Software Assurance            Software Hardening            Autonomic Computing

Using Static Analysis to Improve IIoT Device Security

INTRODUCTION:

The Industrial Internet of Things is unique in that devices that compose industrial control systems are often insecure due to limitations in their design and capability. On top of that, the protocols used to communicate are not secure, with a dangerous reliance on physical security (.e.g. keeping devices on a local network). System-level implementation of security is required as part of that secure software design and development. Static analysis tools are useful in improving software security and in this post, we’ll look at how that applies to IIOT devices.

Related:


IIOT Device Security Challenges

Industrial devices suffer the same challenges as all IoT devices, such as being increasingly targeted by attackers, having traditionally poor built-in security, and having large deployments of legacy devices, all while increasing machine-to-machine connectivity and being brought into the IoT “fold.”

But IIoT devices are also unique:

  1. They are hardware-limited in terms of processing capabilities for many modern security features, such as encryption, networks stacks, and built-in firewalls.
  2. They often control critical infrastructure, which makes the possible outcomes of cyber-attacks much more serious.
  3. Industrial controllers and SCADA systems have different communication protocols and standards than home or office devices.
  4. Various other factors, including extremely long product lifecycles and difficulty in updating firmware and hardware compared to other devices.

These additional challenges exacerbate the security challenge for development teams in IIoT.

Four Steps to Improve IIoT Security

Our previous posts on a four-step improvement process for IoT devices applies equally to IIoT devices with extra consideration for these challenges. Incorporating the following four major steps into an embedded software-development process can improve security (and quality) for highly-connected devices. The four-step process, in summary, is a follows: (1) design with a security first philosophy, (2) use and repeat system-wide threat assessments and analysis, (3) leverage tools as much as possible, and (4) use advanced source and binary code analysis to ensure the quality and security of third-party code. four-step.png


Figure 1: A four-step security and quality assurance process for IIoT devices

The Role of Static Analysis Tools in Improving IIoT Device Security

Static analysis tools like GrammaTech’s CodeSonar provide critical support in the coding and integration phases of development. Ensuring continuous code quality, both in the development and maintenance phases, greatly reduces the costs and risks of security and quality issues in software. In particular, static analysis provides some of the following benefits:

  • Continuous source-code quality and security assurance: As each new code block is written (file or function), it can be scanned by static analysis tools, detecting errors and vulnerabilities (and maintaining secure coding standards, discussed below) in the source before it enters the build system.
  • Tainted data detection and analysis: Analysis of the dataflows from sources (i.e. interfaces) to "sinks" (where data gets used in a program) is critical in detecting potential vulnerabilities from tainted data (containing potential exploit payloads). 
  • Assessing the quality and security of third-party code: Most projects are not greenfield development and require the use of existing code within a company or from a third party. Performing testing and dynamic analysis on a large existing codebase is hugely time consuming and may exceed the limits on the budget and schedule. Static analysis is particularly suited to analyzing large codebases and providing meaningful errors and warnings that indicate both security and quality issues. CodeSonar's binary analysis can analyze binary-only libraries and provide similar reports as source analysis when source is not available. In addition, binary analysis can work in a mixed source and binary mode to detect errors in the usage of external binary libraries from the source code. 
  • Secure coding standard enforcement: Static analysis tools analyze source syntax and can be used to enforce coding standards. Various code security guidelines are available such as SEI CERT C and Microsoft's Secure Coding Guidelines

As part of a complete tools suite, static analysis provides key capabilities that other tools cannot. The payback for adopting static analysis is the early detection of errors and vulnerabilities that traditional testing tools may miss. This helps ensure a high level of quality and security on an on-going basis.


CONCLUSION:

Machine-to-machine (M2M) and IIoT device manufacturers, incorporating a security-first design philosophy with formal threat assessments and automated tools, will produce devices that are better secured against the accelerating threats on the Internet. Modifying an existing successful software-development process that includes security at the early stages of product development is key. A smart use of automated tools to both develop new code and secure existing and third-party code allows development teams to meet strict budget and schedule constraints. Static analysis of both source and binaries plays a key role in a security-first development toolset.