The embedded software in products ranging from SCADA systems to medical devices to vehicles such as military drones is subject to a "pervasive vulnerability" making them insecure, according to a head Pentagon researcher. Dr. Kathleen Fisher, a computer scientist at Tufts University and a program manager at the Defense Advanced Research Projects Agency (DARPA), told Wired that traditional approaches to security do not work when applied to the type of control systems governing drones, trucks and power plants.
In home and office applications, security is generally handled by releasing patches for known vulnerabilities and guarding against threats with perimeter defense systems and antivirus scanning. In a recent DARPA presentation, Fisher explained that this approach cannot solve the problems in embedded software systems because it does not anticipate zero-day exploits, and security software can introduce new vulnerabilities. The report noted that one-third of vulnerabilities in a featured watchlist were in the security software itself.
"Many of these systems share a common structure: They have an insecure cyber perimeter, constructed from standard software components, surrounding control systems designed for safety but not for security," Fisher said in the presentation, according to Wired.
While drones, cars, medical devices and power plants were once considered safe from hackers due to the fact that they were not exposed to the internet, Wired noted that this is no longer the case. Researchers have determined how to remotely access pacemakers, insulin pumps and cars, while viruses have been used to infect drones and conduct cyberwarfare by destroying nuclear centrifuges. In her DARPA presentation, Fisher noted that 98 percent of microprocessors were embedded as of 2009 and that there is a trend toward networked embedded systems.
As this "ubiquitous, invisible, networked computing substrate" expands, preventing events such as the $6 billion Northeast blackout of 2003 or the Chernobyl nuclear disaster is coming into the purview of cybersecurity. To protect against growing instances of these types of attack, Fisher is leading a $60 million program called High-Assurance Cyber Military Systems (HACMS) to develop a new secure coding process for drones and robots.
New approaches for writing better code
Faced with a paradox discovered by Alan Turing in 1936 called the "Halting Problem," Fisher has noted that it would be impossible to develop a perfect checker that could ensure a program would run flawlessly forever. To carry out a full code review that can approximate a universal checker can be done – but it is extremely difficult. Wired noted that one group of Australian researchers spent 11 person-years verifying 8,000 lines of code in a microkernel they developed for an embedded software operating system.
One goal of HACMS will be to develop more efficient source code analysis techniques for ensuring embedded security, Wired noted. Another goal will be to develop a method of writing synthesized software for drones, eliminating the potential for error in the coding process altogether. By feeding a synthesizer program a set of specifications, the program could be set to write the code itself – and do so more accurately and faster than a human developer.
According to Fisher, DARPA experimented with this type of process previously in its development of a synthetic aperture radar program. Someone without coding expertise was able to list the features needed of such a program, and the synthesizer created it. While listing specifications to create consumer applications in this way would be no easier than writing the full program, the synthetic process is more feasible with embedded software. The set of features needed to run a drone is relatively straightforward, Fisher explained.
Such technology could eventually create drones and other products that are essentially hacker-proof. Until these methods arrive, however, embedded software manufacturers must acknowledge that the "pervasive vulnerabilities" in these systems must be addressed in the development process, not with perimeter controls. By using tools such as static analysis, manufacturers can begin strengthening software security today.
Software news brought to you by Klocwork Inc., dedicated to helping software developers create better code with every keystroke.