Using static analysis to improve IIoT device security -

Using static analysis to improve IIoT device security


The Industrial Internet of Things (IIoT) is unique in that devices that compose industrial control systems are often insecure due to limitations in their design and capability. On top of this, the protocols used to communicate are not secure, with a dangerous reliance on physical security (e.g., keeping devices on a local network). System-level implementation of security is required as part of secure software design and development. Static analysis tools are useful in improving software security and — in this article — we'll look at how that applies to IIOT devices.

Related posts:

IIOT device security challenges
Industrial devices suffer the same challenges as all IoT devices, such as being increasingly targeted by attackers, having traditionally poor built-in security, and having large deployments of legacy devices, all while increasing machine-to-machine connectivity and being brought into the IoT “fold.”

But IIoT devices are also unique as follows:

  1. They are hardware-limited in terms of processing capabilities for many modern security features, such as encryption, networks stacks, and built-in firewalls.
  2. They often control critical infrastructure, which makes the possible outcomes of cyber-attacks much more serious.
  3. Industrial controllers and SCADA systems have different communication protocols and standards than home or office devices.
  4. Various other factors, including extremely long product lifecycles and difficulty in updating firmware and hardware compared to other devices.

These additional challenges exacerbate the security challenge for IIoT development teams.

Four steps to improve IIoT security
Our previous post on a four-step improvement process for IoT devices applies equally to IIoT devices with extra consideration for the aforementioned challenges. Incorporating the following four major steps into an embedded software-development process can improve security (and quality) for highly-connected devices.

A four-step security and quality assurance process for IIoT devices
(Source: GrammaTech)

The four-step process, in summary, is a follows: (1) design with a security-first philosophy, (2) use and repeat system-wide threat assessments and analysis, (3) leverage tools as much as possible, and (4) use advanced source and binary code analysis to ensure the quality and security of third-party code.

The role of static analysis tools in improving IIoT device security
Static analysis tools like GrammaTech's CodeSonar provide critical support in the coding and integration phases of development. Ensuring continuous code quality in both the development and maintenance phases greatly reduces the costs and risks of security and quality issues in software. In particular, static analysis provides some of the following benefits:

  • Continuous source-code quality and security assurance: As each new code block is written (file or function), it can be scanned by static analysis tools, thereby detecting errors and vulnerabilities (and maintaining secure coding standards, discussed below) in the source before it enters the build system.
  • Tainted data detection and analysis: Analysis of the dataflows from “sources” (i.e., interfaces) to “sinks” (where data gets used in a program) is critical in detecting potential vulnerabilities from tainted data (containing potential exploit payloads).
  • Assessing the quality and security of third-party code: Most projects are not greenfield development and require the use of existing code within a company or from a third party. Performing testing and dynamic analysis on a large existing codebase is hugely time-consuming and may exceed the limits on the budget and schedule. Static analysis is particularly suited to analyzing large codebases and providing meaningful errors and warnings that indicate both security and quality issues. CodeSonar's binary analysis can analyze binary-only libraries and provide similar reports as source analysis when source is not available. In addition, binary analysis can work in a mixed source and binary mode to detect errors in the usage of external binary libraries from the source code.
  • Secure coding standard enforcement: Static analysis tools analyze source syntax and can be used to enforce coding standards. Various code security guidelines are available, such as SEI CERT C and Microsoft's Secure Coding Guidelines.

As part of a complete tools suite, static analysis provides key capabilities that other tools cannot. The payback for adopting static analysis is the early detection of errors and vulnerabilities that traditional testing tools may miss. This helps ensure a high level of quality and security on an on-going basis.

Incorporating a security-first design philosophy with formal threat assessments and automated tools will allow machine-to-machine (M2M) and IIoT device manufacturers to produce devices that are better secured against the accelerating threats on the Internet.

Modifying an existing successful software-development process that includes security at the early stages of product development is key. A smart use of automated tools to both develop new code and to secure existing and third-party code allows development teams to meet strict budget and schedule constraints. Static analysis of both source and binaries plays a key role in a security-first development toolset.

Marc Brown is CMO and VP of Strategic Business Development at GrammaTech. Marc brings over 20 years of technology leadership experience to his role as Chief Marketing Officer. Before joining GrammaTech, Marc was the Group VP of Product and Solutions Marketing at Polycom, where he helped define and market Polycom’s Workplace of the Future.

Prior to Polycom, Marc spent several years in the embedded software markets with Intel, Wind River Systems, and IBM, leading several marketing teams. Earlier in his career, Marc was a software engineer with Corning Research and GE Aerospace.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.