Post on 24-Aug-2020
IIRA and RAMI 4.0Secure IIoT Applications Need Secure Application Code
Mark.Richardson@ldra.com
IIRA: Industrial Internet Reference Architecture
RAMI: Reference Architecture Model for Industrie
IIoT: Industrial Internet of Things
E-Bike
2
Security
3
Safety
4
Netherlands Cycle Path
5
UK Cycle Path
You can’t “bolt on” safety, you have to design it in.
The same is true about security in the IIOT.
6
The Internet of Things and Services
7
The “Internet of Things” (IoT) is a much used phrase, and one
full of optimism and promise
Smart Parking
Connected Water Meters
Gas Monitoring
Chronic Disease Management
Road Pricing
Telework
Connected Learning
Connected Militarized Defence
The Internet of Things and Services
8
https://www.informationweek.com
/government/leadership/internet-
of-things-8-cost-cutting-ideas-for-
government/d/d-id/1113459
US Water Utility Network
9
http://www.bbc.co.uk/news/technology-15817335
San Francisco Transit Network
10
https://www.wired.com/2016/11/sfs-
transit-hack-couldve-way-worse-
cities-must-prepare/
German Steel Works
11
http://www.bbc.co.uk/news
/technology-30575104
Ukrainian Electricity Network
12
http://www.bbc.co.uk/news/technology-35686493
Mirai Source Code
13
Default Password
1234
Distributed Denial of Service (DDoS) Attack
IoT systems are generally non critical systems such as a home thermostat, where a failure is not catastrophic
IIoT focuses more on complex industrial systems, such as power generation and transportation, which are much more demanding in terms of performance and which need to perform 24/7 with serious consequences in case of failure
Both IIoT and IoT are starting to have a huge element of machine-to-machine communications
IoT & IIoT
14
Security approach for IIoT needs to be the most
robust and highest performing system possible
Reference Architectural Model for Industry
German, French & Italian Initiative to support and strengthen the digitisation processes of their manufacturing sectors
The fourth industrial revolution: Towards intelligent and flexible production
RAMI 4.0
15
https://www.plattform-
i40.de/I40/Redaktion/EN/Downloa
ds/Publikation/rami40-an-
introduction.pdf?__blob=publicatio
nFile&v=4
IIRA
16https://rti.wistia.com/medias/8ma88ry3mw?embedType=async&videoFoam=true&videoWidth=640
Industrial Internet Reference Architecture
Enables Industrial Internet of Things (IIoT) system architects to design their own systems based on a common framework and concepts
IIRA and RAMI 4.0
17
IIC Functional
Domains and
Viewpoints
Reference
Architecture
Model for
Industrie 4.0
Umsetzungsstrategie Industrie 4.0 –
Ergebnisbericht, Berlin, April 2015
Industrial Internet
consortium –
Industrial
Internet
Reference
Architecture version
1.7. 4th June, 2015
Middleware
18
http://blog.iiconsortium.org/2016/07/applying-the-iira-to-the-iics-microgrid-testbed.html
• Applying the IIRA to the IIC’s Microgrid Testbed, deploying
DDS (Data Distribution Service) as a middleware solution
The Swiss Cheese model
19
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC1117770/
There is no simple, “one-stop” answer to the security
conundrum. Cyber-security depends on vigilance in every part
of the architecture, the design, the development process,
including:
• Secure boot
• Domain separation
• Least privilege design principles
• Minimisation of attack surfaces
• Secure coding techniques
• Security focused testing
• Responsive maintenance processes
It is imperative that all critical application code is
written with security as a primary focus
Writing
Secure
Code
Build Safe and Secure Application Code
Use a Secure Coding Standard
Reduce Code Complexity
Define Safety Requirements
Requirements Tracing
Requirement Based Testing
Measure Structural Coverage
21
There are databases that track the security vulnerabilities and exposures. For many years now, all recorded exploits and vulnerabilities have been captured in a variety of databases, including: CVE – Common Vulnerabilities & Exposures (cve.mitre.org)
OSVDB – Open Source Vulnerability Database (osvdb.org)
SANS Institute - SysAdmin, Audit, Network, Security(www.sans.org)
OWASP - Open Web Application Security Project(www.owasp.org)
Tracking Security Vulnerabilities
22
Learn from Experience
Computer Emergency Readiness Team
CERT
23
Validate Inputs Validate input from all untrusted data sources. Proper input validation
can eliminate the vast majority of software vulnerabilities. Be suspicious of most external data sources, including command line arguments, network interfaces, environmental variables, and user controlled files
Heed compiler warnings Compile code using the highest warning level available for your
compiler and eliminate warnings by modifying the code. Use static and dynamic analysis tools to detect and eliminate additional security flaws
Keep it simple Keep the design as simple and small as possible. Complex designs
increase the likelihood that errors will be made in their implementation, configuration, and use
Top Secure Coding Practices
24
Use effective quality assurance techniques Good quality assurance techniques can be effective in identifying and
eliminating vulnerabilities. Fuzz testing, penetration testing, and source code audits should all be incorporated as part of an effective quality assurance program. Independent security reviews can lead to more secure systems. External reviewers bring an independent perspective; for example, in identifying and correcting invalid assumptions
Adopt a secure coding standard Develop and/or apply a secure coding standard for your target
development language and platform
Top Secure Coding Practices
25
Source: https://www.securecoding.cert.org
Secure Coding Standard: MISRA C:2012/AMD1
26
Validate Inputs
Static analysis can be performed on the code and a number of metrics measured such as: Number of lines of code
Number of exit points
Fan in / Fan out
McCabe Cyclomatic Complexity
Keep It Simple
27
Example of High Complexity
28
Impossible to understand, maintain or test
IEC 61508 and Security
29
• IEC 61508 addresses security related safety risks just like
any other safety risks, and demands safety goals and
requirements to deal with them
Thermostat Safety Requirements
30
Design in Security
Build Safe and Secure Application Code
Define Requirements • Definition of safety and security requirements
Requirement Based Testing
• Requirement Coverage
• Impact Analysis
• Bi-directional Traceability from requirement to source code
31
Build Safe and Secure Application Code
Coding Compliance and Quality of Code
• Finding safety and security vulnerabilities
• Maintaining the quality of code
Functional Testing
• Ensuring correctness of function
• Robustness testing
Structural Coverage
• Achieving an appropriate level of code coverage
32
Requirement Traceability
33
Bi-directional traceability between requirements, test
cases, and source code
Traditional Security Market - Testing
34
Reactive
Coding Executable Testing
Not Dependable
Not Trustworthy
(Malicious Logic)
Not Resilient
No Guidelines
No Risk
Mitigation
Mostly Agile
Performance Tests
Penetration Tests
Load Tests
Functional Tests
Prevention is Better than Cure
35
Process remains same, additional considerations need to be addressed
Proactive
Coding Executable
Testing
Code Reviews
Functional Tests
Structural Coverage
(No Malicious Logic)
Security Tests
Security Risk
Assessment Drives
Security Guidelines
Agile/V/Waterfall
Dependable
Trustworthy
Resilient
Structural Coverage
36
Once all the High Level Tests have been executed, any code that remains un-exercised should be either removed, (if deemed to be dead-code), or new tests created to exercise it, or if in the case of defensive code (for example checking that a pointer is not null) then unit tests can be created to achieve 100% structural coverage
Structural Coverage Gap Analysis
37
Summary
Security has to be designed in
Multiple layers of defence
Safety Requirements
Secure Coding Standard
Requirements based Testing
Requirements Tracing
38
.com
Need more information?
info@ldra.com
Contact Us
39
Q A&
Any Questions
40