Posts Tagged ‘complexity
Software in embedded systems is a major source of security vulnerabilities. Three factors, which we call the Trinity of Trouble — complexity, extensibility and connectivity — conspire to make managing security risks in software a major challenge.
1. Complexity: Software is complicated, and will become even more complicated in the near future. More lines of code increases the likelihood of bugs and security vulnerabilities. As embedded systems converge with the Internet and more code is added, embedded system software is clearly becoming more complex. The complexity problem is exacerbated by the use of unsafe programming languages (e.g., Cor C++) that do not protect against simple kinds of attacks, such as buffer overflows. For reasons of efficiency, C and C++ are very popular languages for embedded systems. In theory, we could analyze and prove that a small program is free of problems, but this task is impossible for programs of realistic complexity today.
2. Extensibility: Modern software systems, such as Java and .NET, are built to be extended. An extensible host accepts updates or extensions (mobile code) to incrementally evolve system functionality. Today’s operating systems support extensibility through dynamically loadable device drivers and modules. Advanced embedded systems are designed to be extensible (e.g., J2ME, Java Card). Unfortunately, the very nature of extensible systems makes it hard to prevent software vulnerabilities from slipping in as an unwanted extension.
3. Connectivity: More and more embedded systems are being connected to the Internet. The high degree of connectivity makes it possible for small failures to propagate and cause massive security breaches. Embedded systems with Internet connectivity will only make this problem grow. An attacker no longer needs physical access to a system to launch automated attacks to exploit vulnerable software. The ubiquity of networking means that there are more attacks, more embedded software systems to attack, and greater risks from poor software security practices.