Tomas Paulik

2024-08-15

Abstract:Software applications in the space and defense industries have their unique characteristics: They are complex in structure, mission-critical, and often targets of state-of-the-art cyber attacks sponsored by adversary nation states. These applications have typically a high number of stakeholders in their software component supply chain, data supply chain, and user base. The aforementioned factors make such software applications potentially vulnerable to bad actors, as the widely adopted DevOps tools and practices were not designed for high-complexity and high-risk environments. In this study, I investigate the security challenges of the development and management of complex space applications, which differentiate the process from the commonly used practices. My findings are based on interviews with five domain experts from the industry and are further supported by a comprehensive review of relevant publications. To illustrate the dynamics of the problem, I present and discuss an actual software supply chain structure used by Thales Alenia Space, which is one of the largest suppliers of the European Space Agency. Subsequently, I discuss the four most critical security challenges identified by the interviewed experts: Verification of software artifacts, verification of the deployed application, single point of security failure, and data tampering by trusted stakeholders. Furthermore, I present best practices which could be used to overcome each of the given challenges, and whether the interviewed experts think their organization has access to the right tools to address them. Finally, I propose future research of new DevSecOps strategies, practices, and tools which would enable better methods of software integrity verification in the space and defense industries.

Cryptography and Security

Christos Tsigkanos,Nianyu Li,Zhi Jin,Zhenjiang Hu,Carlo Ghezzi

DOI: https://doi.org/10.1145/3196478.3196485

2018-01-01

Abstract:Cyber-physical space systems are becoming increasingly important. Such systems have to satisfy requirements that are heavily affected by the physical space they operate in and by the active entities inhabiting the space, whose dynamic behaviors generate continuous topological changes. Reasoning about requirements in the early design phases is extremely challenging. High-level design can be facilitated by systematic application of separation of concerns throughout modeling, analysis, and early requirements validation. We outline an approach that identifies key recurrent concerns arising in cyber-physical space systems, supports systematic and semi-automatic modeling of separate concerns, and a formally defined composition of the separately developed models. Early requirements validation is then supported by leveraging statistical model checking techniques. We illustrate our approach through an example disaster scenario in a smart city.

Christian M. Fuchs,Todor Stefanov,Nadia Murillo,Aske Plaat

DOI: https://doi.org/10.48550/arXiv.1708.06931

2017-08-23

Abstract:Modern embedded technology is a driving factor in satellite miniaturization, contributing to a massive boom in satellite launches and a rapidly evolving new space industry. Miniaturized satellites, however, suffer from low reliability, as traditional hardware-based fault-tolerance (FT) concepts are ineffective for on-board computers (OBCs) utilizing modern systems-on-a-chip (SoC). Therefore, larger satellites continue to rely on proven processors with large feature sizes. Software-based concepts have largely been ignored by the space industry as they were researched only in theory, and have not yet reached the level of maturity necessary for implementation. We present the first integral, real-world solution to enable fault-tolerant general-purpose computing with modern multiprocessor-SoCs (MPSoCs) for spaceflight, thereby enabling their use in future high-priority space missions. The presented multi-stage approach consists of three FT stages, combining coarse-grained thread-level distributed self-validation, FPGA reconfiguration, and mixed criticality to assure long-term FT and excellent scalability for both resource constrained and critical high-priority space missions. Early benchmark results indicate a drastic performance increase over state-of-the-art radiation-hard OBC designs and considerably lower software- and hardware development costs. This approach was developed for a 4-year European Space Agency (ESA) project, and we are implementing a tiled MPSoC prototype jointly with two industrial partners.

Distributed, Parallel, and Cluster Computing,Operating Systems

Badis Hammi,Sherali Zeadally

DOI: https://doi.org/10.1109/mc.2023.3273491

2023-07-01

Computer

Abstract:Software application development involves various actors and organizations in what is called the software supply chain. We discuss how we can achieve strong resilience of the software supply chain to cyberthreats and then propose a holistic end-to-end security approach for the software supply chain.

computer science, software engineering, hardware & architecture

Janislley Oliveira de Sousa,Bruno Carvalho de Farias,Eddie Batista de Lima Filho,Lucas Carvalho Cordeiro

2024-08-26

Abstract:This study investigates vulnerabilities in dependencies of sampled open-source software (OSS) projects, the relationship between these and overall project security, and how developers' behaviors and practices influence their mitigation. Through analysis of OSS projects, we have identified common issues in outdated or unmaintained dependencies, including pointer dereferences and array bounds violations, that pose significant security risks. We have also examined developer responses to formal verifier reports, noting a tendency to dismiss potential issues as false positives, which can lead to overlooked vulnerabilities. Our results suggest that reducing the number of direct dependencies and prioritizing well-established libraries with strong security records are effective strategies for enhancing the software security landscape. Notably, four vulnerabilities were fixed as a result of this study, demonstrating the effectiveness of our mitigation strategies.

Cryptography and Security

Edward Chen,Han Bao,Tate Shorthill,Carl Elks,Athira Varma Jayakumar,Nam Dinh

DOI: https://doi.org/10.48550/arXiv.2205.12080

2022-05-24

Software Engineering

Abstract:The modernization of existing and new nuclear power plants with digital instrumentation and control systems (DI&C) is a recent and highly trending topic. However, there lacks strong consensus on best-estimate reliability methodologies by both the United States (U.S.) Nuclear Regulatory Commission (NRC) and the industry. In this work, we develop an approach called Orthogonal-defect Classification for Assessing Software Reliability (ORCAS) to quantify probabilities of various software failure modes in a DI&C system. The method utilizes accepted industry methodologies for quality assurance that are verified by experimental evidence. In essence, the approach combines a semantic failure classification model with a reliability growth model to predict the probability of failure modes of a software system. A case study was conducted on a representative I&C platform (ChibiOS) running a smart sensor acquisition software developed by Virginia Commonwealth University (VCU). The testing and evidence collection guidance in ORCAS was applied, and defects were uncovered in the software. Qualitative evidence, such as modified condition decision coverage, was used to gauge the completeness and trustworthiness of the assessment while quantitative evidence was used to determine the software failure probabilities. The reliability of the software was then estimated and compared to existing operational data of the sensor device. It is demonstrated that by using ORCAS, a semantic reasoning framework can be developed to justify if the software is reliable (or unreliable) while still leveraging the strength of the existing methods.

Harish Sukhwani,Javier Alonso,Kishor S Trivedi,Issac Mcginnis,Kishor S. Trivedi

DOI: https://doi.org/10.1109/qrs.2016.50

2016-08-01

Abstract:In this paper, we present the software reliability analysis of the flight software of a recently launched space mission. For our analysis, we use the defect reports collected during the flight software development. We find that this software was developed in multiple releases, each release spanning across all software life-cycle phases. We also find that the software releases were developed and tested for four different hardware platforms, spanning from off-the-shelf or emulation hardware to actual flight hardware. For releases that exhibit reliability growth or decay, we fit Software Reliability Growth Models (SRGM); otherwise we fit a distribution function. We find that most releases exhibit reliability growth, with Log-Logistic (NHPP) and S-Shaped (NHPP) as the best-fit SRGMs. For the releases that experience reliability decay, we investigate the causes for the same. We find that such releases were the first software releases to be tested on a new hardware platform, and hence they encountered major hardware integration issues. Also such releases seem to have been developed under time pressure in order to start testing on the new hardware platform sooner. Such releases exhibit poor reliability growth, and hence exhibit high predicted failure rate. Other problems include hardware specification changes and delivery delays from vendors. Thus, our analysis provides critical insights and inputs to the management to improve the software development process. As NASA has moved towards a product line engineering for its flight software development, software for future space missions will be developed in a similar manner and hence the analysis results for this mission can be considered as a baseline for future flight software missions.

Mehdi Mirakhorli,Derek Garcia,Schuyler Dillon,Kevin Laporte,Matthew Morrison,Henry Lu,Viktoria Koscinski,Christopher Enoch

2024-02-17

Abstract:Modern software applications heavily rely on diverse third-party components, libraries, and frameworks sourced from various vendors and open source repositories, presenting a complex challenge for securing the software supply chain. To address this complexity, the adoption of a Software Bill of Materials (SBOM) has emerged as a promising solution, offering a centralized repository that inventories all third-party components and dependencies used in an application. Recent supply chain breaches, exemplified by the SolarWinds attack, underscore the urgent need to enhance software security and mitigate vulnerability risks, with SBOMs playing a pivotal role in this endeavor by revealing potential vulnerabilities, outdated components, and unsupported elements. This research paper conducts an extensive empirical analysis to assess the current landscape of open-source and proprietary tools related to SBOM. We investigate emerging use cases in software supply chain security and identify gaps in SBOM technologies. Our analysis encompasses 84 tools, providing a snapshot of the current market and highlighting areas for improvement.

Software Engineering

Marcel Böhme,Eric Bodden,Tevfik Bultan,Cristian Cadar,Yang Liu,Giuseppe Scanniello

2024-09-26

Abstract:As our lives, our businesses, and indeed our world economy become increasingly reliant on the secure operation of many interconnected software systems, the software engineering research community is faced with unprecedented research challenges, but also with exciting new opportunities. In this roadmap paper, we outline our vision of Software Security Analysis for the software systems of the future. Given the recent advances in generative AI, we need new methods to evaluate and maximize the security of code co-written by machines. As our software systems become increasingly heterogeneous, we need practical approaches that work even if some functions are automatically generated, e.g., by deep neural networks. As software systems depend evermore on the software supply chain, we need tools that scale to an entire ecosystem. What kind of vulnerabilities exist in future systems and how do we detect them? When all the shallow bugs are found, how do we discover vulnerabilities hidden deeply in the system? Assuming we cannot find all security flaws, how can we nevertheless protect our system? To answer these questions, we start our research roadmap with a survey of recent advances in software security, then discuss open challenges and opportunities, and conclude with a long-term perspective for the field.

Software Engineering,Cryptography and Security

Luis Alberto Benthin Sanguino,Rafael Uetz

DOI: https://doi.org/10.48550/arXiv.1705.05347

2017-05-16

Abstract:In this paper, we analyze the Common Platform Enumeration (CPE) dictionary and the Common Vulnerabilities and Exposures (CVE) feeds. These repositories are widely used in Vulnerability Management Systems (VMSs) to check for known vulnerabilities in software products. The analysis shows, among other issues, a lack of synchronization between both datasets that can lead to incorrect results output by VMSs relying on those datasets. To deal with these problems, we developed a method that recommends to a user a prioritized list of CPE identifiers for a given software product. The user can then assign (and, if necessary, adapt) the most suitable CPE identifier to the software so that regular (e.g., daily) checks can find known vulnerabilities for this software in the CVE feeds. Our evaluation of this method shows that this interaction is indeed necessary because a fully automated CPE assignment is prone to errors due to the CPE and CVE shortcomings. We implemented an open-source VMS that employs the proposed method and published it on GitHub.

Cryptography and Security

Eman Abu Ishgair,Marcela S. Melara,Santiago Torres-Arias

2024-05-29

Abstract:The software supply chain comprises a highly complex set of operations, processes, tools, institutions and human factors involved in creating a piece of software. A number of high-profile attacks that exploit a weakness in this complex ecosystem have spurred research in identifying classes of supply chain attacks. Yet, practitioners often lack the necessary information to understand their security posture and implement suitable defenses against these attacks. We argue that the next stage of software supply chain security research and development will benefit greatly from a defense-oriented approach that focuses on holistic bottom-up solutions. To this end, this paper introduces the AStRA model, a framework for representing fundamental software supply chain elements and their causal relationships. Using this model, we identify software supply chain security objectives that are needed to mitigate common attacks and systematize knowledge on recent and well-established security techniques for their ability to meet these objectives. We validate our model against prior attacks and taxonomies. Finally, we identify emergent research gaps and propose opportunities to develop novel software development tools and systems that are secure-by-design.

Cryptography and Security

Ai-Guo LI,Bing-Rong HONG,Si WANG

DOI: https://doi.org/10.3321/j.issn:0254-4164.2007.11.003

2007-01-01

Jisuanji Xuebao/Chinese Journal of Computers

Abstract:For the software system operating in space environment where radiation phenomenon exists widely, identifying the vulnerabilities emphasizes particularly on the analysis about the effect of environment on the software. This paper presents a methodology for analyzing the vulnerabilities in software subjected to environment perturbation. Based on the premise that the software has been modularized, this methodology analyzes the error-generation and error-propagation process in software from signal and module level each, as a result of giving a theory framework for identifying software vulnerabilities. Whereafter, a fault-injection-based method for estimation of the various measures in the framework is described and the software of a real embedded control system used in a satellite is analyzed to show the type of results obtained by the methodology.

Feng Xu,Jing Pan,Wen Lu

DOI: https://doi.org/10.1007/s11390-009-9231-6

2009-01-01

Abstract:Emerging with open environments, the software paradigms, such as open resource coalition and Internetware, present several novel characteristics including user-centric, non-central control, and continual evolution. The goal of obtaining high confidence on such systems is more difficult to achieve. The general developer-oriented metrics and testing-based methods which are adopted in the traditional measurement for high confidence software seem to be infeasible in the new situation. Firstly, the software development is changed from the developer-centric to user-centric, while user's opinions are usually subjective, and cannot be generalized in one objective metric. Secondly, there is non-central control to guarantee the testing on components which formed the software system, and continual evolution makes it impossible to test on the whole software system. Therefore, this paper proposes a trust-based approach that consists of three sequential sub-stages: 1) describing metrics for confidence estimation from users; 2) estimating the confidence of the components based on the quantitative information from the trusted recommenders; 3) estimating the confidence of the whole software system based on the component confidences and their interactions, as well as attempts to make a step toward a reasonable and effective method for confidence estimation of the software system in open environments.

GAO Xing,LIAO Ming-hong,WU Xiang-hu

DOI: https://doi.org/10.3969/j.issn.1000-3428.2009.16.019

2009-01-01

Abstract:This paper presents high-dependable software design model and algorithm used in space-robot software.The software errors in the space-robots are divided into two categories:the program block model and algorithms build on it are designed for the element level,and the distributed adaptive redundancy model and related algorithms are used to detect the system level errors.The cooperation leads to a complete error detection coverage.The model and algorithm is applied effectively.

Rafal Graczyk,Paulo Esteves-Verissimo,Marcus Voelp

DOI: https://doi.org/10.48550/arXiv.2110.05878

2021-10-12

Cryptography and Security

Abstract:Over the last decades, space has grown from a purely scientific struggle, fueled by the desire to demonstrate superiority of one regime over the other, to an anchor point of the economies of essentially all developed countries. Many businesses depend crucially on satellite communication or data acquisition, not only for defense purposes, but increasingly also for day-to-day applications. However, although so far space faring nations refrained from extending their earth-bound conflicts into space, this critical infrastructure is not as invulnerable as common knowledge suggests. In this paper, we analyze the threats space vehicles are exposed to and what must change to mitigate them. In particular, we shall focus on cyber threats, which may well be mounted by small countries and terrorist organizations, whose incentives do not necessarily include sustainability of the space domain and who may not be susceptible to the threat of mutual retaliation on the ground. We survey incidents, highlight threats and raise awareness from general preparedness for accidental faults, which is already widely spread within the space community, to preparedness and tolerance of both accidental and malicious faults (such as targeted attacks by cyber terrorists and nation-state hackers).

Alojz Gomola,Ingrid Bouwer Utne

DOI: https://doi.org/10.1016/j.heliyon.2024.e31483

IF: 3.776

2024-05-21

Heliyon

Abstract:With higher autonomy in maritime systems, tasks and responsibilities are moved from the human operator to software, increasing the complexity and the importance of safe and reliable functionality. Software failures, however, may be introduced from the early life cycle phases intentionally or unintentionally, and these must therefore be mitigated by safe and secure design approaches. A challenge is that existing methods are not particularly well-suited for analyzing software risks. Thus, the objective of this paper is to propose a systematic and efficient software failure identification approach by extending the Systems-Theoretic Process Analysis (STPA) with a software failure taxonomy and the System Modeling Language (SysML). This enables the control structure in STPA to cover both the dynamic and static aspects of the software functions. Combined with an implementation platform independent questionnaire, this gives a more systematic and guided search for potential software failures than existing approaches. To demonstrate the proposed approach, a case study on a ferry's navigation system that operates in manual control or semi-autonomous mode is performed. In the case study, the focus is on creating an avoidance map data structure, including both moving and static obstacles to be avoided by the ferry, and the subsequent process of collision risk warning calculation. Software failures are identified and evaluated in collision scenarios where the ferry operates under foggy conditions. The paper shows that the proposed systematic approach provides an improved process for identifying and analyzing critical software failures. This facilitates enhanced risk mitigation in the design and testing phases contributing to autonomous systems' safety and security.

Francesco Lazzarotto,Gabriele Cremonese,Alice Lucchetti,Cristina Re,Emanuele Simioni,Maurizio Pajola,Pamela Cambianica,Giovanni Munaretto

DOI: https://doi.org/10.13140/RG.2.2.10451.73762

2020-04-13

Abstract:Planetary science space missions need high quality software ed efficient algorithms in order to extract innovative scientific results from flight data. Reliable and efficient software technologies are increasingly vital to improve and prolong the exploiting of the results of a mission, to allow the application of established algorithms and technologies also to future space missions and for the scientific analysis of archived data. Here after will be given an in-depth analysis study accompanied by implementation examples on ESA and ASI missions and some remarkable results fruit of decades of important experience reached by space agencies and research institutes in the field. Space applications software quality analysis is not different from other application contexts, among the hi-tech and hi-reliability fields. We describe here a Software Quality study in general, then we will focus on the quality of space mission software (s/w) with details on some notable cases.

Instrumentation and Methods for Astrophysics,Software Engineering

Christian M. Fuchs,Nadia Murillo,Aske Plaat,Erik Van der Kouwe,Daniel Harsono,Todor Stefanov

DOI: https://doi.org/10.48550/arXiv.1903.08781

2019-03-21

Hardware Architecture

Abstract:Micro- and nanosatellites have become popular platforms for a variety of commercial and scientific applications, but today are considered suitable mainly for short and low-priority space missions due to their low reliability. In part, this can be attributed to their reliance upon cheap, low-feature size, COTS components originally designed for embedded and mobile-market applications, for which traditional hardware-voting concepts are ineffective. Software-fault-tolerance concepts have been shown effective for such systems, but have largely been ignored by the space industry due to low maturity, as most have only been researched in theory. In practice, designers of payload instruments and miniaturized satellites are usually forced to sacrifice reliability in favor deliver the level of performance necessary for cutting-edge science and innovative commercial applications. Thus, we developed a software-fault-tolerance-approach based upon thread-level coarse-grain lockstep, which was validated using fault-injection. To offer strong long-term fault coverage, our architecture is implemented as tiled MPSoC on an FPGA, utilizing partial reconfiguration, as well as mixed criticality. This architecture can satisfy the high performance requirements of current and future scientific and commercial space missions at very low cost, while offering the strong fault-coverage guarantees necessary for platform control even for missions with a long duration. This architecture was developed for a 4-year ESA project. Together with two industrial partners, we are developing a prototype to then undergo radiation testing.

Olfa Ben Yahia,William Ferguson,Sumit Chakravarty,Nesrine Benchoubane,Gunes Karabulut Kurt,Gürkan Gür,Gregory Falco

2024-11-20

Abstract:The rapid evolution of communication technologies, compounded by recent geopolitical events such as the Viasat cyberattack in February 2022, has highlighted the urgent need for fast and reliable satellite missions for military and civil security operations. Consequently, this paper examines two Earth observation (EO) missions: one utilizing a single low Earth orbit (LEO) satellite and another through a network of LEO satellites, employing a secure-by-component design strategy. This approach begins by defining the scope of technical security engineering, decomposing the system into components and data flows, and enumerating attack surfaces. Then it proceeds by identifying threats to low-level components, applying secure-by-design principles, redesigning components into secure blocks in alignment with the Space Attack Research & Tactic Analysis (SPARTA) framework, and crafting shall statements to refactor the system design, with a particular focus on improving the security of the link segment.

Cryptography and Security,Signal Processing

Tim Ellis,Briland Hitaj,Ulf Lindqvist,Deborah Shands,Laura Tinnel,Bruce DeBruhl

2023-09-27

Abstract:Space systems enable essential communications, navigation, imaging and sensing for a variety of domains, including agriculture, commerce, transportation, and emergency operations by first responders. Protecting the cybersecurity of these critical infrastructure systems is essential. While the space environment brings unique constraints to managing cybersecurity risks, lessons learned about risks and effective defenses in other critical infrastructure domains can help us to design effective defenses for space systems. In particular, discoveries regarding cybersecurity for industrial control systems (ICS) for energy, manufacturing, transportation, and the consumer and industrial Internet of Things (IoT) offer insights into cybersecurity for the space domain. This paper provides an overview of ICS and space system commonalities, lessons learned about cybersecurity for ICS that can be applied to space systems, and recommendations for future research and development to secure increasingly critical space systems.

Cryptography and Security,Systems and Control