Page 7 - Cyber Warnings
P. 7
• Tamper resistance – preventing physical and software changes to the device that allow
circumvention of security functions.
• Secure storage – ensuring stored data is protected from online and offline access,
including techniques such as encrypted file storage and Digital Rights Management
(DRM).
• Secure communications – keeping data-transfer secure but also preventing unwanted
access through connected channels (network, USB, etc.). Although network connectivity
is top of mind, other channels are vulnerable to attack.
• Reliability and availability - maintaining safe operation of the device in the face of
ongoing attacks.
The Role of SAST tools in a security-first approach
Static Application Security Testing (SAST) tools provide critical support in the coding and
integration phases of development. Ensuring continuous code quality, both in the development
and maintenance phases, greatly reduces the costs and risks of security and quality issues in
software. In particular, it provides some of the following benefits:
• Continuous source code quality and security assurance
• Tainted data detection and analysis
• Third-party code assessment
• Secure coding standard enforcement
Conclusion
In IoT and M2M systems, security must be designed-in and not added on in order to avoid
significant business risk and cost. A careful approach that includes understanding the attack
surface of the device and using automated analyses can greatly reduce this risk. Tools have an
important role to play and can help device developers build in quality, security, and safety.
About The Author
Bill Graham is a seasoned embedded software development manager with
years of development, technical product marketing and product
management experience.
Bill can be reached online at [email protected]
7 Cyber Warnings E-Magazine – March 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide