model-based engineering for cybersecurity: preparing for un ece … · 8 un ece/trans/wp.29/2020/79...
TRANSCRIPT
![Page 1: Model-Based Engineering for Cybersecurity: Preparing for UN ECE … · 8 UN ECE/TRANS/WP.29/2020/79 regulation proposal on Cybersecurity – Uniform provisions concerning the approval](https://reader033.vdocuments.site/reader033/viewer/2022042910/5f3ef8dfb190ea08ab07a652/html5/thumbnails/1.jpg)
1© 2020 The MathWorks, Inc.
July 1st 2020 | EUROPE
Model-Based Engineering for Cybersecurity:
Preparing for UN ECE Regulation and ISO/SAE-21434
![Page 2: Model-Based Engineering for Cybersecurity: Preparing for UN ECE … · 8 UN ECE/TRANS/WP.29/2020/79 regulation proposal on Cybersecurity – Uniform provisions concerning the approval](https://reader033.vdocuments.site/reader033/viewer/2022042910/5f3ef8dfb190ea08ab07a652/html5/thumbnails/2.jpg)
2
In the News 5 years ago…
Source: https://www.wired.com/2016/08/jeep-hackers-return-high-speed-steering-acceleration-hacks/
![Page 3: Model-Based Engineering for Cybersecurity: Preparing for UN ECE … · 8 UN ECE/TRANS/WP.29/2020/79 regulation proposal on Cybersecurity – Uniform provisions concerning the approval](https://reader033.vdocuments.site/reader033/viewer/2022042910/5f3ef8dfb190ea08ab07a652/html5/thumbnails/3.jpg)
3
In the News 5 years ago…
Source: https://www.wired.com/2016/08/jeep-hackers-return-high-speed-steering-acceleration-hacks/
![Page 4: Model-Based Engineering for Cybersecurity: Preparing for UN ECE … · 8 UN ECE/TRANS/WP.29/2020/79 regulation proposal on Cybersecurity – Uniform provisions concerning the approval](https://reader033.vdocuments.site/reader033/viewer/2022042910/5f3ef8dfb190ea08ab07a652/html5/thumbnails/4.jpg)
4
In the News 5 years ago…
Source: https://www.wired.com/2016/08/jeep-hackers-return-high-speed-steering-acceleration-hacks/
![Page 5: Model-Based Engineering for Cybersecurity: Preparing for UN ECE … · 8 UN ECE/TRANS/WP.29/2020/79 regulation proposal on Cybersecurity – Uniform provisions concerning the approval](https://reader033.vdocuments.site/reader033/viewer/2022042910/5f3ef8dfb190ea08ab07a652/html5/thumbnails/5.jpg)
5
Cybersecurity – Emerging Topic
▪ Growing communication of on-board
systems, sensors and external sites
▪ Car becomes another node of IoT
▪ Security can compromise vehicle safetyVehicle-to-Infrastructure
Vehicle-to-Vehicle
eCall
Wifi Hotspot
Wireless Key Remote Start
Internet Connection
Bluetooth Connection
Tire Pressure Monitor
On-Board & V2X Communication
„FCA recalls 1.4 Million cars after Jeep hack“
http://www.blogcdn.com/www.autoblog.com/media/2013/02/2014-jeep-cherokee-1.jpg
![Page 6: Model-Based Engineering for Cybersecurity: Preparing for UN ECE … · 8 UN ECE/TRANS/WP.29/2020/79 regulation proposal on Cybersecurity – Uniform provisions concerning the approval](https://reader033.vdocuments.site/reader033/viewer/2022042910/5f3ef8dfb190ea08ab07a652/html5/thumbnails/6.jpg)
6
![Page 7: Model-Based Engineering for Cybersecurity: Preparing for UN ECE … · 8 UN ECE/TRANS/WP.29/2020/79 regulation proposal on Cybersecurity – Uniform provisions concerning the approval](https://reader033.vdocuments.site/reader033/viewer/2022042910/5f3ef8dfb190ea08ab07a652/html5/thumbnails/7.jpg)
7
Current milestones around regulations, guidelines and standards
11/2019
ENISA publishes
“GOOD
PRACTICES FOR
SECURITY OF
SMART CARS”
06/2020
UN ECE WP.29
discussing adoption02/2020
ISO/SAE 21434 DIS
is published
12/2020
ISO/SAE 21434
FDIS to be
published
06/2020
TODAY
![Page 8: Model-Based Engineering for Cybersecurity: Preparing for UN ECE … · 8 UN ECE/TRANS/WP.29/2020/79 regulation proposal on Cybersecurity – Uniform provisions concerning the approval](https://reader033.vdocuments.site/reader033/viewer/2022042910/5f3ef8dfb190ea08ab07a652/html5/thumbnails/8.jpg)
8
▪ UN ECE/TRANS/WP.29/2020/79 regulation proposal on
Cybersecurity
– Uniform provisions concerning the approval of vehicles with regard
to cyber security and of their cybersecurity management systems
(CSMS)
– Relevant for homologation
– Automotive supply-chain to implement the UN Regulation
▪ ISO/SAE 21434 – “Road vehicles – Cybersecurity
engineering”
– Widely seen as reference implementation of a CSMS for E/E
Systems
– Development processes need to be adapted to deal with
Cybersecurity Threats and Risks
Why is this important?
![Page 9: Model-Based Engineering for Cybersecurity: Preparing for UN ECE … · 8 UN ECE/TRANS/WP.29/2020/79 regulation proposal on Cybersecurity – Uniform provisions concerning the approval](https://reader033.vdocuments.site/reader033/viewer/2022042910/5f3ef8dfb190ea08ab07a652/html5/thumbnails/9.jpg)
9
ISO/SAE 21434 is aligned with the V model and ISO 26262
System Release
System
Integration and
Test
SW Test
SW
Implementation
SW Design
System Design
System
RequirementsContinuous
System CareRisk management
(e.g. TARA/HARA)
Security concept /
High level design of
countermeasures
Security specification /
Detailed design of
countermeasures
ImplementationSecurity related SW component
test and verification
Security related SW
integration test and
verification
Security related
System integration test and
verification
![Page 10: Model-Based Engineering for Cybersecurity: Preparing for UN ECE … · 8 UN ECE/TRANS/WP.29/2020/79 regulation proposal on Cybersecurity – Uniform provisions concerning the approval](https://reader033.vdocuments.site/reader033/viewer/2022042910/5f3ef8dfb190ea08ab07a652/html5/thumbnails/10.jpg)
10
![Page 11: Model-Based Engineering for Cybersecurity: Preparing for UN ECE … · 8 UN ECE/TRANS/WP.29/2020/79 regulation proposal on Cybersecurity – Uniform provisions concerning the approval](https://reader033.vdocuments.site/reader033/viewer/2022042910/5f3ef8dfb190ea08ab07a652/html5/thumbnails/11.jpg)
11
Embedded Systems Threats and Vulnerabilities
Network
File System
HSM
3rd party
software
User Input
Sensors
HSM: Hardware Security Module
• Incorrect order of network connection
operations
• Tainted data
• TOCTOU (race condition)
• Vulnerable path manipulation
• Use of non-secure temporary file
• Deterministic random output from
constant seed
• Vulnerable pseudo-random
number generator
• Sensitive heap memory not
cleared before release
• Tainted Data
• Execution of a binary/Load
of library from a relative
path can be controlled by an
external actor
• Tainted Data
• Tainted Data
![Page 12: Model-Based Engineering for Cybersecurity: Preparing for UN ECE … · 8 UN ECE/TRANS/WP.29/2020/79 regulation proposal on Cybersecurity – Uniform provisions concerning the approval](https://reader033.vdocuments.site/reader033/viewer/2022042910/5f3ef8dfb190ea08ab07a652/html5/thumbnails/12.jpg)
13
Databases collecting security vulnerabilities and exploits
▪ CVE – Common Vulnerabilities & Exposures (cve.mitre.org)
▪ OSVDB – Open Source Vulnerability Database (osvdb.org)
▪ SANS Institute - SysAdmin, Audit, Network, Security (www.sans.org)
▪ OWASP - Open Web Application Security Project (www.owasp.org)
![Page 13: Model-Based Engineering for Cybersecurity: Preparing for UN ECE … · 8 UN ECE/TRANS/WP.29/2020/79 regulation proposal on Cybersecurity – Uniform provisions concerning the approval](https://reader033.vdocuments.site/reader033/viewer/2022042910/5f3ef8dfb190ea08ab07a652/html5/thumbnails/13.jpg)
14
CERT and other organizations share secure coding practices
source: https://www.securecoding.cert.org
Validate inputs
Heed compiler warnings and use static and dynamic analysis tools
Architect/Design Software for security policies
![Page 14: Model-Based Engineering for Cybersecurity: Preparing for UN ECE … · 8 UN ECE/TRANS/WP.29/2020/79 regulation proposal on Cybersecurity – Uniform provisions concerning the approval](https://reader033.vdocuments.site/reader033/viewer/2022042910/5f3ef8dfb190ea08ab07a652/html5/thumbnails/14.jpg)
15
![Page 15: Model-Based Engineering for Cybersecurity: Preparing for UN ECE … · 8 UN ECE/TRANS/WP.29/2020/79 regulation proposal on Cybersecurity – Uniform provisions concerning the approval](https://reader033.vdocuments.site/reader033/viewer/2022042910/5f3ef8dfb190ea08ab07a652/html5/thumbnails/15.jpg)
16
Jeep Hack: Deterministic Random Number GeneratorVulnerability of the in-car Wi-Fi
01-01-1970 01-19-2038today
impossible
production
impossible
time() = integer
2,147,483,647 possibilities (232-1)
Source: http://illmatics.com/Remote%20Car%20Hacking.pdf
![Page 16: Model-Based Engineering for Cybersecurity: Preparing for UN ECE … · 8 UN ECE/TRANS/WP.29/2020/79 regulation proposal on Cybersecurity – Uniform provisions concerning the approval](https://reader033.vdocuments.site/reader033/viewer/2022042910/5f3ef8dfb190ea08ab07a652/html5/thumbnails/16.jpg)
17
Model-Based Design - examples of potential Cert C issues *
▪ FLP30-C 2
– Do not use floating-point variables as loop counters
▪ FLP34-C 41
– Ensure that floating-point conversions are within range of the new type
▪ INT30-C 72
– Ensure that unsigned integer operations do not wrap
▪ INT31-C 343
– Ensure that integer conversions do not result in lost or misinterpreted data
*) all user made; found in C code generated from 50 industry models
![Page 17: Model-Based Engineering for Cybersecurity: Preparing for UN ECE … · 8 UN ECE/TRANS/WP.29/2020/79 regulation proposal on Cybersecurity – Uniform provisions concerning the approval](https://reader033.vdocuments.site/reader033/viewer/2022042910/5f3ef8dfb190ea08ab07a652/html5/thumbnails/17.jpg)
18
Model-Based Design - examples of potential Cert C issues *The models have not been designed to comply with Cert C
(violations are specifically relevant if taint data is involved)
▪ FLP30-C 2
– Do not use floating-point variables as loop counters
▪ FLP34-C 41
– Ensure that floating-point conversions are within range of the new type
▪ INT30-C 72
– Ensure that unsigned integer operations do not wrap
▪ INT31-C 343
– Ensure that integer conversions do not result in lost or misinterpreted data
*) all user made; found in C code generated from 50 industry models
![Page 18: Model-Based Engineering for Cybersecurity: Preparing for UN ECE … · 8 UN ECE/TRANS/WP.29/2020/79 regulation proposal on Cybersecurity – Uniform provisions concerning the approval](https://reader033.vdocuments.site/reader033/viewer/2022042910/5f3ef8dfb190ea08ab07a652/html5/thumbnails/18.jpg)
20
Early security considerations at model level
▪ Identify ...– Discouraged blocks
– Non-determinism
– Basic design flaws
▪ Covers:– Most frequent issues
(according the inhouse study)
– CERT C, CWE and other checks
▪ Result:– Analyzable model
– Removed basic flaws
Design flaw!
![Page 19: Model-Based Engineering for Cybersecurity: Preparing for UN ECE … · 8 UN ECE/TRANS/WP.29/2020/79 regulation proposal on Cybersecurity – Uniform provisions concerning the approval](https://reader033.vdocuments.site/reader033/viewer/2022042910/5f3ef8dfb190ea08ab07a652/html5/thumbnails/19.jpg)
21
Quantifying Security Compliance at Code Level
Code from original example model:
Code from improved example model:
Design improvements reduce late findings in C code and design iterations!
~50% fewer Cert-C violations!
![Page 20: Model-Based Engineering for Cybersecurity: Preparing for UN ECE … · 8 UN ECE/TRANS/WP.29/2020/79 regulation proposal on Cybersecurity – Uniform provisions concerning the approval](https://reader033.vdocuments.site/reader033/viewer/2022042910/5f3ef8dfb190ea08ab07a652/html5/thumbnails/20.jpg)
22
Documenting formal cybersecurity requirements
▪ Outcome of Threat
Analysis and Risk
Assessment (TARA) needs
to be documented and
linked to a system or a
component
▪ Each threat can be
mitigated by one or more
requirements
![Page 21: Model-Based Engineering for Cybersecurity: Preparing for UN ECE … · 8 UN ECE/TRANS/WP.29/2020/79 regulation proposal on Cybersecurity – Uniform provisions concerning the approval](https://reader033.vdocuments.site/reader033/viewer/2022042910/5f3ef8dfb190ea08ab07a652/html5/thumbnails/21.jpg)
23
Author and manage functional/cybersecurity requirements
Create, organize and view requirements
directly in your models Track implementation and verification status
![Page 22: Model-Based Engineering for Cybersecurity: Preparing for UN ECE … · 8 UN ECE/TRANS/WP.29/2020/79 regulation proposal on Cybersecurity – Uniform provisions concerning the approval](https://reader033.vdocuments.site/reader033/viewer/2022042910/5f3ef8dfb190ea08ab07a652/html5/thumbnails/22.jpg)
24
Cybersecurity testing in simulation using attack libraries
▪ Run attacks in simulation
– Attacks can be implemented in Simulink
– Usable for every system model and to
attack almost every signal
– Helps improve effectiveness of intrusion
detection systems (IDS)
▪ Adaptable
– Increase variety of cyberattacks and use
masked parameters for flexibility
– MATLAB Function blocks for more
complex logic
– Testing in SIL, PIL, HIL
Source: https://www.mathworks.com/videos/a-reinforcement-learning-framework-for-smart-secure-and-
efficient-cyber-physical-autonomy-1550746639241.html
![Page 23: Model-Based Engineering for Cybersecurity: Preparing for UN ECE … · 8 UN ECE/TRANS/WP.29/2020/79 regulation proposal on Cybersecurity – Uniform provisions concerning the approval](https://reader033.vdocuments.site/reader033/viewer/2022042910/5f3ef8dfb190ea08ab07a652/html5/thumbnails/23.jpg)
25
Model-Based Engineering use cases for ISO/SAE 21434
System Release
System
Integration and
Test
SW Test
SW
Implementation
SW Design
System Design
System
RequirementsContinuous
System CareRisk management
(e.g. TARA/HARA)
Security concept /
High level design of
countermeasures
Security specification /
Detailed design of
countermeasures
ImplementationSecurity related SW component
test and verification
Security related SW
integration test and
verification
Security related
System integration test and
verification
Code level
security
verification
Secure code
generation
▪ MISRA C
▪ CERT C
▪ CWE
Secure
modeling
& design
Threat
modeling &
analysis
Smart
fuzz testing
Intrusion
Detection
Reaction
Intrusion
detection &
prevention
![Page 24: Model-Based Engineering for Cybersecurity: Preparing for UN ECE … · 8 UN ECE/TRANS/WP.29/2020/79 regulation proposal on Cybersecurity – Uniform provisions concerning the approval](https://reader033.vdocuments.site/reader033/viewer/2022042910/5f3ef8dfb190ea08ab07a652/html5/thumbnails/24.jpg)
26
![Page 25: Model-Based Engineering for Cybersecurity: Preparing for UN ECE … · 8 UN ECE/TRANS/WP.29/2020/79 regulation proposal on Cybersecurity – Uniform provisions concerning the approval](https://reader033.vdocuments.site/reader033/viewer/2022042910/5f3ef8dfb190ea08ab07a652/html5/thumbnails/25.jpg)
27
In 2018 41% of the automotive suppliers did not
have an established cybersecurity program or teamSource: Ponemon Study of Automotive Industry Cybersecurity Practices (2018)
![Page 26: Model-Based Engineering for Cybersecurity: Preparing for UN ECE … · 8 UN ECE/TRANS/WP.29/2020/79 regulation proposal on Cybersecurity – Uniform provisions concerning the approval](https://reader033.vdocuments.site/reader033/viewer/2022042910/5f3ef8dfb190ea08ab07a652/html5/thumbnails/26.jpg)
Are you planning to implement Cybersecurity
requirements in the near future?
Please contact us with questions
[email protected], we’re already working on it
YES, this will be relevant for us in the next 1-2 years
NO, this is not relevant for us