security

2 articles

The Role of Tools in Improving Embedded Software Security / Part 3: Mapping the Tools to Activities

By Bill Graham In the previous posts in this series, Part 1: Automation is the Key and Part 2: Security Improvement and the Software Development Lifecycle, I talked about the connection between the typical embedded device development process and the 5+1 improvement framework for embedded security.  Figure 1 is an illustration of this connection (and discussed in more detail in…

Testing for Security

By Ido Sarig Last summer was a watershed event for security-consciousness in the embedded systems world: Stuxnet, a highly sophisticated worm exploited no fewer than 4 zero day vulnerabilities in Windows in order to attack a specific Siemens PLC and its associated SCADA system. The target was reportedly the Iranian nuclear facilities at Natanz, where uranium-enrichment centrifuges were taken out of…