL-PRES-72277225
Prefatory STPAAnalysis of context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277226
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277227
Open Provided Open Not Provided
Open Provided Too Late or Out of Sequence Open Stopped Too Soon or Applied Too Long
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not P
Ope
Case 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uen
Open
Prov
ided
Too
Late
or O
ut o
f S
Open
Prov
ided
Too
Late
or O
Open
Prov
ided
Too
Lat
Open
Prov
ided
T
Open
Pro
Op
Case 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o
Open St
opped Too So
on or App
Open St
opped Too So
on
Open St
opped To
Open St
op
Op
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277228
And Or ChartOr
Stopped F T Aligned F
And Emergency F Obstructed ClosedUse null (del) or blank for d
Open Not Provided WhenStopped = F Or (Stopped = T And Aligned = F And Alarm = F) Or (Stopped = T And Closed = F)
And Or ChartOr
Stopped T T TAligned T F T
And Alarm TObstructed TClosed Use null (del) or blank for don
Open Provided When(Stopped = T And Aligned = T) Or (Stopped = T And Aligned = T And Obstructed = T) Or (Stopped = T And Alarm = T)
Lawrence Livermore National Laboratory LLNL-PRES-72277229
And Or ChartOr
Stopped T T TAligned T T F
And Alarm TObstructed TClosedUse null (del) or blank for dont care
And Or ChartOr
Stopped T F Aligned
And Alarm Obstructed Closed
Open Provided Too Late of Out of SequenceStopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Open Stopped Too Soon or Applied Too Long Stopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Lawrence Livermore National Laboratory LLNL-PRES-72277230
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32And Or Chart
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F OrStopped F T
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F Aligned FAnd Emergency F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T Obstructed Closed
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T Use null (del) or blank for d
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T FHazards
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20
Hazomatic
Clear
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277210
IBM 709432768 words of memory36 bit wordFloating Point double precision300MB DiskCost 29 Million Safety Hazard ndash Dropping the 25
inch disk onto your foot
Lawrence Livermore National Laboratory LLNL-PRES-72277211
100 Million lines of code
14 Million lines of code
12 Million lines of code
wwhttpwinformationisbeautifulnetvisualizationsmillion-lines-of-code2 Billion lines of code
Lawrence Livermore National Laboratory LLNL-PRES-72277212
Nancy Leveson MIT Aeronautics and Aerospace Professor
One cannot rely solely on hazard analysis methods developed for hardware when performing hazard analysis for software
1995 2011
Lawrence Livermore National Laboratory LLNL-PRES-72277213
Hardware wears out
Software wears inhttpwwwonlineclassnotescom201301software-doesnt-wear-out-explain-thishtml
Lawrence Livermore National Laboratory LLNL-PRES-72277214
1 Three Mile Island
2 Vincennes (Iran Air Flight 655)
3 Cali (American Airlines Flight 965)
4 Ariane 501
5 Mars Climate Orbiter (MCO)
6 Mars Polar Lander (MPL)
7 TitanCentaurMilstar
8 SOHO (Solar Heliospheric Observatory)
9 Therac 25
10 ATT Phone System
11Kegworth British Midlands
12Asiana Flight 214
In no case did the software fail to execute Usual problem is requirements and interactions between components
Lawrence Livermore National Laboratory LLNL-PRES-72277215
Step 1Identify
PotentialAccidents
Step 2Identify
PotentialHazards
Risks
Step 3ModelThe
System
Step 4Create
TheContextTables
Step 5Plan
HazardRisk
MitigationStrategies
Lawrence Livermore National Laboratory LLNL-PRES-72277216
High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway
Doors shall open in an emergency
Lawrence Livermore National Laboratory LLNL-PRES-72277217
Doors shall remain open when someone is in the doorway
Doorway A volume of space extending from the top edge of the door frame to the floor of the car and 6 inches to either side
Someone A person or object that is detected within the doorway volume
Lawrence Livermore National Laboratory LLNL-PRES-72277218
A1 - Passenger falls out of moving train
A2 - Passengers not able to escape train during emergency
A3 - Passenger steps off stopped train not at platform
A4 ndash Doors close on passenger in doorway
Lawrence Livermore National Laboratory LLNL-PRES-72277219
H-1 Doors open when the train is moving (A-1)
H-2 Doors close while person in the doorway (A-4)
H-3 Doors stuck closed during emergency (A-2)
H-4 Doors stuck open (A-1 A-3)
H-5 Doors open when not aligned to platform (A-3)
Lawrence Livermore National Laboratory LLNL-PRES-72277220
Diagram the system as a control structure
Control Algorithm
Model of Process
Actuator Sensor
Controlled Process
AutomatedController
Lawrence Livermore National Laboratory LLNL-PRES-72277221
Control Algorithm
Model of Process
DoorActuator
DoorSensor
Physical DoorMechanical Force Mechanical Position
Commands-Open door stop opening door-Close door stop closing door
Other Inputs-Train motion-Train position-Emergency Indicator
Feedback-Door position-Door clear
Control Commands Status
Lawrence Livermore National Laboratory LLNL-PRES-72277222
Identify Hazards that can cause accidents using guide phrases
1 A safety control action is not provided or is not followed
2 An unsafe control action is provided
3 A safety control action is provided too late or out of sequence
4 A safety control action is stopped too soon or applied too long
Lawrence Livermore National Laboratory LLNL-PRES-72277223
Control Action
Train Motion
Train Position Emer Door State
HazardRisk
Open not provided Stopped Aligned No
Person not in doorway No
Open not provided Stopped Not AlignedNo
Person not in doorway No
Open not provided Stopped Aligned No
Person in doorway Yes (H-2)
Open not provided Stopped Not AlignedNo
Person in doorway No
Open not provided Stopped NA Yes NA Yes (H-3)Open not provided Moving NA NA NA No
Prefatory STPA context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277224
Control Action
Train Motion
Train Position Emer
HazardRisk Any
HazardRisk Early
HazardRisk Late
Open Moving NA No Yes (H-1) Yes (H-1) Yes (H-1)
Open Moving NA Yes Yes (H-1) Yes (H-1) Yes (H-1)
Open Stopped NA Yes No No Yes (H-3)
Open StoppedNot Aligned No Yes (H-5) Yes (H-5) Yes (H-5)
Open Stopped Aligned No No No No
Prefatory STPAcontext tables
Lawrence Livermore National Laboratory LLNL-PRES-72277225
Prefatory STPAAnalysis of context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277226
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277227
Open Provided Open Not Provided
Open Provided Too Late or Out of Sequence Open Stopped Too Soon or Applied Too Long
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not P
Ope
Case 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uen
Open
Prov
ided
Too
Late
or O
ut o
f S
Open
Prov
ided
Too
Late
or O
Open
Prov
ided
Too
Lat
Open
Prov
ided
T
Open
Pro
Op
Case 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o
Open St
opped Too So
on or App
Open St
opped Too So
on
Open St
opped To
Open St
op
Op
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277228
And Or ChartOr
Stopped F T Aligned F
And Emergency F Obstructed ClosedUse null (del) or blank for d
Open Not Provided WhenStopped = F Or (Stopped = T And Aligned = F And Alarm = F) Or (Stopped = T And Closed = F)
And Or ChartOr
Stopped T T TAligned T F T
And Alarm TObstructed TClosed Use null (del) or blank for don
Open Provided When(Stopped = T And Aligned = T) Or (Stopped = T And Aligned = T And Obstructed = T) Or (Stopped = T And Alarm = T)
Lawrence Livermore National Laboratory LLNL-PRES-72277229
And Or ChartOr
Stopped T T TAligned T T F
And Alarm TObstructed TClosedUse null (del) or blank for dont care
And Or ChartOr
Stopped T F Aligned
And Alarm Obstructed Closed
Open Provided Too Late of Out of SequenceStopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Open Stopped Too Soon or Applied Too Long Stopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Lawrence Livermore National Laboratory LLNL-PRES-72277230
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32And Or Chart
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F OrStopped F T
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F Aligned FAnd Emergency F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T Obstructed Closed
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T Use null (del) or blank for d
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T FHazards
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20
Hazomatic
Clear
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277211
100 Million lines of code
14 Million lines of code
12 Million lines of code
wwhttpwinformationisbeautifulnetvisualizationsmillion-lines-of-code2 Billion lines of code
Lawrence Livermore National Laboratory LLNL-PRES-72277212
Nancy Leveson MIT Aeronautics and Aerospace Professor
One cannot rely solely on hazard analysis methods developed for hardware when performing hazard analysis for software
1995 2011
Lawrence Livermore National Laboratory LLNL-PRES-72277213
Hardware wears out
Software wears inhttpwwwonlineclassnotescom201301software-doesnt-wear-out-explain-thishtml
Lawrence Livermore National Laboratory LLNL-PRES-72277214
1 Three Mile Island
2 Vincennes (Iran Air Flight 655)
3 Cali (American Airlines Flight 965)
4 Ariane 501
5 Mars Climate Orbiter (MCO)
6 Mars Polar Lander (MPL)
7 TitanCentaurMilstar
8 SOHO (Solar Heliospheric Observatory)
9 Therac 25
10 ATT Phone System
11Kegworth British Midlands
12Asiana Flight 214
In no case did the software fail to execute Usual problem is requirements and interactions between components
Lawrence Livermore National Laboratory LLNL-PRES-72277215
Step 1Identify
PotentialAccidents
Step 2Identify
PotentialHazards
Risks
Step 3ModelThe
System
Step 4Create
TheContextTables
Step 5Plan
HazardRisk
MitigationStrategies
Lawrence Livermore National Laboratory LLNL-PRES-72277216
High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway
Doors shall open in an emergency
Lawrence Livermore National Laboratory LLNL-PRES-72277217
Doors shall remain open when someone is in the doorway
Doorway A volume of space extending from the top edge of the door frame to the floor of the car and 6 inches to either side
Someone A person or object that is detected within the doorway volume
Lawrence Livermore National Laboratory LLNL-PRES-72277218
A1 - Passenger falls out of moving train
A2 - Passengers not able to escape train during emergency
A3 - Passenger steps off stopped train not at platform
A4 ndash Doors close on passenger in doorway
Lawrence Livermore National Laboratory LLNL-PRES-72277219
H-1 Doors open when the train is moving (A-1)
H-2 Doors close while person in the doorway (A-4)
H-3 Doors stuck closed during emergency (A-2)
H-4 Doors stuck open (A-1 A-3)
H-5 Doors open when not aligned to platform (A-3)
Lawrence Livermore National Laboratory LLNL-PRES-72277220
Diagram the system as a control structure
Control Algorithm
Model of Process
Actuator Sensor
Controlled Process
AutomatedController
Lawrence Livermore National Laboratory LLNL-PRES-72277221
Control Algorithm
Model of Process
DoorActuator
DoorSensor
Physical DoorMechanical Force Mechanical Position
Commands-Open door stop opening door-Close door stop closing door
Other Inputs-Train motion-Train position-Emergency Indicator
Feedback-Door position-Door clear
Control Commands Status
Lawrence Livermore National Laboratory LLNL-PRES-72277222
Identify Hazards that can cause accidents using guide phrases
1 A safety control action is not provided or is not followed
2 An unsafe control action is provided
3 A safety control action is provided too late or out of sequence
4 A safety control action is stopped too soon or applied too long
Lawrence Livermore National Laboratory LLNL-PRES-72277223
Control Action
Train Motion
Train Position Emer Door State
HazardRisk
Open not provided Stopped Aligned No
Person not in doorway No
Open not provided Stopped Not AlignedNo
Person not in doorway No
Open not provided Stopped Aligned No
Person in doorway Yes (H-2)
Open not provided Stopped Not AlignedNo
Person in doorway No
Open not provided Stopped NA Yes NA Yes (H-3)Open not provided Moving NA NA NA No
Prefatory STPA context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277224
Control Action
Train Motion
Train Position Emer
HazardRisk Any
HazardRisk Early
HazardRisk Late
Open Moving NA No Yes (H-1) Yes (H-1) Yes (H-1)
Open Moving NA Yes Yes (H-1) Yes (H-1) Yes (H-1)
Open Stopped NA Yes No No Yes (H-3)
Open StoppedNot Aligned No Yes (H-5) Yes (H-5) Yes (H-5)
Open Stopped Aligned No No No No
Prefatory STPAcontext tables
Lawrence Livermore National Laboratory LLNL-PRES-72277225
Prefatory STPAAnalysis of context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277226
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277227
Open Provided Open Not Provided
Open Provided Too Late or Out of Sequence Open Stopped Too Soon or Applied Too Long
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not P
Ope
Case 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uen
Open
Prov
ided
Too
Late
or O
ut o
f S
Open
Prov
ided
Too
Late
or O
Open
Prov
ided
Too
Lat
Open
Prov
ided
T
Open
Pro
Op
Case 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o
Open St
opped Too So
on or App
Open St
opped Too So
on
Open St
opped To
Open St
op
Op
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277228
And Or ChartOr
Stopped F T Aligned F
And Emergency F Obstructed ClosedUse null (del) or blank for d
Open Not Provided WhenStopped = F Or (Stopped = T And Aligned = F And Alarm = F) Or (Stopped = T And Closed = F)
And Or ChartOr
Stopped T T TAligned T F T
And Alarm TObstructed TClosed Use null (del) or blank for don
Open Provided When(Stopped = T And Aligned = T) Or (Stopped = T And Aligned = T And Obstructed = T) Or (Stopped = T And Alarm = T)
Lawrence Livermore National Laboratory LLNL-PRES-72277229
And Or ChartOr
Stopped T T TAligned T T F
And Alarm TObstructed TClosedUse null (del) or blank for dont care
And Or ChartOr
Stopped T F Aligned
And Alarm Obstructed Closed
Open Provided Too Late of Out of SequenceStopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Open Stopped Too Soon or Applied Too Long Stopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Lawrence Livermore National Laboratory LLNL-PRES-72277230
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32And Or Chart
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F OrStopped F T
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F Aligned FAnd Emergency F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T Obstructed Closed
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T Use null (del) or blank for d
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T FHazards
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20
Hazomatic
Clear
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277212
Nancy Leveson MIT Aeronautics and Aerospace Professor
One cannot rely solely on hazard analysis methods developed for hardware when performing hazard analysis for software
1995 2011
Lawrence Livermore National Laboratory LLNL-PRES-72277213
Hardware wears out
Software wears inhttpwwwonlineclassnotescom201301software-doesnt-wear-out-explain-thishtml
Lawrence Livermore National Laboratory LLNL-PRES-72277214
1 Three Mile Island
2 Vincennes (Iran Air Flight 655)
3 Cali (American Airlines Flight 965)
4 Ariane 501
5 Mars Climate Orbiter (MCO)
6 Mars Polar Lander (MPL)
7 TitanCentaurMilstar
8 SOHO (Solar Heliospheric Observatory)
9 Therac 25
10 ATT Phone System
11Kegworth British Midlands
12Asiana Flight 214
In no case did the software fail to execute Usual problem is requirements and interactions between components
Lawrence Livermore National Laboratory LLNL-PRES-72277215
Step 1Identify
PotentialAccidents
Step 2Identify
PotentialHazards
Risks
Step 3ModelThe
System
Step 4Create
TheContextTables
Step 5Plan
HazardRisk
MitigationStrategies
Lawrence Livermore National Laboratory LLNL-PRES-72277216
High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway
Doors shall open in an emergency
Lawrence Livermore National Laboratory LLNL-PRES-72277217
Doors shall remain open when someone is in the doorway
Doorway A volume of space extending from the top edge of the door frame to the floor of the car and 6 inches to either side
Someone A person or object that is detected within the doorway volume
Lawrence Livermore National Laboratory LLNL-PRES-72277218
A1 - Passenger falls out of moving train
A2 - Passengers not able to escape train during emergency
A3 - Passenger steps off stopped train not at platform
A4 ndash Doors close on passenger in doorway
Lawrence Livermore National Laboratory LLNL-PRES-72277219
H-1 Doors open when the train is moving (A-1)
H-2 Doors close while person in the doorway (A-4)
H-3 Doors stuck closed during emergency (A-2)
H-4 Doors stuck open (A-1 A-3)
H-5 Doors open when not aligned to platform (A-3)
Lawrence Livermore National Laboratory LLNL-PRES-72277220
Diagram the system as a control structure
Control Algorithm
Model of Process
Actuator Sensor
Controlled Process
AutomatedController
Lawrence Livermore National Laboratory LLNL-PRES-72277221
Control Algorithm
Model of Process
DoorActuator
DoorSensor
Physical DoorMechanical Force Mechanical Position
Commands-Open door stop opening door-Close door stop closing door
Other Inputs-Train motion-Train position-Emergency Indicator
Feedback-Door position-Door clear
Control Commands Status
Lawrence Livermore National Laboratory LLNL-PRES-72277222
Identify Hazards that can cause accidents using guide phrases
1 A safety control action is not provided or is not followed
2 An unsafe control action is provided
3 A safety control action is provided too late or out of sequence
4 A safety control action is stopped too soon or applied too long
Lawrence Livermore National Laboratory LLNL-PRES-72277223
Control Action
Train Motion
Train Position Emer Door State
HazardRisk
Open not provided Stopped Aligned No
Person not in doorway No
Open not provided Stopped Not AlignedNo
Person not in doorway No
Open not provided Stopped Aligned No
Person in doorway Yes (H-2)
Open not provided Stopped Not AlignedNo
Person in doorway No
Open not provided Stopped NA Yes NA Yes (H-3)Open not provided Moving NA NA NA No
Prefatory STPA context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277224
Control Action
Train Motion
Train Position Emer
HazardRisk Any
HazardRisk Early
HazardRisk Late
Open Moving NA No Yes (H-1) Yes (H-1) Yes (H-1)
Open Moving NA Yes Yes (H-1) Yes (H-1) Yes (H-1)
Open Stopped NA Yes No No Yes (H-3)
Open StoppedNot Aligned No Yes (H-5) Yes (H-5) Yes (H-5)
Open Stopped Aligned No No No No
Prefatory STPAcontext tables
Lawrence Livermore National Laboratory LLNL-PRES-72277225
Prefatory STPAAnalysis of context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277226
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277227
Open Provided Open Not Provided
Open Provided Too Late or Out of Sequence Open Stopped Too Soon or Applied Too Long
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not P
Ope
Case 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uen
Open
Prov
ided
Too
Late
or O
ut o
f S
Open
Prov
ided
Too
Late
or O
Open
Prov
ided
Too
Lat
Open
Prov
ided
T
Open
Pro
Op
Case 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o
Open St
opped Too So
on or App
Open St
opped Too So
on
Open St
opped To
Open St
op
Op
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277228
And Or ChartOr
Stopped F T Aligned F
And Emergency F Obstructed ClosedUse null (del) or blank for d
Open Not Provided WhenStopped = F Or (Stopped = T And Aligned = F And Alarm = F) Or (Stopped = T And Closed = F)
And Or ChartOr
Stopped T T TAligned T F T
And Alarm TObstructed TClosed Use null (del) or blank for don
Open Provided When(Stopped = T And Aligned = T) Or (Stopped = T And Aligned = T And Obstructed = T) Or (Stopped = T And Alarm = T)
Lawrence Livermore National Laboratory LLNL-PRES-72277229
And Or ChartOr
Stopped T T TAligned T T F
And Alarm TObstructed TClosedUse null (del) or blank for dont care
And Or ChartOr
Stopped T F Aligned
And Alarm Obstructed Closed
Open Provided Too Late of Out of SequenceStopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Open Stopped Too Soon or Applied Too Long Stopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Lawrence Livermore National Laboratory LLNL-PRES-72277230
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32And Or Chart
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F OrStopped F T
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F Aligned FAnd Emergency F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T Obstructed Closed
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T Use null (del) or blank for d
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T FHazards
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20
Hazomatic
Clear
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277213
Hardware wears out
Software wears inhttpwwwonlineclassnotescom201301software-doesnt-wear-out-explain-thishtml
Lawrence Livermore National Laboratory LLNL-PRES-72277214
1 Three Mile Island
2 Vincennes (Iran Air Flight 655)
3 Cali (American Airlines Flight 965)
4 Ariane 501
5 Mars Climate Orbiter (MCO)
6 Mars Polar Lander (MPL)
7 TitanCentaurMilstar
8 SOHO (Solar Heliospheric Observatory)
9 Therac 25
10 ATT Phone System
11Kegworth British Midlands
12Asiana Flight 214
In no case did the software fail to execute Usual problem is requirements and interactions between components
Lawrence Livermore National Laboratory LLNL-PRES-72277215
Step 1Identify
PotentialAccidents
Step 2Identify
PotentialHazards
Risks
Step 3ModelThe
System
Step 4Create
TheContextTables
Step 5Plan
HazardRisk
MitigationStrategies
Lawrence Livermore National Laboratory LLNL-PRES-72277216
High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway
Doors shall open in an emergency
Lawrence Livermore National Laboratory LLNL-PRES-72277217
Doors shall remain open when someone is in the doorway
Doorway A volume of space extending from the top edge of the door frame to the floor of the car and 6 inches to either side
Someone A person or object that is detected within the doorway volume
Lawrence Livermore National Laboratory LLNL-PRES-72277218
A1 - Passenger falls out of moving train
A2 - Passengers not able to escape train during emergency
A3 - Passenger steps off stopped train not at platform
A4 ndash Doors close on passenger in doorway
Lawrence Livermore National Laboratory LLNL-PRES-72277219
H-1 Doors open when the train is moving (A-1)
H-2 Doors close while person in the doorway (A-4)
H-3 Doors stuck closed during emergency (A-2)
H-4 Doors stuck open (A-1 A-3)
H-5 Doors open when not aligned to platform (A-3)
Lawrence Livermore National Laboratory LLNL-PRES-72277220
Diagram the system as a control structure
Control Algorithm
Model of Process
Actuator Sensor
Controlled Process
AutomatedController
Lawrence Livermore National Laboratory LLNL-PRES-72277221
Control Algorithm
Model of Process
DoorActuator
DoorSensor
Physical DoorMechanical Force Mechanical Position
Commands-Open door stop opening door-Close door stop closing door
Other Inputs-Train motion-Train position-Emergency Indicator
Feedback-Door position-Door clear
Control Commands Status
Lawrence Livermore National Laboratory LLNL-PRES-72277222
Identify Hazards that can cause accidents using guide phrases
1 A safety control action is not provided or is not followed
2 An unsafe control action is provided
3 A safety control action is provided too late or out of sequence
4 A safety control action is stopped too soon or applied too long
Lawrence Livermore National Laboratory LLNL-PRES-72277223
Control Action
Train Motion
Train Position Emer Door State
HazardRisk
Open not provided Stopped Aligned No
Person not in doorway No
Open not provided Stopped Not AlignedNo
Person not in doorway No
Open not provided Stopped Aligned No
Person in doorway Yes (H-2)
Open not provided Stopped Not AlignedNo
Person in doorway No
Open not provided Stopped NA Yes NA Yes (H-3)Open not provided Moving NA NA NA No
Prefatory STPA context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277224
Control Action
Train Motion
Train Position Emer
HazardRisk Any
HazardRisk Early
HazardRisk Late
Open Moving NA No Yes (H-1) Yes (H-1) Yes (H-1)
Open Moving NA Yes Yes (H-1) Yes (H-1) Yes (H-1)
Open Stopped NA Yes No No Yes (H-3)
Open StoppedNot Aligned No Yes (H-5) Yes (H-5) Yes (H-5)
Open Stopped Aligned No No No No
Prefatory STPAcontext tables
Lawrence Livermore National Laboratory LLNL-PRES-72277225
Prefatory STPAAnalysis of context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277226
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277227
Open Provided Open Not Provided
Open Provided Too Late or Out of Sequence Open Stopped Too Soon or Applied Too Long
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not P
Ope
Case 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uen
Open
Prov
ided
Too
Late
or O
ut o
f S
Open
Prov
ided
Too
Late
or O
Open
Prov
ided
Too
Lat
Open
Prov
ided
T
Open
Pro
Op
Case 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o
Open St
opped Too So
on or App
Open St
opped Too So
on
Open St
opped To
Open St
op
Op
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277228
And Or ChartOr
Stopped F T Aligned F
And Emergency F Obstructed ClosedUse null (del) or blank for d
Open Not Provided WhenStopped = F Or (Stopped = T And Aligned = F And Alarm = F) Or (Stopped = T And Closed = F)
And Or ChartOr
Stopped T T TAligned T F T
And Alarm TObstructed TClosed Use null (del) or blank for don
Open Provided When(Stopped = T And Aligned = T) Or (Stopped = T And Aligned = T And Obstructed = T) Or (Stopped = T And Alarm = T)
Lawrence Livermore National Laboratory LLNL-PRES-72277229
And Or ChartOr
Stopped T T TAligned T T F
And Alarm TObstructed TClosedUse null (del) or blank for dont care
And Or ChartOr
Stopped T F Aligned
And Alarm Obstructed Closed
Open Provided Too Late of Out of SequenceStopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Open Stopped Too Soon or Applied Too Long Stopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Lawrence Livermore National Laboratory LLNL-PRES-72277230
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32And Or Chart
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F OrStopped F T
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F Aligned FAnd Emergency F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T Obstructed Closed
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T Use null (del) or blank for d
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T FHazards
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20
Hazomatic
Clear
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277214
1 Three Mile Island
2 Vincennes (Iran Air Flight 655)
3 Cali (American Airlines Flight 965)
4 Ariane 501
5 Mars Climate Orbiter (MCO)
6 Mars Polar Lander (MPL)
7 TitanCentaurMilstar
8 SOHO (Solar Heliospheric Observatory)
9 Therac 25
10 ATT Phone System
11Kegworth British Midlands
12Asiana Flight 214
In no case did the software fail to execute Usual problem is requirements and interactions between components
Lawrence Livermore National Laboratory LLNL-PRES-72277215
Step 1Identify
PotentialAccidents
Step 2Identify
PotentialHazards
Risks
Step 3ModelThe
System
Step 4Create
TheContextTables
Step 5Plan
HazardRisk
MitigationStrategies
Lawrence Livermore National Laboratory LLNL-PRES-72277216
High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway
Doors shall open in an emergency
Lawrence Livermore National Laboratory LLNL-PRES-72277217
Doors shall remain open when someone is in the doorway
Doorway A volume of space extending from the top edge of the door frame to the floor of the car and 6 inches to either side
Someone A person or object that is detected within the doorway volume
Lawrence Livermore National Laboratory LLNL-PRES-72277218
A1 - Passenger falls out of moving train
A2 - Passengers not able to escape train during emergency
A3 - Passenger steps off stopped train not at platform
A4 ndash Doors close on passenger in doorway
Lawrence Livermore National Laboratory LLNL-PRES-72277219
H-1 Doors open when the train is moving (A-1)
H-2 Doors close while person in the doorway (A-4)
H-3 Doors stuck closed during emergency (A-2)
H-4 Doors stuck open (A-1 A-3)
H-5 Doors open when not aligned to platform (A-3)
Lawrence Livermore National Laboratory LLNL-PRES-72277220
Diagram the system as a control structure
Control Algorithm
Model of Process
Actuator Sensor
Controlled Process
AutomatedController
Lawrence Livermore National Laboratory LLNL-PRES-72277221
Control Algorithm
Model of Process
DoorActuator
DoorSensor
Physical DoorMechanical Force Mechanical Position
Commands-Open door stop opening door-Close door stop closing door
Other Inputs-Train motion-Train position-Emergency Indicator
Feedback-Door position-Door clear
Control Commands Status
Lawrence Livermore National Laboratory LLNL-PRES-72277222
Identify Hazards that can cause accidents using guide phrases
1 A safety control action is not provided or is not followed
2 An unsafe control action is provided
3 A safety control action is provided too late or out of sequence
4 A safety control action is stopped too soon or applied too long
Lawrence Livermore National Laboratory LLNL-PRES-72277223
Control Action
Train Motion
Train Position Emer Door State
HazardRisk
Open not provided Stopped Aligned No
Person not in doorway No
Open not provided Stopped Not AlignedNo
Person not in doorway No
Open not provided Stopped Aligned No
Person in doorway Yes (H-2)
Open not provided Stopped Not AlignedNo
Person in doorway No
Open not provided Stopped NA Yes NA Yes (H-3)Open not provided Moving NA NA NA No
Prefatory STPA context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277224
Control Action
Train Motion
Train Position Emer
HazardRisk Any
HazardRisk Early
HazardRisk Late
Open Moving NA No Yes (H-1) Yes (H-1) Yes (H-1)
Open Moving NA Yes Yes (H-1) Yes (H-1) Yes (H-1)
Open Stopped NA Yes No No Yes (H-3)
Open StoppedNot Aligned No Yes (H-5) Yes (H-5) Yes (H-5)
Open Stopped Aligned No No No No
Prefatory STPAcontext tables
Lawrence Livermore National Laboratory LLNL-PRES-72277225
Prefatory STPAAnalysis of context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277226
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277227
Open Provided Open Not Provided
Open Provided Too Late or Out of Sequence Open Stopped Too Soon or Applied Too Long
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not P
Ope
Case 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uen
Open
Prov
ided
Too
Late
or O
ut o
f S
Open
Prov
ided
Too
Late
or O
Open
Prov
ided
Too
Lat
Open
Prov
ided
T
Open
Pro
Op
Case 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o
Open St
opped Too So
on or App
Open St
opped Too So
on
Open St
opped To
Open St
op
Op
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277228
And Or ChartOr
Stopped F T Aligned F
And Emergency F Obstructed ClosedUse null (del) or blank for d
Open Not Provided WhenStopped = F Or (Stopped = T And Aligned = F And Alarm = F) Or (Stopped = T And Closed = F)
And Or ChartOr
Stopped T T TAligned T F T
And Alarm TObstructed TClosed Use null (del) or blank for don
Open Provided When(Stopped = T And Aligned = T) Or (Stopped = T And Aligned = T And Obstructed = T) Or (Stopped = T And Alarm = T)
Lawrence Livermore National Laboratory LLNL-PRES-72277229
And Or ChartOr
Stopped T T TAligned T T F
And Alarm TObstructed TClosedUse null (del) or blank for dont care
And Or ChartOr
Stopped T F Aligned
And Alarm Obstructed Closed
Open Provided Too Late of Out of SequenceStopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Open Stopped Too Soon or Applied Too Long Stopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Lawrence Livermore National Laboratory LLNL-PRES-72277230
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32And Or Chart
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F OrStopped F T
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F Aligned FAnd Emergency F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T Obstructed Closed
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T Use null (del) or blank for d
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T FHazards
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20
Hazomatic
Clear
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277215
Step 1Identify
PotentialAccidents
Step 2Identify
PotentialHazards
Risks
Step 3ModelThe
System
Step 4Create
TheContextTables
Step 5Plan
HazardRisk
MitigationStrategies
Lawrence Livermore National Laboratory LLNL-PRES-72277216
High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway
Doors shall open in an emergency
Lawrence Livermore National Laboratory LLNL-PRES-72277217
Doors shall remain open when someone is in the doorway
Doorway A volume of space extending from the top edge of the door frame to the floor of the car and 6 inches to either side
Someone A person or object that is detected within the doorway volume
Lawrence Livermore National Laboratory LLNL-PRES-72277218
A1 - Passenger falls out of moving train
A2 - Passengers not able to escape train during emergency
A3 - Passenger steps off stopped train not at platform
A4 ndash Doors close on passenger in doorway
Lawrence Livermore National Laboratory LLNL-PRES-72277219
H-1 Doors open when the train is moving (A-1)
H-2 Doors close while person in the doorway (A-4)
H-3 Doors stuck closed during emergency (A-2)
H-4 Doors stuck open (A-1 A-3)
H-5 Doors open when not aligned to platform (A-3)
Lawrence Livermore National Laboratory LLNL-PRES-72277220
Diagram the system as a control structure
Control Algorithm
Model of Process
Actuator Sensor
Controlled Process
AutomatedController
Lawrence Livermore National Laboratory LLNL-PRES-72277221
Control Algorithm
Model of Process
DoorActuator
DoorSensor
Physical DoorMechanical Force Mechanical Position
Commands-Open door stop opening door-Close door stop closing door
Other Inputs-Train motion-Train position-Emergency Indicator
Feedback-Door position-Door clear
Control Commands Status
Lawrence Livermore National Laboratory LLNL-PRES-72277222
Identify Hazards that can cause accidents using guide phrases
1 A safety control action is not provided or is not followed
2 An unsafe control action is provided
3 A safety control action is provided too late or out of sequence
4 A safety control action is stopped too soon or applied too long
Lawrence Livermore National Laboratory LLNL-PRES-72277223
Control Action
Train Motion
Train Position Emer Door State
HazardRisk
Open not provided Stopped Aligned No
Person not in doorway No
Open not provided Stopped Not AlignedNo
Person not in doorway No
Open not provided Stopped Aligned No
Person in doorway Yes (H-2)
Open not provided Stopped Not AlignedNo
Person in doorway No
Open not provided Stopped NA Yes NA Yes (H-3)Open not provided Moving NA NA NA No
Prefatory STPA context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277224
Control Action
Train Motion
Train Position Emer
HazardRisk Any
HazardRisk Early
HazardRisk Late
Open Moving NA No Yes (H-1) Yes (H-1) Yes (H-1)
Open Moving NA Yes Yes (H-1) Yes (H-1) Yes (H-1)
Open Stopped NA Yes No No Yes (H-3)
Open StoppedNot Aligned No Yes (H-5) Yes (H-5) Yes (H-5)
Open Stopped Aligned No No No No
Prefatory STPAcontext tables
Lawrence Livermore National Laboratory LLNL-PRES-72277225
Prefatory STPAAnalysis of context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277226
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277227
Open Provided Open Not Provided
Open Provided Too Late or Out of Sequence Open Stopped Too Soon or Applied Too Long
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not P
Ope
Case 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uen
Open
Prov
ided
Too
Late
or O
ut o
f S
Open
Prov
ided
Too
Late
or O
Open
Prov
ided
Too
Lat
Open
Prov
ided
T
Open
Pro
Op
Case 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o
Open St
opped Too So
on or App
Open St
opped Too So
on
Open St
opped To
Open St
op
Op
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277228
And Or ChartOr
Stopped F T Aligned F
And Emergency F Obstructed ClosedUse null (del) or blank for d
Open Not Provided WhenStopped = F Or (Stopped = T And Aligned = F And Alarm = F) Or (Stopped = T And Closed = F)
And Or ChartOr
Stopped T T TAligned T F T
And Alarm TObstructed TClosed Use null (del) or blank for don
Open Provided When(Stopped = T And Aligned = T) Or (Stopped = T And Aligned = T And Obstructed = T) Or (Stopped = T And Alarm = T)
Lawrence Livermore National Laboratory LLNL-PRES-72277229
And Or ChartOr
Stopped T T TAligned T T F
And Alarm TObstructed TClosedUse null (del) or blank for dont care
And Or ChartOr
Stopped T F Aligned
And Alarm Obstructed Closed
Open Provided Too Late of Out of SequenceStopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Open Stopped Too Soon or Applied Too Long Stopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Lawrence Livermore National Laboratory LLNL-PRES-72277230
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32And Or Chart
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F OrStopped F T
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F Aligned FAnd Emergency F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T Obstructed Closed
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T Use null (del) or blank for d
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T FHazards
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20
Hazomatic
Clear
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277216
High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway
Doors shall open in an emergency
Lawrence Livermore National Laboratory LLNL-PRES-72277217
Doors shall remain open when someone is in the doorway
Doorway A volume of space extending from the top edge of the door frame to the floor of the car and 6 inches to either side
Someone A person or object that is detected within the doorway volume
Lawrence Livermore National Laboratory LLNL-PRES-72277218
A1 - Passenger falls out of moving train
A2 - Passengers not able to escape train during emergency
A3 - Passenger steps off stopped train not at platform
A4 ndash Doors close on passenger in doorway
Lawrence Livermore National Laboratory LLNL-PRES-72277219
H-1 Doors open when the train is moving (A-1)
H-2 Doors close while person in the doorway (A-4)
H-3 Doors stuck closed during emergency (A-2)
H-4 Doors stuck open (A-1 A-3)
H-5 Doors open when not aligned to platform (A-3)
Lawrence Livermore National Laboratory LLNL-PRES-72277220
Diagram the system as a control structure
Control Algorithm
Model of Process
Actuator Sensor
Controlled Process
AutomatedController
Lawrence Livermore National Laboratory LLNL-PRES-72277221
Control Algorithm
Model of Process
DoorActuator
DoorSensor
Physical DoorMechanical Force Mechanical Position
Commands-Open door stop opening door-Close door stop closing door
Other Inputs-Train motion-Train position-Emergency Indicator
Feedback-Door position-Door clear
Control Commands Status
Lawrence Livermore National Laboratory LLNL-PRES-72277222
Identify Hazards that can cause accidents using guide phrases
1 A safety control action is not provided or is not followed
2 An unsafe control action is provided
3 A safety control action is provided too late or out of sequence
4 A safety control action is stopped too soon or applied too long
Lawrence Livermore National Laboratory LLNL-PRES-72277223
Control Action
Train Motion
Train Position Emer Door State
HazardRisk
Open not provided Stopped Aligned No
Person not in doorway No
Open not provided Stopped Not AlignedNo
Person not in doorway No
Open not provided Stopped Aligned No
Person in doorway Yes (H-2)
Open not provided Stopped Not AlignedNo
Person in doorway No
Open not provided Stopped NA Yes NA Yes (H-3)Open not provided Moving NA NA NA No
Prefatory STPA context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277224
Control Action
Train Motion
Train Position Emer
HazardRisk Any
HazardRisk Early
HazardRisk Late
Open Moving NA No Yes (H-1) Yes (H-1) Yes (H-1)
Open Moving NA Yes Yes (H-1) Yes (H-1) Yes (H-1)
Open Stopped NA Yes No No Yes (H-3)
Open StoppedNot Aligned No Yes (H-5) Yes (H-5) Yes (H-5)
Open Stopped Aligned No No No No
Prefatory STPAcontext tables
Lawrence Livermore National Laboratory LLNL-PRES-72277225
Prefatory STPAAnalysis of context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277226
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277227
Open Provided Open Not Provided
Open Provided Too Late or Out of Sequence Open Stopped Too Soon or Applied Too Long
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not P
Ope
Case 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uen
Open
Prov
ided
Too
Late
or O
ut o
f S
Open
Prov
ided
Too
Late
or O
Open
Prov
ided
Too
Lat
Open
Prov
ided
T
Open
Pro
Op
Case 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o
Open St
opped Too So
on or App
Open St
opped Too So
on
Open St
opped To
Open St
op
Op
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277228
And Or ChartOr
Stopped F T Aligned F
And Emergency F Obstructed ClosedUse null (del) or blank for d
Open Not Provided WhenStopped = F Or (Stopped = T And Aligned = F And Alarm = F) Or (Stopped = T And Closed = F)
And Or ChartOr
Stopped T T TAligned T F T
And Alarm TObstructed TClosed Use null (del) or blank for don
Open Provided When(Stopped = T And Aligned = T) Or (Stopped = T And Aligned = T And Obstructed = T) Or (Stopped = T And Alarm = T)
Lawrence Livermore National Laboratory LLNL-PRES-72277229
And Or ChartOr
Stopped T T TAligned T T F
And Alarm TObstructed TClosedUse null (del) or blank for dont care
And Or ChartOr
Stopped T F Aligned
And Alarm Obstructed Closed
Open Provided Too Late of Out of SequenceStopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Open Stopped Too Soon or Applied Too Long Stopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Lawrence Livermore National Laboratory LLNL-PRES-72277230
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32And Or Chart
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F OrStopped F T
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F Aligned FAnd Emergency F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T Obstructed Closed
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T Use null (del) or blank for d
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T FHazards
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20
Hazomatic
Clear
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277217
Doors shall remain open when someone is in the doorway
Doorway A volume of space extending from the top edge of the door frame to the floor of the car and 6 inches to either side
Someone A person or object that is detected within the doorway volume
Lawrence Livermore National Laboratory LLNL-PRES-72277218
A1 - Passenger falls out of moving train
A2 - Passengers not able to escape train during emergency
A3 - Passenger steps off stopped train not at platform
A4 ndash Doors close on passenger in doorway
Lawrence Livermore National Laboratory LLNL-PRES-72277219
H-1 Doors open when the train is moving (A-1)
H-2 Doors close while person in the doorway (A-4)
H-3 Doors stuck closed during emergency (A-2)
H-4 Doors stuck open (A-1 A-3)
H-5 Doors open when not aligned to platform (A-3)
Lawrence Livermore National Laboratory LLNL-PRES-72277220
Diagram the system as a control structure
Control Algorithm
Model of Process
Actuator Sensor
Controlled Process
AutomatedController
Lawrence Livermore National Laboratory LLNL-PRES-72277221
Control Algorithm
Model of Process
DoorActuator
DoorSensor
Physical DoorMechanical Force Mechanical Position
Commands-Open door stop opening door-Close door stop closing door
Other Inputs-Train motion-Train position-Emergency Indicator
Feedback-Door position-Door clear
Control Commands Status
Lawrence Livermore National Laboratory LLNL-PRES-72277222
Identify Hazards that can cause accidents using guide phrases
1 A safety control action is not provided or is not followed
2 An unsafe control action is provided
3 A safety control action is provided too late or out of sequence
4 A safety control action is stopped too soon or applied too long
Lawrence Livermore National Laboratory LLNL-PRES-72277223
Control Action
Train Motion
Train Position Emer Door State
HazardRisk
Open not provided Stopped Aligned No
Person not in doorway No
Open not provided Stopped Not AlignedNo
Person not in doorway No
Open not provided Stopped Aligned No
Person in doorway Yes (H-2)
Open not provided Stopped Not AlignedNo
Person in doorway No
Open not provided Stopped NA Yes NA Yes (H-3)Open not provided Moving NA NA NA No
Prefatory STPA context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277224
Control Action
Train Motion
Train Position Emer
HazardRisk Any
HazardRisk Early
HazardRisk Late
Open Moving NA No Yes (H-1) Yes (H-1) Yes (H-1)
Open Moving NA Yes Yes (H-1) Yes (H-1) Yes (H-1)
Open Stopped NA Yes No No Yes (H-3)
Open StoppedNot Aligned No Yes (H-5) Yes (H-5) Yes (H-5)
Open Stopped Aligned No No No No
Prefatory STPAcontext tables
Lawrence Livermore National Laboratory LLNL-PRES-72277225
Prefatory STPAAnalysis of context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277226
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277227
Open Provided Open Not Provided
Open Provided Too Late or Out of Sequence Open Stopped Too Soon or Applied Too Long
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not P
Ope
Case 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uen
Open
Prov
ided
Too
Late
or O
ut o
f S
Open
Prov
ided
Too
Late
or O
Open
Prov
ided
Too
Lat
Open
Prov
ided
T
Open
Pro
Op
Case 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o
Open St
opped Too So
on or App
Open St
opped Too So
on
Open St
opped To
Open St
op
Op
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277228
And Or ChartOr
Stopped F T Aligned F
And Emergency F Obstructed ClosedUse null (del) or blank for d
Open Not Provided WhenStopped = F Or (Stopped = T And Aligned = F And Alarm = F) Or (Stopped = T And Closed = F)
And Or ChartOr
Stopped T T TAligned T F T
And Alarm TObstructed TClosed Use null (del) or blank for don
Open Provided When(Stopped = T And Aligned = T) Or (Stopped = T And Aligned = T And Obstructed = T) Or (Stopped = T And Alarm = T)
Lawrence Livermore National Laboratory LLNL-PRES-72277229
And Or ChartOr
Stopped T T TAligned T T F
And Alarm TObstructed TClosedUse null (del) or blank for dont care
And Or ChartOr
Stopped T F Aligned
And Alarm Obstructed Closed
Open Provided Too Late of Out of SequenceStopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Open Stopped Too Soon or Applied Too Long Stopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Lawrence Livermore National Laboratory LLNL-PRES-72277230
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32And Or Chart
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F OrStopped F T
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F Aligned FAnd Emergency F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T Obstructed Closed
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T Use null (del) or blank for d
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T FHazards
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20
Hazomatic
Clear
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277218
A1 - Passenger falls out of moving train
A2 - Passengers not able to escape train during emergency
A3 - Passenger steps off stopped train not at platform
A4 ndash Doors close on passenger in doorway
Lawrence Livermore National Laboratory LLNL-PRES-72277219
H-1 Doors open when the train is moving (A-1)
H-2 Doors close while person in the doorway (A-4)
H-3 Doors stuck closed during emergency (A-2)
H-4 Doors stuck open (A-1 A-3)
H-5 Doors open when not aligned to platform (A-3)
Lawrence Livermore National Laboratory LLNL-PRES-72277220
Diagram the system as a control structure
Control Algorithm
Model of Process
Actuator Sensor
Controlled Process
AutomatedController
Lawrence Livermore National Laboratory LLNL-PRES-72277221
Control Algorithm
Model of Process
DoorActuator
DoorSensor
Physical DoorMechanical Force Mechanical Position
Commands-Open door stop opening door-Close door stop closing door
Other Inputs-Train motion-Train position-Emergency Indicator
Feedback-Door position-Door clear
Control Commands Status
Lawrence Livermore National Laboratory LLNL-PRES-72277222
Identify Hazards that can cause accidents using guide phrases
1 A safety control action is not provided or is not followed
2 An unsafe control action is provided
3 A safety control action is provided too late or out of sequence
4 A safety control action is stopped too soon or applied too long
Lawrence Livermore National Laboratory LLNL-PRES-72277223
Control Action
Train Motion
Train Position Emer Door State
HazardRisk
Open not provided Stopped Aligned No
Person not in doorway No
Open not provided Stopped Not AlignedNo
Person not in doorway No
Open not provided Stopped Aligned No
Person in doorway Yes (H-2)
Open not provided Stopped Not AlignedNo
Person in doorway No
Open not provided Stopped NA Yes NA Yes (H-3)Open not provided Moving NA NA NA No
Prefatory STPA context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277224
Control Action
Train Motion
Train Position Emer
HazardRisk Any
HazardRisk Early
HazardRisk Late
Open Moving NA No Yes (H-1) Yes (H-1) Yes (H-1)
Open Moving NA Yes Yes (H-1) Yes (H-1) Yes (H-1)
Open Stopped NA Yes No No Yes (H-3)
Open StoppedNot Aligned No Yes (H-5) Yes (H-5) Yes (H-5)
Open Stopped Aligned No No No No
Prefatory STPAcontext tables
Lawrence Livermore National Laboratory LLNL-PRES-72277225
Prefatory STPAAnalysis of context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277226
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277227
Open Provided Open Not Provided
Open Provided Too Late or Out of Sequence Open Stopped Too Soon or Applied Too Long
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not P
Ope
Case 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uen
Open
Prov
ided
Too
Late
or O
ut o
f S
Open
Prov
ided
Too
Late
or O
Open
Prov
ided
Too
Lat
Open
Prov
ided
T
Open
Pro
Op
Case 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o
Open St
opped Too So
on or App
Open St
opped Too So
on
Open St
opped To
Open St
op
Op
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277228
And Or ChartOr
Stopped F T Aligned F
And Emergency F Obstructed ClosedUse null (del) or blank for d
Open Not Provided WhenStopped = F Or (Stopped = T And Aligned = F And Alarm = F) Or (Stopped = T And Closed = F)
And Or ChartOr
Stopped T T TAligned T F T
And Alarm TObstructed TClosed Use null (del) or blank for don
Open Provided When(Stopped = T And Aligned = T) Or (Stopped = T And Aligned = T And Obstructed = T) Or (Stopped = T And Alarm = T)
Lawrence Livermore National Laboratory LLNL-PRES-72277229
And Or ChartOr
Stopped T T TAligned T T F
And Alarm TObstructed TClosedUse null (del) or blank for dont care
And Or ChartOr
Stopped T F Aligned
And Alarm Obstructed Closed
Open Provided Too Late of Out of SequenceStopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Open Stopped Too Soon or Applied Too Long Stopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Lawrence Livermore National Laboratory LLNL-PRES-72277230
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32And Or Chart
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F OrStopped F T
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F Aligned FAnd Emergency F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T Obstructed Closed
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T Use null (del) or blank for d
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T FHazards
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20
Hazomatic
Clear
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277219
H-1 Doors open when the train is moving (A-1)
H-2 Doors close while person in the doorway (A-4)
H-3 Doors stuck closed during emergency (A-2)
H-4 Doors stuck open (A-1 A-3)
H-5 Doors open when not aligned to platform (A-3)
Lawrence Livermore National Laboratory LLNL-PRES-72277220
Diagram the system as a control structure
Control Algorithm
Model of Process
Actuator Sensor
Controlled Process
AutomatedController
Lawrence Livermore National Laboratory LLNL-PRES-72277221
Control Algorithm
Model of Process
DoorActuator
DoorSensor
Physical DoorMechanical Force Mechanical Position
Commands-Open door stop opening door-Close door stop closing door
Other Inputs-Train motion-Train position-Emergency Indicator
Feedback-Door position-Door clear
Control Commands Status
Lawrence Livermore National Laboratory LLNL-PRES-72277222
Identify Hazards that can cause accidents using guide phrases
1 A safety control action is not provided or is not followed
2 An unsafe control action is provided
3 A safety control action is provided too late or out of sequence
4 A safety control action is stopped too soon or applied too long
Lawrence Livermore National Laboratory LLNL-PRES-72277223
Control Action
Train Motion
Train Position Emer Door State
HazardRisk
Open not provided Stopped Aligned No
Person not in doorway No
Open not provided Stopped Not AlignedNo
Person not in doorway No
Open not provided Stopped Aligned No
Person in doorway Yes (H-2)
Open not provided Stopped Not AlignedNo
Person in doorway No
Open not provided Stopped NA Yes NA Yes (H-3)Open not provided Moving NA NA NA No
Prefatory STPA context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277224
Control Action
Train Motion
Train Position Emer
HazardRisk Any
HazardRisk Early
HazardRisk Late
Open Moving NA No Yes (H-1) Yes (H-1) Yes (H-1)
Open Moving NA Yes Yes (H-1) Yes (H-1) Yes (H-1)
Open Stopped NA Yes No No Yes (H-3)
Open StoppedNot Aligned No Yes (H-5) Yes (H-5) Yes (H-5)
Open Stopped Aligned No No No No
Prefatory STPAcontext tables
Lawrence Livermore National Laboratory LLNL-PRES-72277225
Prefatory STPAAnalysis of context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277226
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277227
Open Provided Open Not Provided
Open Provided Too Late or Out of Sequence Open Stopped Too Soon or Applied Too Long
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not P
Ope
Case 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uen
Open
Prov
ided
Too
Late
or O
ut o
f S
Open
Prov
ided
Too
Late
or O
Open
Prov
ided
Too
Lat
Open
Prov
ided
T
Open
Pro
Op
Case 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o
Open St
opped Too So
on or App
Open St
opped Too So
on
Open St
opped To
Open St
op
Op
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277228
And Or ChartOr
Stopped F T Aligned F
And Emergency F Obstructed ClosedUse null (del) or blank for d
Open Not Provided WhenStopped = F Or (Stopped = T And Aligned = F And Alarm = F) Or (Stopped = T And Closed = F)
And Or ChartOr
Stopped T T TAligned T F T
And Alarm TObstructed TClosed Use null (del) or blank for don
Open Provided When(Stopped = T And Aligned = T) Or (Stopped = T And Aligned = T And Obstructed = T) Or (Stopped = T And Alarm = T)
Lawrence Livermore National Laboratory LLNL-PRES-72277229
And Or ChartOr
Stopped T T TAligned T T F
And Alarm TObstructed TClosedUse null (del) or blank for dont care
And Or ChartOr
Stopped T F Aligned
And Alarm Obstructed Closed
Open Provided Too Late of Out of SequenceStopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Open Stopped Too Soon or Applied Too Long Stopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Lawrence Livermore National Laboratory LLNL-PRES-72277230
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32And Or Chart
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F OrStopped F T
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F Aligned FAnd Emergency F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T Obstructed Closed
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T Use null (del) or blank for d
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T FHazards
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20
Hazomatic
Clear
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277220
Diagram the system as a control structure
Control Algorithm
Model of Process
Actuator Sensor
Controlled Process
AutomatedController
Lawrence Livermore National Laboratory LLNL-PRES-72277221
Control Algorithm
Model of Process
DoorActuator
DoorSensor
Physical DoorMechanical Force Mechanical Position
Commands-Open door stop opening door-Close door stop closing door
Other Inputs-Train motion-Train position-Emergency Indicator
Feedback-Door position-Door clear
Control Commands Status
Lawrence Livermore National Laboratory LLNL-PRES-72277222
Identify Hazards that can cause accidents using guide phrases
1 A safety control action is not provided or is not followed
2 An unsafe control action is provided
3 A safety control action is provided too late or out of sequence
4 A safety control action is stopped too soon or applied too long
Lawrence Livermore National Laboratory LLNL-PRES-72277223
Control Action
Train Motion
Train Position Emer Door State
HazardRisk
Open not provided Stopped Aligned No
Person not in doorway No
Open not provided Stopped Not AlignedNo
Person not in doorway No
Open not provided Stopped Aligned No
Person in doorway Yes (H-2)
Open not provided Stopped Not AlignedNo
Person in doorway No
Open not provided Stopped NA Yes NA Yes (H-3)Open not provided Moving NA NA NA No
Prefatory STPA context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277224
Control Action
Train Motion
Train Position Emer
HazardRisk Any
HazardRisk Early
HazardRisk Late
Open Moving NA No Yes (H-1) Yes (H-1) Yes (H-1)
Open Moving NA Yes Yes (H-1) Yes (H-1) Yes (H-1)
Open Stopped NA Yes No No Yes (H-3)
Open StoppedNot Aligned No Yes (H-5) Yes (H-5) Yes (H-5)
Open Stopped Aligned No No No No
Prefatory STPAcontext tables
Lawrence Livermore National Laboratory LLNL-PRES-72277225
Prefatory STPAAnalysis of context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277226
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277227
Open Provided Open Not Provided
Open Provided Too Late or Out of Sequence Open Stopped Too Soon or Applied Too Long
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not P
Ope
Case 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uen
Open
Prov
ided
Too
Late
or O
ut o
f S
Open
Prov
ided
Too
Late
or O
Open
Prov
ided
Too
Lat
Open
Prov
ided
T
Open
Pro
Op
Case 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o
Open St
opped Too So
on or App
Open St
opped Too So
on
Open St
opped To
Open St
op
Op
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277228
And Or ChartOr
Stopped F T Aligned F
And Emergency F Obstructed ClosedUse null (del) or blank for d
Open Not Provided WhenStopped = F Or (Stopped = T And Aligned = F And Alarm = F) Or (Stopped = T And Closed = F)
And Or ChartOr
Stopped T T TAligned T F T
And Alarm TObstructed TClosed Use null (del) or blank for don
Open Provided When(Stopped = T And Aligned = T) Or (Stopped = T And Aligned = T And Obstructed = T) Or (Stopped = T And Alarm = T)
Lawrence Livermore National Laboratory LLNL-PRES-72277229
And Or ChartOr
Stopped T T TAligned T T F
And Alarm TObstructed TClosedUse null (del) or blank for dont care
And Or ChartOr
Stopped T F Aligned
And Alarm Obstructed Closed
Open Provided Too Late of Out of SequenceStopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Open Stopped Too Soon or Applied Too Long Stopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Lawrence Livermore National Laboratory LLNL-PRES-72277230
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32And Or Chart
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F OrStopped F T
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F Aligned FAnd Emergency F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T Obstructed Closed
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T Use null (del) or blank for d
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T FHazards
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20
Hazomatic
Clear
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277221
Control Algorithm
Model of Process
DoorActuator
DoorSensor
Physical DoorMechanical Force Mechanical Position
Commands-Open door stop opening door-Close door stop closing door
Other Inputs-Train motion-Train position-Emergency Indicator
Feedback-Door position-Door clear
Control Commands Status
Lawrence Livermore National Laboratory LLNL-PRES-72277222
Identify Hazards that can cause accidents using guide phrases
1 A safety control action is not provided or is not followed
2 An unsafe control action is provided
3 A safety control action is provided too late or out of sequence
4 A safety control action is stopped too soon or applied too long
Lawrence Livermore National Laboratory LLNL-PRES-72277223
Control Action
Train Motion
Train Position Emer Door State
HazardRisk
Open not provided Stopped Aligned No
Person not in doorway No
Open not provided Stopped Not AlignedNo
Person not in doorway No
Open not provided Stopped Aligned No
Person in doorway Yes (H-2)
Open not provided Stopped Not AlignedNo
Person in doorway No
Open not provided Stopped NA Yes NA Yes (H-3)Open not provided Moving NA NA NA No
Prefatory STPA context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277224
Control Action
Train Motion
Train Position Emer
HazardRisk Any
HazardRisk Early
HazardRisk Late
Open Moving NA No Yes (H-1) Yes (H-1) Yes (H-1)
Open Moving NA Yes Yes (H-1) Yes (H-1) Yes (H-1)
Open Stopped NA Yes No No Yes (H-3)
Open StoppedNot Aligned No Yes (H-5) Yes (H-5) Yes (H-5)
Open Stopped Aligned No No No No
Prefatory STPAcontext tables
Lawrence Livermore National Laboratory LLNL-PRES-72277225
Prefatory STPAAnalysis of context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277226
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277227
Open Provided Open Not Provided
Open Provided Too Late or Out of Sequence Open Stopped Too Soon or Applied Too Long
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not P
Ope
Case 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uen
Open
Prov
ided
Too
Late
or O
ut o
f S
Open
Prov
ided
Too
Late
or O
Open
Prov
ided
Too
Lat
Open
Prov
ided
T
Open
Pro
Op
Case 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o
Open St
opped Too So
on or App
Open St
opped Too So
on
Open St
opped To
Open St
op
Op
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277228
And Or ChartOr
Stopped F T Aligned F
And Emergency F Obstructed ClosedUse null (del) or blank for d
Open Not Provided WhenStopped = F Or (Stopped = T And Aligned = F And Alarm = F) Or (Stopped = T And Closed = F)
And Or ChartOr
Stopped T T TAligned T F T
And Alarm TObstructed TClosed Use null (del) or blank for don
Open Provided When(Stopped = T And Aligned = T) Or (Stopped = T And Aligned = T And Obstructed = T) Or (Stopped = T And Alarm = T)
Lawrence Livermore National Laboratory LLNL-PRES-72277229
And Or ChartOr
Stopped T T TAligned T T F
And Alarm TObstructed TClosedUse null (del) or blank for dont care
And Or ChartOr
Stopped T F Aligned
And Alarm Obstructed Closed
Open Provided Too Late of Out of SequenceStopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Open Stopped Too Soon or Applied Too Long Stopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Lawrence Livermore National Laboratory LLNL-PRES-72277230
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32And Or Chart
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F OrStopped F T
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F Aligned FAnd Emergency F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T Obstructed Closed
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T Use null (del) or blank for d
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T FHazards
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20
Hazomatic
Clear
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277222
Identify Hazards that can cause accidents using guide phrases
1 A safety control action is not provided or is not followed
2 An unsafe control action is provided
3 A safety control action is provided too late or out of sequence
4 A safety control action is stopped too soon or applied too long
Lawrence Livermore National Laboratory LLNL-PRES-72277223
Control Action
Train Motion
Train Position Emer Door State
HazardRisk
Open not provided Stopped Aligned No
Person not in doorway No
Open not provided Stopped Not AlignedNo
Person not in doorway No
Open not provided Stopped Aligned No
Person in doorway Yes (H-2)
Open not provided Stopped Not AlignedNo
Person in doorway No
Open not provided Stopped NA Yes NA Yes (H-3)Open not provided Moving NA NA NA No
Prefatory STPA context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277224
Control Action
Train Motion
Train Position Emer
HazardRisk Any
HazardRisk Early
HazardRisk Late
Open Moving NA No Yes (H-1) Yes (H-1) Yes (H-1)
Open Moving NA Yes Yes (H-1) Yes (H-1) Yes (H-1)
Open Stopped NA Yes No No Yes (H-3)
Open StoppedNot Aligned No Yes (H-5) Yes (H-5) Yes (H-5)
Open Stopped Aligned No No No No
Prefatory STPAcontext tables
Lawrence Livermore National Laboratory LLNL-PRES-72277225
Prefatory STPAAnalysis of context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277226
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277227
Open Provided Open Not Provided
Open Provided Too Late or Out of Sequence Open Stopped Too Soon or Applied Too Long
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not P
Ope
Case 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uen
Open
Prov
ided
Too
Late
or O
ut o
f S
Open
Prov
ided
Too
Late
or O
Open
Prov
ided
Too
Lat
Open
Prov
ided
T
Open
Pro
Op
Case 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o
Open St
opped Too So
on or App
Open St
opped Too So
on
Open St
opped To
Open St
op
Op
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277228
And Or ChartOr
Stopped F T Aligned F
And Emergency F Obstructed ClosedUse null (del) or blank for d
Open Not Provided WhenStopped = F Or (Stopped = T And Aligned = F And Alarm = F) Or (Stopped = T And Closed = F)
And Or ChartOr
Stopped T T TAligned T F T
And Alarm TObstructed TClosed Use null (del) or blank for don
Open Provided When(Stopped = T And Aligned = T) Or (Stopped = T And Aligned = T And Obstructed = T) Or (Stopped = T And Alarm = T)
Lawrence Livermore National Laboratory LLNL-PRES-72277229
And Or ChartOr
Stopped T T TAligned T T F
And Alarm TObstructed TClosedUse null (del) or blank for dont care
And Or ChartOr
Stopped T F Aligned
And Alarm Obstructed Closed
Open Provided Too Late of Out of SequenceStopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Open Stopped Too Soon or Applied Too Long Stopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Lawrence Livermore National Laboratory LLNL-PRES-72277230
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32And Or Chart
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F OrStopped F T
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F Aligned FAnd Emergency F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T Obstructed Closed
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T Use null (del) or blank for d
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T FHazards
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20
Hazomatic
Clear
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277223
Control Action
Train Motion
Train Position Emer Door State
HazardRisk
Open not provided Stopped Aligned No
Person not in doorway No
Open not provided Stopped Not AlignedNo
Person not in doorway No
Open not provided Stopped Aligned No
Person in doorway Yes (H-2)
Open not provided Stopped Not AlignedNo
Person in doorway No
Open not provided Stopped NA Yes NA Yes (H-3)Open not provided Moving NA NA NA No
Prefatory STPA context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277224
Control Action
Train Motion
Train Position Emer
HazardRisk Any
HazardRisk Early
HazardRisk Late
Open Moving NA No Yes (H-1) Yes (H-1) Yes (H-1)
Open Moving NA Yes Yes (H-1) Yes (H-1) Yes (H-1)
Open Stopped NA Yes No No Yes (H-3)
Open StoppedNot Aligned No Yes (H-5) Yes (H-5) Yes (H-5)
Open Stopped Aligned No No No No
Prefatory STPAcontext tables
Lawrence Livermore National Laboratory LLNL-PRES-72277225
Prefatory STPAAnalysis of context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277226
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277227
Open Provided Open Not Provided
Open Provided Too Late or Out of Sequence Open Stopped Too Soon or Applied Too Long
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not P
Ope
Case 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uen
Open
Prov
ided
Too
Late
or O
ut o
f S
Open
Prov
ided
Too
Late
or O
Open
Prov
ided
Too
Lat
Open
Prov
ided
T
Open
Pro
Op
Case 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o
Open St
opped Too So
on or App
Open St
opped Too So
on
Open St
opped To
Open St
op
Op
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277228
And Or ChartOr
Stopped F T Aligned F
And Emergency F Obstructed ClosedUse null (del) or blank for d
Open Not Provided WhenStopped = F Or (Stopped = T And Aligned = F And Alarm = F) Or (Stopped = T And Closed = F)
And Or ChartOr
Stopped T T TAligned T F T
And Alarm TObstructed TClosed Use null (del) or blank for don
Open Provided When(Stopped = T And Aligned = T) Or (Stopped = T And Aligned = T And Obstructed = T) Or (Stopped = T And Alarm = T)
Lawrence Livermore National Laboratory LLNL-PRES-72277229
And Or ChartOr
Stopped T T TAligned T T F
And Alarm TObstructed TClosedUse null (del) or blank for dont care
And Or ChartOr
Stopped T F Aligned
And Alarm Obstructed Closed
Open Provided Too Late of Out of SequenceStopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Open Stopped Too Soon or Applied Too Long Stopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Lawrence Livermore National Laboratory LLNL-PRES-72277230
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32And Or Chart
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F OrStopped F T
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F Aligned FAnd Emergency F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T Obstructed Closed
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T Use null (del) or blank for d
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T FHazards
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20
Hazomatic
Clear
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277224
Control Action
Train Motion
Train Position Emer
HazardRisk Any
HazardRisk Early
HazardRisk Late
Open Moving NA No Yes (H-1) Yes (H-1) Yes (H-1)
Open Moving NA Yes Yes (H-1) Yes (H-1) Yes (H-1)
Open Stopped NA Yes No No Yes (H-3)
Open StoppedNot Aligned No Yes (H-5) Yes (H-5) Yes (H-5)
Open Stopped Aligned No No No No
Prefatory STPAcontext tables
Lawrence Livermore National Laboratory LLNL-PRES-72277225
Prefatory STPAAnalysis of context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277226
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277227
Open Provided Open Not Provided
Open Provided Too Late or Out of Sequence Open Stopped Too Soon or Applied Too Long
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not P
Ope
Case 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uen
Open
Prov
ided
Too
Late
or O
ut o
f S
Open
Prov
ided
Too
Late
or O
Open
Prov
ided
Too
Lat
Open
Prov
ided
T
Open
Pro
Op
Case 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o
Open St
opped Too So
on or App
Open St
opped Too So
on
Open St
opped To
Open St
op
Op
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277228
And Or ChartOr
Stopped F T Aligned F
And Emergency F Obstructed ClosedUse null (del) or blank for d
Open Not Provided WhenStopped = F Or (Stopped = T And Aligned = F And Alarm = F) Or (Stopped = T And Closed = F)
And Or ChartOr
Stopped T T TAligned T F T
And Alarm TObstructed TClosed Use null (del) or blank for don
Open Provided When(Stopped = T And Aligned = T) Or (Stopped = T And Aligned = T And Obstructed = T) Or (Stopped = T And Alarm = T)
Lawrence Livermore National Laboratory LLNL-PRES-72277229
And Or ChartOr
Stopped T T TAligned T T F
And Alarm TObstructed TClosedUse null (del) or blank for dont care
And Or ChartOr
Stopped T F Aligned
And Alarm Obstructed Closed
Open Provided Too Late of Out of SequenceStopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Open Stopped Too Soon or Applied Too Long Stopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Lawrence Livermore National Laboratory LLNL-PRES-72277230
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32And Or Chart
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F OrStopped F T
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F Aligned FAnd Emergency F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T Obstructed Closed
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T Use null (del) or blank for d
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T FHazards
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20
Hazomatic
Clear
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277225
Prefatory STPAAnalysis of context tables
Lawrence Livermore National Laboratory LLNL-PRES-72277226
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277227
Open Provided Open Not Provided
Open Provided Too Late or Out of Sequence Open Stopped Too Soon or Applied Too Long
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not P
Ope
Case 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uen
Open
Prov
ided
Too
Late
or O
ut o
f S
Open
Prov
ided
Too
Late
or O
Open
Prov
ided
Too
Lat
Open
Prov
ided
T
Open
Pro
Op
Case 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o
Open St
opped Too So
on or App
Open St
opped Too So
on
Open St
opped To
Open St
op
Op
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277228
And Or ChartOr
Stopped F T Aligned F
And Emergency F Obstructed ClosedUse null (del) or blank for d
Open Not Provided WhenStopped = F Or (Stopped = T And Aligned = F And Alarm = F) Or (Stopped = T And Closed = F)
And Or ChartOr
Stopped T T TAligned T F T
And Alarm TObstructed TClosed Use null (del) or blank for don
Open Provided When(Stopped = T And Aligned = T) Or (Stopped = T And Aligned = T And Obstructed = T) Or (Stopped = T And Alarm = T)
Lawrence Livermore National Laboratory LLNL-PRES-72277229
And Or ChartOr
Stopped T T TAligned T T F
And Alarm TObstructed TClosedUse null (del) or blank for dont care
And Or ChartOr
Stopped T F Aligned
And Alarm Obstructed Closed
Open Provided Too Late of Out of SequenceStopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Open Stopped Too Soon or Applied Too Long Stopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Lawrence Livermore National Laboratory LLNL-PRES-72277230
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32And Or Chart
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F OrStopped F T
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F Aligned FAnd Emergency F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T Obstructed Closed
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T Use null (del) or blank for d
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T FHazards
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20
Hazomatic
Clear
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277226
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provided
Open Provid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277227
Open Provided Open Not Provided
Open Provided Too Late or Out of Sequence Open Stopped Too Soon or Applied Too Long
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not P
Ope
Case 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uen
Open
Prov
ided
Too
Late
or O
ut o
f S
Open
Prov
ided
Too
Late
or O
Open
Prov
ided
Too
Lat
Open
Prov
ided
T
Open
Pro
Op
Case 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o
Open St
opped Too So
on or App
Open St
opped Too So
on
Open St
opped To
Open St
op
Op
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277228
And Or ChartOr
Stopped F T Aligned F
And Emergency F Obstructed ClosedUse null (del) or blank for d
Open Not Provided WhenStopped = F Or (Stopped = T And Aligned = F And Alarm = F) Or (Stopped = T And Closed = F)
And Or ChartOr
Stopped T T TAligned T F T
And Alarm TObstructed TClosed Use null (del) or blank for don
Open Provided When(Stopped = T And Aligned = T) Or (Stopped = T And Aligned = T And Obstructed = T) Or (Stopped = T And Alarm = T)
Lawrence Livermore National Laboratory LLNL-PRES-72277229
And Or ChartOr
Stopped T T TAligned T T F
And Alarm TObstructed TClosedUse null (del) or blank for dont care
And Or ChartOr
Stopped T F Aligned
And Alarm Obstructed Closed
Open Provided Too Late of Out of SequenceStopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Open Stopped Too Soon or Applied Too Long Stopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Lawrence Livermore National Laboratory LLNL-PRES-72277230
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32And Or Chart
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F OrStopped F T
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F Aligned FAnd Emergency F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T Obstructed Closed
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T Use null (del) or blank for d
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T FHazards
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20
Hazomatic
Clear
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277227
Open Provided Open Not Provided
Open Provided Too Late or Out of Sequence Open Stopped Too Soon or Applied Too Long
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovid
Ope
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YHazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not Pr
ovided
Open
Not P
Ope
Case 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uenc
e
Open
Prov
ided
Too
Late
or O
ut o
f Seq
uen
Open
Prov
ided
Too
Late
or O
ut o
f S
Open
Prov
ided
Too
Late
or O
Open
Prov
ided
Too
Lat
Open
Prov
ided
T
Open
Pro
Op
Case 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
Doorway Closed T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Hazard (Me) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Chart) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N NHazard (Equation) Y Y Y Y Y Y Y Y N N N N Y Y Y Y N N N N N N N N N N N N N N N N
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o Long
Open St
opped Too So
on or App
lied To
o
Open St
opped Too So
on or App
Open St
opped Too So
on
Open St
opped To
Open St
op
Op
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F
T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F
F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T
F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T
F T F T F T F T F T F T F T F T F T F T F T F T F T F T F T F
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y YY Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Lawrence Livermore National Laboratory LLNL-PRES-72277228
And Or ChartOr
Stopped F T Aligned F
And Emergency F Obstructed ClosedUse null (del) or blank for d
Open Not Provided WhenStopped = F Or (Stopped = T And Aligned = F And Alarm = F) Or (Stopped = T And Closed = F)
And Or ChartOr
Stopped T T TAligned T F T
And Alarm TObstructed TClosed Use null (del) or blank for don
Open Provided When(Stopped = T And Aligned = T) Or (Stopped = T And Aligned = T And Obstructed = T) Or (Stopped = T And Alarm = T)
Lawrence Livermore National Laboratory LLNL-PRES-72277229
And Or ChartOr
Stopped T T TAligned T T F
And Alarm TObstructed TClosedUse null (del) or blank for dont care
And Or ChartOr
Stopped T F Aligned
And Alarm Obstructed Closed
Open Provided Too Late of Out of SequenceStopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Open Stopped Too Soon or Applied Too Long Stopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Lawrence Livermore National Laboratory LLNL-PRES-72277230
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32And Or Chart
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F OrStopped F T
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F Aligned FAnd Emergency F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T Obstructed Closed
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T Use null (del) or blank for d
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T FHazards
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20
Hazomatic
Clear
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277228
And Or ChartOr
Stopped F T Aligned F
And Emergency F Obstructed ClosedUse null (del) or blank for d
Open Not Provided WhenStopped = F Or (Stopped = T And Aligned = F And Alarm = F) Or (Stopped = T And Closed = F)
And Or ChartOr
Stopped T T TAligned T F T
And Alarm TObstructed TClosed Use null (del) or blank for don
Open Provided When(Stopped = T And Aligned = T) Or (Stopped = T And Aligned = T And Obstructed = T) Or (Stopped = T And Alarm = T)
Lawrence Livermore National Laboratory LLNL-PRES-72277229
And Or ChartOr
Stopped T T TAligned T T F
And Alarm TObstructed TClosedUse null (del) or blank for dont care
And Or ChartOr
Stopped T F Aligned
And Alarm Obstructed Closed
Open Provided Too Late of Out of SequenceStopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Open Stopped Too Soon or Applied Too Long Stopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Lawrence Livermore National Laboratory LLNL-PRES-72277230
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32And Or Chart
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F OrStopped F T
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F Aligned FAnd Emergency F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T Obstructed Closed
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T Use null (del) or blank for d
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T FHazards
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20
Hazomatic
Clear
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277229
And Or ChartOr
Stopped T T TAligned T T F
And Alarm TObstructed TClosedUse null (del) or blank for dont care
And Or ChartOr
Stopped T F Aligned
And Alarm Obstructed Closed
Open Provided Too Late of Out of SequenceStopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Open Stopped Too Soon or Applied Too Long Stopped = F Or (Stopped = T And Aligned = F And Alarm = F)
Lawrence Livermore National Laboratory LLNL-PRES-72277230
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32And Or Chart
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F OrStopped F T
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F Aligned FAnd Emergency F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T Obstructed Closed
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T Use null (del) or blank for d
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T FHazards
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20
Hazomatic
Clear
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277230
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Open Pr
ovided
Case 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32And Or Chart
Stopped T T T T T T T T T T T T T T T T F F F F F F F F F F F F F F F F OrStopped F T
Aligned T T T T T T T T F F F F F F F F T T T T T T T T F F F F F F F F Aligned FAnd Emergency F
Emergency F F F F T T T T F F F F T T T T F F F F T T T T F F F F T T T T Obstructed Closed
Doorway Obstructed F F T T F F T T F F T T F F T T F F T T F F T T F F T T F F T T Use null (del) or blank for d
Doorway Closed T F T F T T T F T F T F T F T F T F T F T F T F T F T F T F T FHazards
Hazard (Me) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Chart) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20Hazard (Equation) N N N N N N N N Y Y Y Y N N N N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 20
Hazomatic
Clear
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277231
Number of Combinations = 128bull s = number of binary statesbull g = number of guide phrasesbull Combinations = 2s x g = 25 x 4 = 128
Number of Potential Hazards Combinations
Resulting Revised Requirements = 4
Manual was 7 hazards and 0 Revised Requirements
me andor equationOpen Provided = 20 20 20Open Not Provided = 12 12 12Open Too Late or Out of Sequence = 12 12 12Open Stopped Too Soon Applied Too Long = 32 32 32Total 76 76 76
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277232
Revised High Level Requirements
Doors shall open at station when train is completely stopped and aligned with platform
Doors shall remain closed when train is moving
Doors shall remain open when someone is in the doorway the train shall not move until the doors close
The train shall remain stopped and a door open command issued if an object is detected in the doorway when doors are closed
An emergency shall stop the train Doors shall open in an emergency after the train has stopped
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277233
Thermostat
Motion Detection
CameraFront Door
CO Detector
CameraDriveway
Alarm SystemCellTower
SmartPhone
InternetServiceProvider
Home Wi-Fi Router
Dash Button
Vehicles
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277234
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277235
Thermostat
Motion Detection
CellTower
InternetServiceProvider
Home Wi-Fi Router
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277236
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
Alarm System
Lower Utility BillsEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277237
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraDriveway
Motion Detection
SafetyWin Arguments With Teens
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277238
Thermostat
CellTower
InternetServiceProvider
Home Wi-Fi Router
CO Detector
Safety
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277239
CellTower
InternetServiceProvider
Home Wi-Fi Router
Security
Home LightingHouse Sounds
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277240
CellTower
InternetServiceProvider
Home Wi-Fi Router CameraFront Door
SafetySecurity
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277241
Energy Preservation
httpswwwamazoncomDash-Buttonsbie=UTF8ampnode=10667898011
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277242
SafetySecurityEnergy Preservation
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277243
Literature searches cite 6-10 concerns about vulnerabilities
Have not found a formal hazard or vulnerability analysis on the IoT
Can STPA identify the same 6-10 Hazards and Vulnerabilities
Can STPA find additional Hazards and Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277244
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277245
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277246
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277247
Software Requirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277248
STPA Guide Phrases
A resource or action required for correct operation is not provided or is not followed
An incorrect resource or action is provided that leads to a hazardrisk
A potentially correct resource or action is provided too late or out of sequence
A correct resource or control action is stopped too soon or applied too long
SoftwareRequirements
Software Elicitation
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277249
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Update
Each Box Links to component Level STPA Analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277250
Physical ModelDevelopment RisksCommunications Risk Mobile Risks Total
92645470
9459260801424
102096
s = number of binary statesg = number of guide phrasesCombinations = 2s x g = 2 x 4 = 201
1106427
201
Risks Comb Average
Estimated number of electrons in the universe =10E+88
Plank time = 10E-43 secondsAge of the Universe in Plank time 8E+60
Assume ldquoorrdquo of all three
Assume ldquoandrdquo of all
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277251
Representative STPA which represents all the analyzed components of the physical model
Developmentfor IoT
AcuatorSensor
Physical Device
Requirements IncorrectWeak Security DesignDifficult User InterfaceSoftware DefectsSoftware VulnerabilitiesTainted Input PossibleLogic Bomb in CodeBack Door in CodeInadequate TestingUntrusted Supply ChainUpdates Not Used
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277252
Representative STPA which represents all the analyzed components of the physical model
Internet for IoT
AcuatorSensor
Physical Device
Unclear Error MessagesConfusing DocumentationWeak EncryptionOpen PortsInsufficient Platform TestingWeak Negative TestingInadequate Security TestingUpdates No Longer SupportedUpdates Contain MalwareBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277253
Representative STPA which represents all the analyzed components of the physical model
Cellular for IoT
AcuatorSensor
Physical Device
Inadequate EncryptionBackbone VulnerabilitiesOS VulnerabilitiesFaux Cell TowerJuice JackingDirected PhishingUnsecured Hot SpotsBrowser VulnerabilitiesSmart Phone Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277254
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277255
Home Sweet Home
Toaster
Outdoor Sprinkler System
Dryer
Door Bell
Oven Surveillance Cameras
Climate Control
Entertain-ment Center
Lights
Utilities
Pet Feeding
Vacuum Cleaner
Hot Tub
Game Center
Alarm System
Door Controller
Pet Door Controller
FireSmoke Alarms
Refrigerator
Freezer
Children Monitors
Vehicle Monitors
Washer
Phone System
Home IT Engineer 2022
1985
Good NewsldquoApple Home KitrdquoldquoWorks With Nestrdquo
EmergingStandards
httpsworkswithnestcomproductshttpwwwapplecomshopaccessoriesall-accessorieshomekithttpwwwdigitaltrendscomhomeeverything-that-works-with-apple-homekit
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277256
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277257
Aristocrat MKV MK6 Backplane Board
Aristocrat MKV MK6 Source Code
Upload to St Petersburg
2 Min Video
AppDownload
httpswwwwiredcom201702russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix
25
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277258
httpwwwexpresscouknewsworld600771ISIS-Islamic-State-remote-controlled-cars-bomb-attacks-Syria-Iraq-drones-Britain
httpswwwwiredcom201507hackers-remotely-kill-jeep-highwayslide-2
Wireless Carjacking
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277259
httpskrebsonsecuritycom201610hacked-cameras-dvrs-powered-todays-massive-internet-outage
Video Cameras Wide Spread Internet Outages
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277260
In January a fully booked four-star hotel in Austria Romantik Seehotel Jaegerwirt had its locks hacked
The hackers demanded the equivalent of 1500 Euros in bitcoin in exchange for restoring the keysrsquo functionality
httpwwwwelivesecuritycom20170130austrian-hotel-experiences-ransomware-things-attack
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277261
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277262
x 3000 watts per oven
500 Megawatts
166667 ovens
=
454545 toastersx 1100 watts per toaster
OR
Wide Spread Power Disruption
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277263
Disable AlarmsOpen Doors
Assure No One Home
Self Parking Get Away Car
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277264
Send Ambulance Increase Premium
Telltale heart Pacemaker data leads to arson fraud chargeshttpwwwfoxnewscomus20170208police-use-data-on-mans-pacemaker-to-charge-him-with-ohio-arsonhtml
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277265
auto
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277266
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277267
hellipand how did you want to pay
for your anesthesia
today Martha
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277268
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Speeding 23Stop Signs 12Traffic Lights 3Acceleration 8Turn G Force 3
Rate Increase = 15
Driving Violations for April 2017
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277269
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277270
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277271
Donald Reifer ldquoIndustry Software Cost Quality and Productivity Benchmarksrdquo DoD Software Tech News July 2004
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277272
Assumption is defect rate after one year not at release as in 2004 table
55 defects per ksloc for Mission Critical codes
What should defect rate be for IoT and Mobile software then Reifer Consultants
httpreifercom
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277273
0
2
4
6
8
10
12
2004 2016 2028
Erro
rs K
ESLO
C
IoT Software Error Rates
Web Business Telecommunications
Linear (Web Business) Linear (Telecommunications)
Telecommunications 2021
Web Business 2026
Defect Rates will approachbut never reach zero
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
IoT Software Error Rates
Web Business2004201620281148Telecommunications200420162028616
Errors KESLOC
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
2004 | 11 | 48 | |||||||||
2016 | 6 | 16 | |||||||||
2028 |
Lawrence Livermore National Laboratory LLNL-PRES-72277274
Development Subsystem
External Communications Subsystem
Mobile PhoneSubsystem
11 2
3 4 5 6 7 8
9
10
11
12
13 14 15 16 17
18 19 20 21 22
23 24
2526
Numbers Linked to IoT Tools for each component
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277275
1 Do not use inexpensive household routers for IoT applications as the software is buggy
2 Use strong (AES or better) encryption everywhere
3 Replace default factory user names and passwords with strong passwords change periodically httpwwwhowtogeekcom195430how-to-create-a-strong-password-and-remember-it
4 Assure firmware and software updated to latest versions
5 Assure media and updates are from trusted sources
6 Donrsquot use public recharge stations
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277276
7 Alarm on IoT devices disabled
8 Wait until IoT industry matures
9 Donrsquot allow remote help desks without confirming source
10 Static and Dynamic code analysis on Source and Binary codes
11 Assure IoT applications are security tested and support security with updates
12 Segment networks (IoT Personal Business)
13 Purchase new device every three year
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277277
Literature search found 6-10 security vulnerabilities
STPA found security vulnerabilities hazards and risk types
Surrogate STPA rolled up to 30 issues
Literature
STPA
10
201
201
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277278
1 STPA facilitated me to think of hazards and risks I could not think of intuitively
2 STPA identified risks and hazards not identified in the literature search
3 STPA helped me research further important topics
4 STPA helped me ask better questions and enroll experts
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277279
Prefatory STPA requires human analysis to identify hazards or vulnerabilities when requirements are stated
Exhaustive STPA (examining all combinations) can be useful for small numbers of variables or when requirements are not stated
Exhaustive STPA may not be practical for analysis of a larger number if variables decomposition and a surrogate approach may be helpful
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277280
STPA useful addition to other techniques literature search and expert consultation for IoT and Mobile hazard risk and security analysis
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277281
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277282
Requirementsbull Rational Requisite Probull Objectiverbull CaseCompletebull RMTracbull Optimal Tracebull Analyst Probull DOORSbull GMARCbull Jira
Designbull IBM Architect Designerbull Structure Chartbull Data Flow Diagrambull Doxygenbull Visustinbull McCabe IQbull Design By Contractbull Assertions
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277283
Editorsbull Sublime Textbull Notepad ++bull Vimbull Atombull Emacsbull Eclipsebull CodeBlocksbull GNAT Programming
Studiobull Code Litebull NetBeansbull Qt Creator
Compilersbull Intelbull Gnubull Microsoftbull Visual C++bull Clangbull CUDAbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277284
Build Tools bull Cmakebull Autoconfbull Jenkinsbull Bamboobull Antbull CruiseControlbull Git bull Subversionbull Mecurialbull Perforcebull and many more
Librariesbull Boostbull OpenMPbull OpenGLbull VTKbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277285
Debuggersbull Code Viewbull Valgrindbull MS Visual Studiobull Intel Debuggerbull Parasoft Insure++bull IDAProbull ROSE Custom Tool bull and many more
Software Testingbull Cppunitbull Junitbull Google Testbull Test Completebull HP Functional Testerbull Seleniumbull Squishbull ATSbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277286
Developed Codebull Purifybull Intel Inspector XEbull Insure++bull LcovGcovbull Coberturabull Klocworksbull Parasoftbull Coveritybull ROSE Custom Tool
IoT Devicebull Vector Softwarebull HiTexbull eggPlantbull Xilinx SDKbull Peta Linux Tools bull IDAProbull ROSE Custom Tool
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277287
Electronicbull Sparkbull PulseForge 3300bull Project Wirebull TDK4PEbull PCB Web Designerbull NanoTech AMD 3Dbull and many more
Mechanicalbull AutoCadbull Autodesk CAMbull IronCADbull SolidWorksbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277288
HMIbull Active Xbull Lab Windowsbull TkTclbull Motifbull Visual BasicC++bull PowerBuilderbull and many more
Peripheralsbull LabViewbull FastSendbull PacketCheckbull Intel Admin Toolsbull NDT
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277289
Software Apsbull Nortonbull McAfeebull TrendMicrobull Malwarebytesbull Bitdefenderbull MS Officebull ROSE Custom Tool
Utilitiesbull CrashPlanbull COMODO Back Upbull AOMEI Backupperbull Cobian Backupbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277290
Operating Systemsbull Windowsbull Linux
mdash Embedded Linuxmdash Android
bull Unix BSDbull Mac OS X
mdash iOSbull Commercial Unixbull SolarisOpenSolarisbull Custom OS
Cable or Wi-Fibull Vastarbull Flukebull Ideal Networksbull AirCheck G2bull Wi-Fi Pineapplebull Wi-Spy DBxbull Wi-Fi Analyzer bull Yellowjacket-BANG
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277291
Routersbull Angry IP Scannerbull Ping Plotterbull Blastbull TCP Viewbull PRTG Network
Monitorbull HP Load Runnerbull and many more
Firewallsbull Nessusbull Nmapbull Netcatbull Tcpdumpbull Wiresharkbull CommViewbull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277292
Internetbull ZenMapbull Ipplanbull Tcpdumpbull Nmap NSE Scriptsbull Digbull Acunetixbull John the Ripperbull and many more
Update Patchesbull Tripwire CCMbull CodeDxbull Corporate Software
Inspectorbull Open VASbull Retina CSbull MBSAbull Nexposebull and many more
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277293
Cellular Networkbull Speedtestbull Network Signal Info
Pro bull wigglenet
Smart Phone OSbull iOSbull Androidbull Windows Mobilebull BlackBerry OSbull LG webOS
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277294
Smart Phone Apsbull McAfeebull Nortonbull Trendbull Pandabull Webrootbull iPhone NA
Browsersbull Chromebull Firefoxbull Safaribull Operabull Skyfirebull UC Browserbull BeFE
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277295
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277296
Software Requirements
Requirements Elicitation
Actuator Sensor
Requirements ElicitationSoftware RequirementsStakeholder Sample WrongRequirement Not SpeciificRequirement Not MeasurableRequirement Not AttainableRequirement Not RealizableRequirement Not Time BoundedRequirement Not CompleteRequirement Not ConciseApproved Before UnderstoodJumping to Design
httpswwwlinkedincompulsetop-8-mistakes-requirements-elicitation-aaron-whittenberger-cbap
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277297
Software Design
Software Requirements
Actuator Sensor
Software RequirementsSoftware DesignMissing Functional RequirementsMissing Non-Functional RequirementsMissing Security RequirementsMissing Safety RequirementsException Cases Not HandledUnclearUnprioritizedIncompleteUnconsumableUnreflective of business goals
httpwwwseilevelcomrequirements5-reasons-software-projects-fail-hint-its-often-due-to-incomplete-incorrect-requirements
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277298
Editor
Software Design
Actuator Sensor
Software DesignEditorLacks IntuitivenessWeak Exception HandlingHuman Machine Interface not well DefinedRequirement CreepWeak ScalabilityWeak CouplingWeak CohesionSparse CommentingLack of Meaningful Naming
httpwwwpcworldcomarticle146282articlehtml
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-72277299
Compiler
Editor
Actuator Sensor
EditorCompilerUninitialized VariableUn Released MemoryArray overflowBuffer OverflowTainted InputNull pointerStale PointerUnreachable CodeBack Door Logic BombMissing RequirementsMisunderstood RequirementsSyntax Error
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772100
Build Tools
Compiler
Actuator Sensor
CompilerBuild ToolsCompiler Warnings IgnoredWrong Test BaselineInadequate Resources Missing or Wrong IncludesWrong Options SetNon-Standard Features UsedExceptions Not CaughtUnclear Error MessagesErrors IgnoredWarnings IgnoredCompiler Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772101
Libraries
Build Tools
Actuator Sensor
httpsmsdnmicrosoftcomen-uslibrary8x5x43k7aspx
Build ToolsLibrariesWrong Library VersionMisnamed LibraryLibrary VulnerabilityLibrary Not UpdatedLibrary Back DoorUntrusted Supply ChainLibrary Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772102
Debuggers
Libraries(Built Code)
Actuator Sensor
LibrariesDebuggersHeisenberg EffectDiagnostics ResidualIntermittent ProblemResidual Debug Code Unrealistic Simulators
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772103
Software Testing
Debuggers(Debugged
Code)
Actuator Sensor
DebuggersSoftware TestingLow CoverageNoFew Security TestsRushed TestingNoFew Requirements TraceabilityRedundant TestingNoFew Performance TestsWeak Platfoirm Testing
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772104
TestedSoftware
IoT Code Developed
Actuator Sensor
Software TestingIoT Code DevelopedResidual BugsSlow PerformanceRace ConditionWeak Error RecoveryWeak On Line HelpWeak Documentation
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772105
IoT Code Developed
IoT Device
Actuator Sensor
IoT Code DevelopedIoT DeviceHWSW CompatibilityOperating System VulnerabilityUnsupported Operating System VersionSlow PerformanceRace ConditionsConfusing Install ProcedureMissing ResourcesTainted Install Media
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772106
Mechanical Design
IoT Device
Actuator Sensor
IoT DeviceMechanical DesignInsufficient Air FlowConfusing LabelingHarness RubPoor ServiceabilityFan Cooling NeededEMIEMC ShieldingInsufficient Vibration ResistanceInsufficient Shock ResistanceInsufficient Environmental ResistanceManufacturing DefectSupply Chain Defect
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772107
IoT Device Electrical DesignInadequate Power SupplyInadequate Component ReliabilityInadequate Surge ProtectionInadequate Noise SuppressionCounterfeit PartsSlow ProcessingLack of Fault DetectionInadequate Shock ProtectionInadequate Static Discharge ProtectionVersion Control IssuesWeak ServiceabilityWeak or No Upgrade Ability
Electronic Design
IoT Device
Actuator Sensor
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772108
Device HMI
IoT Device
Actuator Sensor
IoTDevice HMIConfusing User InterfaceWeak Exception HandlingUnclear Error MessagesUnlike IncumbentLack of DocumentationConfusing DocumentationSecret Codes RemainUnix Jan 19 2038 Bug 32 bit
httpsenwikipediaorgwikiYear_2038_problem
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772109
Peripherals
IoT Device
Actuator Sensor
IoTPeripheralsCurrent Drivers Not AvailableEncryption Not AvailableInadequate Installation GuideNo Guest Device ControlsOpen Unused IO PortsDriver Not UpdatedNo Longer SupportedBuggy Software
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772110
Other Software
Applications
IoT Device
Actuator Sensor
IoTOther SW AppsFile Names Not UniqueVersions Not CompatibleSupply Chain Not SecureTrojans PresentBack Door PresentNot Enough MemoryRogue Applications
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772111
Utilities
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772112
Operating Systems
IoT Device
Actuator Sensor
IoTUtilitiesWrong VersionKnown Vulnerabilities in VersionVersion Not UpdatedWrong Numerical PrecisionWrong Data FormatCounterfeit ItemNo Upgrade PathBrowser Vulnerabilities
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772113
Peripherals
IO Cable or
Wi-Fi
Actuator Sensor
Peripheral IO Cable or Wi-FiNot EncryptedWeak EncryptionNetwork Not Password ProtectedOpen IO PortsDriver Not UpdatedTrap Door in Driver
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772114
IO Cable or
Wi-Fi
LAN Routers
Actuator Sensor
IO Cable or Wi-Fi LAN RoutersNo Weak EncryptionBuggy Router SoftwareRouter Firmware Not UpdatedRouter Updates No Longer AvailableBack Door Left In RouterUpdates Contain VirusDefault User and PasswordPorts Left Open (7547)Services Exposed TR-64 -69
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772115
LAN Routers
Firewalls
Actuator Sensor
LAN RoutersFirewallPorts Left OpenWrong Security PolicyFirewall No Longer SupportedFirewall Contains Back DoorCapacity InsufficientVPN Not AvailableNot Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772116
Firewall
Internet
Actuator Sensor
FirewallInternetCapacity InsufficientVPN Not AvailableNo Port Scanning DetectorsRequired Port Blocked
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772117
Update Patches
Internet
Actuator Sensor
InternetUpdate PatchedPatch Infected With VirusPatch Has VulnerabilityDevice No Longer SupportedUpdates Not Done
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772118
IO Connection
Cable or Wi-Fi
Cellular Network
Actuator Sensor
IO Connection Cable or Wi-FiCellular NetworkNot EncryptedInadequate Encryption A51 A52Backbone Vulnerabilities SS7BackdoorsPublic Unsecured Wi-FiOperating System VulnerabilitiesOS Not Upgraded
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772119
Cellular
Smart Phones
Actuator Sensor
CellularSmart PhonesJuice JackingFaux Cell Tower
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772120
Smart Phone OS
Browsers
Actuator Sensor
Smart PhonesBrowserLack of Frame Busting Tap JackingVulnerable Mobile SitePhishingCounterfeit Address BarUnsecured Hot SpotsUnintelligible Error Message
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772121
Broswer
Other Smart Phone Apps
Actuator Sensor
BrowsersOther AppsNot Downloaded From Trusted SourceMalicious AppsApps Not UpdatedApp No Longer SupportedApps Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated
Lawrence Livermore National Laboratory LLNL-PRES-722772122
IoT Code Developed
Smart Phones
Actuator Sensor
Smart PhoneUpdatesCounterfeit UpdatesTrap Door in UpdateDiscontinued UpdatesSlow UpdatesUnencrypted UpdatesOut Of Date FirmwareDevice Not Updated