White Papers

Cybersecurity and Secure Deployments

Issue link: https://resources.windriver.com/i/961752

Contents of this Issue


Page 4 of 5

memory. Anything on the target can be read without being noticed or stopped, including MMU contents, registers, and disk content. Every instruction, memory access, device access, and network packet can be traced and logged. And malware has no idea it is being observed. Observing Future Behavior with Hypersimulation Since malware is sometimes designed to cause long-term effects after weeks, months, or even years, researchers need to investigate what may happen to a system in the future, and how small errors converge into larger problems over time. With a physical system, there is only one way to do that—let the system run and monitor the effect in real time. Simics can actually speed up time through hypersimulation and project system behavior into the future. No Source Code Required When performing forensics, one may encounter situations where only software binaries are available. This lack of source code could potentially slow down or obstruct an investigation. But because Simics runs unmodified software, portions of the system can be available only as machine code and still be executed and analyzed by leveraging the features of Simics. This is a unique characteristic of Simics relative to other system simulation tools. SECURE DEPLOYMENT Developers need to be sure that new software and the products it enables have not been compromised before being deployed— that the system boots and operates securely initially, as well as after an update. The simple answer would be to test every part of the software before deployment and at every update. The problem is that security is difficult to scale correctly. The more complex the software and computer system, the larger the test matrix, and the more difficult it becomes to achieve the relevant test variation at production scale. Not testing at full scale can put the production system at risk, and this risk is exacerbated with the unrelenting demand for faster deployments. Unfortunately the solution has often been to forego complete test coverage and test only for the most critical use cases on available platforms. Cyber attackers will find those places that were not fully tested. Fuzz testing is one method that can be applied to evaluate security prior to deployment. For example, engineers can randomly vary inputs to a device, introduce random communication, apply protocol variations, perform range and boundary checks, or check for buffer and register overflows. Randomized testing, however, requires bandwidth, which again raises the issue of scalability. SOLVING THE CHALLENGE OF SCALE Security testing requires scalability. Compromises on test variation and test coverage need to be eliminated. Solving this problem requires two key capabilities: automation and parallelization. It is critical to have as much automation as possible, not only to speed up the testing process, but also to achieve repeatability and to be able to report and log results automatically. Running tests in parallel also helps save time—but parallelization is difficult. Not all types of test software can be run in parallel; some is by nature serial. And test parallelization requires the existence of several instances of the same hardware, which is not always practical or affordable. INSTANT REPLICATION OF TEST ASSETS Simulation and virtual hardware solve both the automation and the parallelization problems. When hardware is virtual, any amount of target hardware can be instantiated, in any system configuration, instantly. A virtual hardware lab can complement a physical hardware lab, enabling engineers to create the target systems on demand. An automated test system can also be programmed to create new hardware instances and system setups (of both hardware and software) automatically. Simics can also significantly accelerate test speed through a "snapshot and restore" feature, meaning it can run a system to a specific point, create a snapshot, then run derivative test cases from the snapshot without having to re-run the system to the snapshot point each time. Simics enables the instant and unlimited replication of test assets. Parallel testing that requires multiple instances of hardware can be run easily with Simics. Alternate system setups can be created so that boards and software combinations are varied to specific requirements, making it possible to complete the entire test matrix, with any number or combinations of hardware variants, OS configurations, communication protocols, and devices. CYBERSECURITY AND SECURE DEPLOYMENTS 5 | White Paper

Articles in this issue

view archives of White Papers - Cybersecurity and Secure Deployments