Building Code for the Internet of Things
The many characteristics that make the IoT different from traditional networked computing also require us to pay particular attention to how to make such systems safe and secure. This Building Code document focuses on the challenges associated with composing systems, rather than building individual programs or devices. We use the concept of smart cities to illustrate how design for safety, security, and privacy must consider emergent properties, and how a system or technology designed for this domain must account for how it might be integrated, reused, or composed with other technologies and systems.
Building Code for Power System Software Security
Both the attractiveness of power systems as targets of cyberattack and their vulnerability to remote attack via digital networks has been made clear by recent world events. While policy makers seek means to deter such attacks politically, surely the most effective way to reduce their attractiveness as targets is to reduce their vulnerability to such attacks. The results of the workshop presented here have the objective of reducing the vulnerability of future power systems to remote attacks that exploit vulnerabilities in the code – software or firmware – that controls their operation.
This document aims to start medical device software engineers toward a building code for software security that will reduce the vulnerability of their systems to malicious attacks, just as codes for physical buildings help their designers and builders create structures that resist threats from fire, wind, water, and in some cases, malicious attacks.
The IEEE Center for Secure Design intends to shift some of the focus in security from finding bugs to identifying common design flaws — all in the hope that software architects can learn from others’ mistakes. To read more about what the Center for Secure Design is, read the facts.
Center for Secure Design participants — from industry, research, and government — identified the top flaws found in their own internal design reviews, or that were available from external data. Many of the flaws that made the list have been well known for decades, but continue to persist.
Most software built and released typically comes with a set of defects — implementation bugs and design flaws. While there has been a larger focus on finding bugs rather than on identifying flaws, this document intends to shift some of the focus in security from finding bugs to identifying design flaws in the hope that software architects can learn from others’ mistakes.
This document is a direct result of a discussion from experts on recurring security flaws and vulnerabilities identified within vehicle telematics and infotainment systems. The intended audience for this document is any entity involved in the design, build, implementation, and deployment of those systems.
In the Center for Secure Design‘s latest document, we look at how the Top 10 Software Security Design Flaws can be approached within a specific, albeit fictitious, wearable fitness tracking system: the WearFit. We base our analysis as much on real-world systems as possible, providing a broad analysis of threats facing users of wearable fitness-tracking devices.
Avoiding the Top 10 Software Security Design Flaws is released under the Creative Commons Attribution-ShareAlike 3.0 license. Read more here.
Stay on top of the Center’s activities by following @ieeecsd on Twitter.