• Aucun résultat trouvé

How secure equipments in your ICS network need to be? An approach to select the "Just secure enough".

N/A
N/A
Info
Télécharger
Protected

Academic year: 2021

Partager "How secure equipments in your ICS network need to be? An approach to select the "Just secure enough"."

Copied!
3
0
0

Chargement.... (Voir le texte intégral maintenant)

Texte intégral

(1)

HAL Id: hal-01318167

https://hal.archives-ouvertes.fr/hal-01318167

Submitted on 19 May 2016

HAL

is a multi-disciplinary open access archive for the deposit and dissemination of sci- entific research documents, whether they are pub- lished or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers.

L’archive ouverte pluridisciplinaire

HAL, est

destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d’enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.

How secure equipments in your ICS network need to be?

An approach to select the ”Just secure enough”.

Isabelle Michard

To cite this version:

Isabelle Michard. How secure equipments in your ICS network need to be? An approach to select

the ”Just secure enough”.. Fast Abstract in the 46th Annual IEEE/IFIP International Conference on

Dependable Systems and Networks, Jun 2016, Toulouse, France. �hal-01318167�

(2)

How secure equipments in your ICS network need to be?

An approach to select the "Just secure enough".

Fast Abstract in IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2016.

Isabelle Michard Product Security Office

Schneider Electric

37 Quai Paul Louis Merlin, Grenoble, France

Abstract— Now that it is becoming straight forward that industrial environments are a target for threats, hints will be provided here to face this issue. How to protect devices and systems at the right level without wasting development efforts?

How protection can be tailored to marketing requirements and development environment?

Keywords— cybersecurity, secure coding, coding rules, vulnerabilities

I. INTRODUCTION

Industrial control system (ICS) encompasses several types of control systems, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other systems such as Programmable Logic Controllers (PLC). ICS are typically used in industries (electrical, water, oil and gas, chemical, transportation, pharmaceutical, paper, food and beverage manufacturing).

Most ICS in use today were developed years ago, designed to meet performance, reliability, safety, and flexibility requirements. In most cases they were physically isolated from outside networks and based on proprietary hardware, software, and communication protocols. The need for cyber security measures within these systems has not been anticipated.

Cyber security attacks have now become a common occurrence and pose a global problem. Cyber criminals are targeting individuals as well as corporations with more frequent, more sophisticated, and more coordinated assaults.

In the case of Stuxnet, a very sophisticated worm designed to attack specific industrial Programmable Logic Controllers a number of Iran's nuclear centrifuges have been reportedly ruined. In 2010, this worm was the first discovered malware that targeted and damaged industrial systems[1].

Thus such attacks created precedence in industrial world and relevant countermeasures to apply on industrial products needed to be defined.

II. CHOOSING A STRATEGY FOR PROTECTION A. The Secure Development Lifecycle process

Based on leading SDL expertise [2], a Secure Development Lifecycle process has been defined, with phases comprising tasks that are required to develop securely.

Secure coding, also called Defense programming, is one of the main activities from the Implementation phase that will be the focus here.

B. Approach for secure software

Our approach in the Implementation phase is composed of several steps. To start with, the relevant means for Secure coding have to be selected (coding rule set, tooling). The second step is to check the source code for conformance by manual code review as well as by application of Static code analysis tooling. Also detection of vulnerabilities in open source code is taken into account. The last step is to collect metrics from the previous activities and provide an up-to-date security dashboard in order to continuously measure and improve the source code quality.

III. SECURE CODING AS POWERFUL MEANS

Secure Coding relates to the Implement phase, when the source code is being written. It is the crucial moment where you need to fix as much as possible potential vulnerabilities in your source code. The SEI Secure Coding Initiative staff has observed, through an analysis of thousands of vulnerability reports that most vulnerabilities stem from a relatively small number of common programming errors [3].

According to the U.S. Department of Homeland Security report (2011), software vulnerability categories for ICS are 47% Improper Input Validation and 8% Indicator of Poor code Quality [4]. Then, more than 50% of such vulnerabilities can be addressed by secure coding. The goal of the SEI Secure Coding Initiative is to reduce the number of vulnerabilities to a level that can be fully mitigated in operational environments by preventing coding errors or discovering and eliminating security flaws during implementation and testing [3].

Securing your source code may have different objectives depending on your security requirements like needs for

(3)

confidentiality, integrity and availability as well as how your product is exposed to external environments.

IV. DEFINITION OF A CODING RULES REFERENTIAL A. Identify criteria

The first essential step is to identify the security needs of your teams by doing internal surveys with help of checklists.

This will help you to define the necessary criteria for the selection of the relevant rules or recommendations. Criteria are related to project needs based on the CIA triad (Confidentiality, Integrity and Availability) and project environment like how the source code is built (Operating System, programming language, use of external components…).

B. Collect best practices and recommendations

The second step is to investigate internal existing best practices as well as recommendations and rules from well known standards. They might differ from each programming language but some rules are higher level and can be applicable to all languages. Security coding rules are related to domains like buffer overflow, user input validation, memory management, concurrency, etc…

Known standards like CERT, OWASP or Microsoft need to be thoroughly analyzed. These standards help in identifying the relevant categories of vulnerabilities in the domains mentioned above [5] [6] [7].

C. Identify verification tools

In parallel, verification tools have to be investigated and configured specifically in order to evaluate their ability to detect the maximum rules. These tools can be static analyzers or security specific tools.

Static code analyzers are tools that can be used very early in the coding phase, since they are designed to analyze statically the source code, i.e.: not running. These tools need to provide configurations that allow verifying the rules from the standards. Some provide means to write our own specific configurations. Some also provide integration into the developer's IDE, which is wished in order to fix the flaws as soon as code is written.

V. SELECTION OF RELEVANT CODING RULES Once you have identified the relevant rules, you need to classify each rule according to the previously defined criteria.

This is a tedious work that is necessary to allow to extract the relevant dedicated subset of rules to be applied in order to protect your source code for the "just enough".

In order to help in choosing the adequate rules, an internal tool has been developed, allowing a user to obtain the personalized set of rules after selecting the criteria of a project.

The resulting set of rules is saved as a file that can be further

used as a reminder, for manual code review and as an input for a verification tool selected for the project.

Developers’ teams need to be trained for direct use and offer internal support.

This is a tailored approach to each project, balancing the project needs and their maturity in secure coding. It can be necessary to convince the project team about the severity of some detected issues or help to reach the learning curve by increasing iteratively the volume and categories of rules.

VI. VERIFICATION OF THE SOURCE CODE

Secure coding can only be achieved if the good application of the coding rules is verified. Thus, dedicated verification means have to be put in place. This will spare maximum time if there is a verification tool that is able to detect that the chosen coding rules have not been properly applied.

It is recommended to have setup a continuous integration environment so as to be informed very soon whenever any new issue is detected.

However, there are some rules that cannot be fully checked by a static code analyzer, like rules more related to design than the code itself. For example, a rule aiming to check the validation of user inputs is needed to be verified by manual review as this is applicative. Moreover there are rules that have been implemented incompletely or have not been implemented yet by the tool provider.

Manual code reviewing may also be considered as it is very powerful to reveal some vulnerability that would never be detected otherwise. Thus, this step is strongly required in this approach in conjunction with static code analysis.

VII. CONCLUSION

The strategy described here allows to tailor to project needs and maturity for achieving the "just enough". As this methodology is applicable early in a product development, it enables to sanitize the source code from vulnerabilities just when starting to write it. This is an important step that minimizes critical issues before launching a product on the market.

REFERENCES [1] Wikipedia, https://en.wikipedia.org/wiki/Stuxnet.

[2] Michael Howard, Steve Lipner, "The Security Development Lifecycle:

SDL (Developer Best Practices)", 1st Edition, Microsoft Press.

[3] Software Engineering Institute, The Secure Coding Initiative, http://www.cert.org/secure-coding/research/secure-coding-

standards.cfm.

[4] Homeland Security, http://www.dhs.gov/.

[5] CERT,

https://www.securecoding.cert.org/confluence/display/seccode/SEI+CE RT+Coding+Standards.

[6] OWASP,

https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project.

[7] Microsoft, https://msdn.microsoft.com/en-us/library/dd264921.aspx.

Références

Télécharger maintenant ( PDF - 3 Page - 617.60 KB )

Documents relatifs

Linux System Errors When system requests fail, error code are returned. To understand the nature of the error these codes need to be interpreted. They are recorded in:-

To understand the nature of the error these codes need to

How to secure an elevator

Girder Grids: Each floor is supported by horizontal steel girders running across the vertical columns. Many buildings also have diagonal beams running between

Glucocorticoids in sepsis : to be or not to be

SPRET/Ei mice, which are known for their resistance for endotoxic shock, display a combination of increased GR levels and overactivation of their HPA axis (30), and this is

What are they doing? Different games can be played using these cards. Be creative! The aim of these games is to have the pupils use the present continuous by playing.

The caller (teacher) pulls out one image and describe it (say the sentence in the present continuous (“She is running”).. The pupils will then place pennies, rocks, fun foam pieces

Two mechanisms are introduced that may be used to implement the echo function

The short term implementation mechanism will use an ISO 8473 normal data PDU as the echo-request and echo-reply PDU.. A special NSAP selector value will be used to identify

To be good enough

A best practices approach to any endeavour is to start with good enough and raise the bar to achieve excel- lence—because being an excellent doctor should not

To be or not to be?

To  honour  those  Canadian  family  physicians  who  contribute  so  much  to  improve  global  health  and  to  acknowledge  this  special  issue, 

Varicella. To be [vaccinated] or not to be: that is the question!

2 Until a refrigerator-stable vaccine becomes available, however, varicella vac- cine will not be incorporated into the recommend- ed immunization schedule in Canada, as most