Upload
rogue-wave-software
View
187
Download
0
Embed Size (px)
Citation preview
Secure automotive software development
June 24, 2015
Walter CapitaniProduct Manager, Klocwork
Agenda
• Security in automotive software development
• The software supply chain
• Forging more secure code
Security in automotive software development
Automotive hacks are well documented
© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 4
5© 2014 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED
How does this happen?Incoming data is well-
formed
Data breaches are the result of one flawed assumption
Cross-site scripting
Most breaches result from input trust issues
OWASP Top 10 identifies common vulnerabilities from over 500,000 issues being researched today
SQL injection
Unvalidated input
Heartbleed: buffer
overrun
CWE is a community-drive identification of weaknessesCWE-20: Improper Input Validation
© 2014 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 6
Increasing size
Software is growing fast
USAF F-22
USAF F-35 JSF
Avg Ford car 2009
Boeing 787 Dreamliner
Avg Ford car 2010
S-class Nav 2009
Avg luxury car 2010
Avg luxury car 2014*
0 50 100 150 200 250 300 350
LOC (millions)
*Estimated Sources: IEEE Automotive Designline, IEEE Spectrum
© 2014 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 7
Increasing complexity: Connected cars
8© 2014 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED
So what does this mean?
– Millions of lines of code, dozens of processors, each with multiple cores
– Multiple systems interconnected – Some designed years ago with little
or no security in mind
– New code, COTS, suppliers, legacy, open source
– Different platforms, people, and processes
– Vulnerabilities and bugs will last for years
– Not an easy update/upgrade path
– Automation will be critical– Certification is inevitable
More and more software running inside your car
More and more software running inside your car
Multiple sources of software being integrated
Software running your car could remain that way for
many yearsThis requires a very significant
security and functional verification process
9© 2014 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED
ProblemsWhat attacks will these
software components be exposed to?
Will it be accessible over some type of network? Remote access?
How do we gauge the security health of code
coming in?
How do we measure compliance?
Lengthy process, unclear expectations, lots of resource
Are we spending time on “regular” bugs?
Can automated testing be more effective?
Do you have confidence in your suppliers? The Open Source
community?
10© 2014 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED
Software supply chain
What happens when outsourcing goes wrong?
Software suppliers can introduce risks
(security, functional, compliance) before
they reach you
Different platforms, processes, tools, standards, etc.
require more effort to assess, test, and
standardize
If hooks are left in the code, sensitive data can be sent back to
the supplier
© 2014 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 11
Software supply chain - example
Toyota unintended acceleration - Electronic Throttle Control System (ETCS)
• “…used a version of OSEK, which is an automotive standard RTOS API. For some reason, though, the CPU vendor-supplied version was not certified compliant” 1
• The ECU software also used recursion (prohibited!), which would be detected by MISRA 2004 compliant source code analysis
Forging more secure code
13© 2014 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED
All of the supply chain needs to be secure, not just your code but the code of the packages included in your software
Follow a well-known security standard applicable to your domain
What can you do?
Need to “bake in” security
Educate the development team, provide security based training
Automate!
© 2014 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 14
What can automation do?
Automate the build process
Automate testing
Automate reporting
Scanning to discover openAutomate the discovery of security weaknesses, compliance violations,
defects
Scanning to discover openFree up developer’s time
Scanning to discover openSeeing trends helps identify areas of bad
code
© 2014 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 15
Analysis and testing
Static code analysis
Traditionally used to find simple, annoying bugs
Modern, state-of-the-art SCA
Sophisticated inter-procedural control and
data-flow analysis
Model-based simulation of runtime
expectation
Provides an automated view of all
possible execution paths
Find complex bugs and runtime errors, such as
memory leaks, concurrency violations,
buffer overflows
Check compliance with internationally
recognized standards:
MISRACWE
OWASPISO2626
2
© 2014 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 16
Analysis and testing
Check code faster• Issues identified at your desktop
– Correct code before check-in– All areas impacted by a given
defect are highlighted– After system build, the impact of
other developers’ code is also delivered to the desktop for corrective action
• Create custom checkers to meet specific needs
• Debugger-like call-stack highlights the cause of the issues
• Context-sensitive help provides industry best-practices and explanations
50% of defects
introduced here
Build Analysis
/ Test