The spotlight has been increasingly shone on the security of embedded computer systems in recent weeks as the Defense Advanced Research Projects Agency (DARPA) set up the High-Assurance Cyber Military Systems (HACMS) program that are “functionally correct and satisfy appropriate safety and security properties.”
“Our vision for HACMS is to adopt a clean-slate, formal method-based approach to enable semi-automated code synthesis from executable, formal specifications,” said DARPA program manager, Kathleen Fisher.
Embedded computer systems play a part in every aspect of DoD technology. The software in these systems does everything from managing large physical infrastructures, to running peripherals such as printers and routers, to controlling medical devices such as pacemakers and insulin pumps. Networking these embedded computer systems enables remote retrieval of diagnostic information, permits software updates, and provides access to innovative features, but it also introduces vulnerabilities to the system via remote attack.
In addition to generating code, HACMS is looking for a synthesizer capable of producing a machine-checkable proof that the generated code satisfies functional specifications as well as security and safety policies. A key technical challenge is the development of techniques to ensure that such proofs are composable, allowing the construction of high-assurance systems out of high-assurance components.
Technologies cited as being key to HACMS include semi-automated software synthesis systems, verification tools such as theorem provers and model checkers, and specification languages. And there will be the opportunity for industry at large to take advantage as HACMS aims to produce a set of publicly available tools integrated into a high-assurance software workbench, widely distributed to both defense and commercial sectors. In the defense sector, HACMS plans to enable high-assurance military systems ranging from unmanned ground, air and underwater vehicles, to weapons systems, satellites, and command and control devices.
Of course security for embedded systems is not a new concern. Security is a major focus throughout this years Embedded Systems Conference which forms part of DESIGN West . During ESC there is a five session track on Hacking Embedded Systems while another six sessions will explore security and safety. No doubt the sessions in the Top 10 Lessons Learned (from Disaster!) track might also touch on security–I'm sure Jack Ganssle session, Mars Ate My Spacecraft, will provide great insight.
And for the first time along side ESC we are providing a one-day version of the renowned Black Hat Briefings a series of highly technical information security conferences that bring together thought leaders from the corporate and government sectors to academic and even underground researchers. From its inception in 1997, Black Hat has grown from a single annual conference in Las Vegas to a global conference series with annual events in Abu Dhabi, Barcelona, Las Vegas and Washington DC.
The Black Hat summit at DESIGN West will provide six sessions on Hardware Hacking (Like Shooting Fish in a Barrel); explore Why Are We Still Vulnerable to Side Channel Attacks? (and why should I care?); Security Risk Analysis and Assessment of Semiconductors; an indepth look at remote attack on wireless insulin pumps; Identifying and Interacting with Devices on the Telephone Network; and the Vulnerabilities of Wireless Water Meter Networks.
On the same day (March 29th) Robert Vamosi, the author of When Gadgets Betray Us: The Dark Side of our Infatuation with New Technologies will provide a keynote will examines how, in the rush to embrace the “next new thing” from digital cameras and MP3 players to implanted medical devices and chips inside our cars, real concerns about information security or personal privacy often fall by the wayside.
I hope to see as many of you as possible at ESC – DESIGN West – find out more at www.ubmdesign.com/.
Colin Holland is the editorial content director for Embedded.com, ESD magazine, and the Embedded Systems Conference/DESIGN conferences. You may reach him at .