Panel: Embedded System Security - What does it change?

When

Oct. 7, 16.00-17.30

Moderator

Sri Parameswaran, U New South Wales

Organizers

Rolf Ernst, TU Braunschweig; Jörg Henkel, KIT; Sri Parameswaran, U New South Wales

Panelists

Nathalie FEYT, Thales
Mark Steigermann, NXP
Georg Sigl, TU Munich

Abstract

Security in embedded systems has, for a long time, received little attention, both in the security and in the embedded systems communities. Embedded systems were used in closed local networks (car, aircraft) with rather fixed and well defined functionality requiring special skills to intrude and providing little benefit to the intruder, with a few prominent exceptions, such as the Stuxnet attack. This has changed in many ways: Embedded systems use open networks, they address vital functions over such networks, such as smart grid, traffic control, or ambulant medical service, and the functions and architectures become more complex and dynamic with dominant reuse and deep and global supply chains. Internet-of-Things adds volume to this development challenging the classical embedded systems approach of a thorough lab test. It appears that embedded system design must fight on all fronts, at the same time becoming a very interesting target. However, it is not obvious how to proceed. Security needs all levels of a design: Hardware, software, networks, applications, user interface were applicable. Only looking at a subset of these levels leads to ineffective solutions. Security is expensive, it constrains the design process, just as safety requirements have done this before, and it is not clear how much the customers are willing to pay in the form of money and inconvenience for improved security. What is the right approach under these circumstances? Given the limited amount of human and monetary resources: Are there any primary research targets, and, if so, which ones? Should we emphasize reactive or proactive approaches? How do we bring the bits and pieces together? And specifically to industry: Are there market risks with introducing embedded system security? Pictures on top right, coprighted to Yuri Demchenko.