Home    Bloggers    Messages    Polls    Resources   
Tw  |  Fb  |  In  |  Rss
Comments
You must login to participate in this chat. Please login.

My thanks also to all who attended.

Goodby!

 

Local Activator

@jtlagrand - yes- i would stress that he developmetn methods used by openssl are the same as of better than that used for 99% of software development. It comes down to when that extra 1% is appropriate. Airplanes yes - nuclear yes - personal security?

Local Activator

Ah, well, the hour is up and I have a presentation to prepare for on the UBM embedded survey. My thanks to all who attended and special thanks to Dave Hughes of HCC Embedded for joining us.

I must depart now, but feel free to carry on without me.

Blogger

design is critical as @dave has stated several times.  I meet and speak with "coders" all the time and none of them take design seriously.  Design is now done overwhelmingly by perceptions of coolness and UI/UX rather than on solid engineering principles.  The industry at large is lucky rather than good.  If planes and bridges were designed and built like much sw, whrere would we be?

Local Activator

Yes - your design methodolgy and process should be fit for purpose.

Local Activator

Thanks Dave. I mean "How do you define your IoT software security requirements"

Blogger

It will be for each device manufacturer to aseess the risks and make sure appropriate process is used in the develoment to reduce the danger to acecptable levels. 

many might question whether this balance was considered in the Heartbleed case.

 

 

Local Activator

So, in summing up it seems like investigating the specifications, design, and testing of any softare not your own is a good way of evaluating it before using it, and how much of these things you do will depend on the cost and risk tradeoff. Right?

Blogger

of course, that might just be paranoia speaking

Blogger

My concern is the risk that poor design puts us all at. An unsecure IoT device is a gateway to trouble it seems to me. But it would be hard to trace the cause. If an unsecure refridgerator provides a back door to the power grid, we could see a lot of problems without ever knowing how they were being caused.

Blogger

how to define security software before you hands on the code ? i would turn the question on its head - how can you talk about code without first defining what your security requirements are?

From there you can work down. 

Local Activator

Probably after the GM recall a lot of people are looking at risk assessment.

Worldwide Wizard

Thank you @Rich !! I will go through all the posts.

Blogger

The risk issue is very interesting - consider the billion dollar CEO in a court case about losing peoples personal data - trying to defend their use of software in their systems - seems the current situation is quite risky 

Local Activator

Hi Feiwa, I had just posted your question. Lol.

Blogger

I have a question to Dave, how to define the security software before you hands on the coding.

Blogger

@Dave - a brief aside. There is a question from someone who could not get onto the chat:

Rich, could you ask the question for me: "how to define the security software before you hands on the coding."

The question is on the blog describing the chat. Perhaps you could answer him there some time. Here's the blog link: http://www.iotworld.com/author.asp?section_id=3150&doc_id=562830

Blogger

 Sorry guys. I posted several times, but my words never displayed. I come back to use my own PC now, but it's almost to the end.

Blogger

It depends a lot onthe industry and the company and how concerned they are about their long term reputation and about their long term maintenance costs and risks.

Maybe thisis why there shouldbe legislative standards on secruing personal data - in three same way as tehre is for software on aicraft - to try to ensure that the risk to individuals is not ignored by the gold rush.

 

Local Activator

@richard it will depend on the industry. Security is all about risk management. How much risk are you willing to accept. If the CEO of a solution provider goes to jail for a breach then they will be risk averse. 

Local Activator

 iot is kind of a gold rush and claims need staking - time to market seems a higher priorit that other design concerns

Local Activator

I hope design is central to all engineering projects. Study after study has shown that rigorous design is cost effective - but when safety or security is concerned then the immediate cost is not necessarily the priamry worry.

Local Activator

Keeping costs down is what worries me when the result is to shortchange security. My fear is that development teams do not understand the risks that result from insecure IoT devices entering the network.

Blogger

@dave - are you suggesting that design is central to security and other system characteristics?

Local Activator

@dave agreed, it is exciting to see a lot more opportunities for software on these devices. More choice is definitely going to drive down the costs

Local Activator

but bringing it back to the IoT - if you are looking at high volume devices then you are looking at cutting costs etc. then best ot keep code and design as focused as possible - this plays to higher reliability - that will only be helped by highly designed components being used in it.

Local Activator

@richard, I would submit that it is a lot easier to evaluate the process of an open source proejct than a commerical vendor, especially if you are doing it yourself. You can easily see who has been involved, what changes have been made and what process changes are accepted.

Local Activator

To evaluate a project you can look or many things - certification of the product is helpful - availability of design and specification documentation etc. is also helpful. But always bear in mind - not all software can be developed to the ultimate level- efforts need to be focused - and functionality should be focuesed also. Less code means easier to validatge and less risk.

Local Activator

@dave I agree. For instance, we at Eclipse were using an older version of SUSE Linux so we did not get hit by heartbleed. If you want to be on the bleeding edge you need to understand the risks. 

Local Activator

So, how do we evaluate software we didn't create ourselves, or evaluate the process used to create it?

Blogger

I think software versioning is very important in security.  Security is proven and not claimed so only by watching versions over time do you know which versions are resisting attacks.  The latest version is always the version with the least amount of real world test time.

Worldwide Wizard

@richard there are many ISO and other industry specific certifications that are used for software development. It really depends on the industry.

Local Activator

Thanks for the clarification, Ian.

Blogger

You should take care with linux - and any other comlex system - not every element in a linux system goes through the same process (board support packages, drivers for platforms etc) but a security or safety system needs to be consistently stable. It only takes one back door....

Local Activator

@richard most open source software that is mature and adopted wiedley is overseen by a foundation or corporate entity. Eclipse Foundation has over 250 projects, 13 in the IoT space. Apache Foundation is the steward of the Apahce web server, etc, etc.

Local Activator

Any suggestions on how we can evaluate the processes our software suppliers use (commercial and open)?

Blogger

it isnot whether it is open source not that is the issue - it is what process it goes through to verify it.

Local Activator

"the point is if you combine specification and design with test - your testing is focused more accurately"


That is the issue with a lot of software - not jsut open source.  Windows, OSX - all software has bugs that were not deteced in test, some are design errors, coding errors, implementation errors, testing errorrs, blah, blah, blah.  Then layer on complexity as an aggravating factor.  Testing of sw is no different in critical aspects than testing other products - it can be slow, expensive, ineffective.

 

Local Activator

@Ian, not that open source can't, but does it do so routinely? With Linux there is a foundation overseeing its development and protecting its integrity. Are there other such for other open source software? Thanks Jaime for the TrueCrypt example

Blogger

Sure- we have seen lots of interest in our TLS/SSL for example - which has a full requirements and UML dsescription, test etc. mnay quality elements.

Local Activator

Ian, TrueCrypt is open source and is in the process of going through it's first audit.  The auditing website is: http://istruecryptauditedyet.com/   The auditing is being funded from general donations which slows it down but it is being audited so I agree with you that Open Source can be just as realiable as commercial software.

Worldwide Wizard

Dave, the folks who got caught by Heartbleed, do you think they will change their approach to open source and security as a result? Are you seeing more interest in your company's products in the aftermath of Heartbleed?

Blogger

i would say that if process was applied any change would have to be added to the specification, and the deign and the test - full lifecycle maintenance - and adding bits on like this is quite dangerous

Local Activator

There seems to be a perception that open source can't do quality testing? I think there are many many examples of commerical software not being tested correctly. I don't see this as being a open source vs commerical comparison. This is about development and testing methodology. I would point to Linux as being a good piece of softare that is very robust.

Local Activator

Isn't part of the HeartBleed problem that a new feature was added and the default was that the feature was automatically turned on?

Worldwide Wizard

the point is if you combine specification and design with test - your testing is focused more accurately

Local Activator

i think testing is complicated anyway - rigorous method bases tests on the specification and desing - sorry to get boring about this - hard testing something will show things - but heartbleed was a design issue - tests would only have found it if someone had dreamt such a whole exists - constructing malformed packets - of which there are obviously countless possibilities that will not cause any failure.

Local Activator

Again - each compay needs to assess its needs and its risk - if they are very concerned about risk then they shold ensure that any sysmte they imlpement - and hence any componenets they use - are developed to standards that give a lower probability of failure.

Local Activator

I had notices at the dawn of the open source era that part of the reason for its existence was that is of much lower cost.  Part of the cost avoidance has got to be in the testing.  Testing was always a problem because it was tedious and took a lot of time to develop necessary and sufficient testing, testing is not sexy lilke architecture, design, and coding.  Even with automated testing available today, it still seems that the testers have to have just as good an understanding of the code as the people that design and implement it.  Who takes up testing on open source projects?

 

Local Activator

@Jamie: ...what about instead of commercial companies doing their own evaluation they can pay a qualified team to audit the software and then be able to label that version of the software as secure?

That makes sense to me.

Local Activator

It sounds to me like allying with a commercial vendor you trust will ultimately prove cheaper and more secure than open source.

Blogger

Security of personal data has so far not come under any ones remit to formalize - Common criteria and FIPS specify methods and are used by military, nuclear etc. But standard personal data access has escaped any control.

 

Local Activator

Dave, so you recommend that companies do a thorough analysis of open source security software before adopting? WHat kinds of analysis.

Blogger

I think code has to be designed and used for the intended purpose - if you make a space shuttle then you are more careful than if you make a drinks machine. The consequent development costs are very differnt - but so is a drinks dispenser going wrong - though most companies probably underestimate the unnecessary maintenance even on this level of software.

Local Activator

The scary thing to me is that you have this open source code -- people incorporate it as part of their security -- but no one is in charge of properly testing it -- I love tjhe concept of Open Source, but isn;t this one of it's biggest Achilles Heels?

Local Activator

i think there is a deeper question about responsibility here - and it certainly cannot lie with the open suorce people. Companies are responsible for how they implement thier securty systems and it is for them to satisfy themselves that their system is fit for purpose.

Local Activator

Incidently, if the system ever loses your posts, you can usually recover the last one by typing Control-Z and try posting again.

Blogger

Well first question to ask is where is the specification and where is the design? Then where are the test cases. OpenSL for example do not hide anything - and are completely open - but people have chosen to use software developed with these methods to protect their customers data. 

Local Activator

@jamie, I was wondering the same thing. But can you really get anything out of testing when you weren't involved in the specification or design? Dave? Any thoughts?

Blogger

when you get to 61508 code and beyond external audit of process is required!

 

Local Activator

cartoon was very cool - and explanatory. particularly relevant is that hte local memory is liekly to contain certificate information and therefore this was risky. Other code in the system could have similar information but much harder ot isolate a certificate.

Local Activator

Rich, what about instead of commercial companies doing their own evaluation they can pay a qualified team to audit the software and then be able to label that version of the software as secure?

Worldwide Wizard

securing our personal data does ot have such requirements.

Perhaps it should

Blogger

good morning, all

Local Activator

securing our personal data does ot have such requirements.

Local Activator

@max, yes I saw that blog. Loved the cartoon. Very informative.

Blogger

The cartoon on XKCD.com aboout the Heartbleed bug was brilliant -- very simply, but you immediately understood it -- I agree that if formal analysis had been used, thsi bug should have been detected.

Local Activator

As with all these things it depends on your perspective and your risks - and also your practical economic circumstances. All studies have tended to show very low miantenance on well designed code- but not everyone can investthe time and money before releasing products - though in certain industries (air, military, automotive, nuclear) they are forced to do it.

Local Activator

With millions of devices connected, isn't the greatest exposure someone hijacking a control device and taking over control of the related processes?

 

Blogger

In case folks here don't know about it

Blogger

Dave, perhaps you might briefly mention your company's focus

Blogger

Rigorous software development does not work like this - you cannot retrofit - you might find somethings but it is not the point. You build from the ground up - ith a review process the specification - then the design and/or test specification etc.

Running any additional tests helps - but NASA, UIEC 61508 committess etc were designed for a purpose -to get the mthods right - and they have been very successful when t has been done.

Local Activator

Dave, I'm wondering if you've done any research on the concept of device hijacking.

Blogger

 

Dave is it cheaper over time to have stronger processes up front or to fix the bugs at test or when they happen ?

 

Local Activator

welcome max. We're chatting with Dave Hugues, CEO of HCC Embedded

Blogger

Isn't time irrelevant in the IoT?

 

Blogger

Hi everyone -- sorry I'm late -- so much to do, so little time to do it all...

Local Activator

But you have to be very careful selecting a particular error - there are many possibiliies for creating backdoors to systems - the bug in the locale of the certificates was particularly risky - but any bug in the system hosting hte security could create a backdoor - and often these systems have lots of extraneous compnenets that have little to do with security.

Local Activator

Dave, would you recommend that any commercial effort using open source software run some of these analysis steps on that software before incorporating it? Is that even possible given they weren't involved in the development?

Blogger

Etnaheat, feel free to jump in with questions of your own.

Blogger

Individual tests are not expensive but you need to go through all the mehtods and that is expensive. A lot cheaper than the amoutn that has been spent on the Heartblled bug so far but for an individual team a lot of work is required.

Local Activator

Agreed on the level of standard needed for personal data.

Blogger

Firstly the protocols are specified for us - we have to trust them otherwise there are bigger problems - but the implementation is not specified - so we have to make sure that that is designed fit for purpose. For a piece of software guaranteeing peoples personal data i think a fairly high standrd needsto be aimed for. 

Local Activator

ok, we'll back off a bit on security for the moment. THe analysis cases you mention that would have caught the errors. are they not being done by open source developers? Are they expensive or time consuming to do?

Blogger

Security is very complicated - and we have to tackle this from several points of view - this is going to take some time....

Local Activator

In other words, how do we make sure the design specifications are right?

Blogger

if we look at Heartbleed - thsi would clearly have been picked up by boundary analysis at the worst case. The Apple case by static analyisis. In both cases it seems likely that any V model type process would never have let it get this far.

Local Activator

Dave, so this process makes sure that the software meets the design requirements, but for security, how do we know the implementation doesn't have holes?

Blogger

Next level: for example NASA adopts the ESCC specifications for its high reliability ICs, the same applies to the software I guess

Local Activator

Testing shoud be the icing on the cake so to speak - not the get it working step - the specification, design, coding and analysis need to take you most of the way there.

Local Activator

This requires full and traceable process - everything specified needst o be traced to both a design eleent and a test. for example. 

Local Activator

The testing has to be correlated with the other steps of the development process to have the white light to release in production

Local Activator

next level? well it is well known what good develoment methods are - look at incredibly low bug rates achieved by NASA, or IEC61508 which is basis for most serious software standards in industrial, automotive, medical etc. 

 

Local Activator

Rich, I think the next level is the qualification process

 

Local Activator

But you have to start with the whole developpment process not just the test - the test is only there ot validate the specification - the design and all else

 

Local Activator

what is that next level?

Blogger

Historically we have test software fairly conventionially - comprehensive test suites - static analysis etc. ut for more serious application this gets taken to a different level. 

Local Activator

So, what do you do to test your software?

Blogger

Maybe a more bounded question? Are there differences between how commercial and open source software get tested?

Blogger

I cannot speak for other commercial vendors - though i am sure they have similar views - or for open source - just what we do.

Local Activator

I know, no short answers. You can post in short bursts if you like.

Blogger

I was wondering, what kinds of testing you (and other commercial providers) put software to before releasing it, and how does that compare to what goes on in open source development?

Blogger

Good morning Dave. Glad you could join in. You seem to be the first to arrive

Blogger

Chat officially opens in five minutes, but we can start early if anyone is ready.

Blogger

It's currently 7:20 am, but I have logged in early just in case...

Blogger

Please join me at 8am on Wednesday April 23 to discuss whether or not open source software can offer true security or whether a commercial solution will be better. Special guest Dave Hughes, CEO of HCC Embedded, a middleware provider, will be on hand to share his views.

Blogger


latest blogs
Is the IoT ready for prime time, or will infrastructure deficiencies hamper growth?
Mechatronics, the blending of mechanical and electronics systems, acquires a host of new possibilities when linked with the Internet of Things.
This is a categorized listing of all the editorial blogs on IoT World for the first quarter of 2014, for your browsing pleasure.
We have two live chats scheduled for July: one on privacy and the IoT and the other on the home automation market. We hope to see you there.
Monitoring wildlife can help protect them without imposing undue inconvenience on human visitors to the wild.
flash poll
video blogs
Balancing Sensor Cost ...
There's a cost to using directly addressable ...

1:47

0 comments
Good IoT Standards Aim at ...
IoT standards initiatives could be a monumental ...

2:14

0 comments
Contextual Services as the ...
The biggest benefit of the IoT may be in getting ...

2:03

0 comments
The IoT & IPv6
We've heard for decades that we need to move to ...

2:13

0 comments
Managing the Cost of IoT
Experience says the cost of IoT depends most on the ...

2:14

0 comments
Standards & the IoT
The buzz created by Microsoft joining the AllSeen ...

2:11

0 comments
Governance of the IoT ...
Three major contenders are in play to provide ...

1:42

1 comment
Interpreting Events in ...
The geographic dispersal of sensors in IoT can ...

2:10

0 comments
There's a Lot of Cloud in ...
The distributability and scale of the Internet of ...

2:10

0 comments
Publish & Subscribe in ...
The use of publish-and-subscribe connections to IoT ...

2:14

0 comments
Is There More IoT News ...
Apple's IoT announcements enter it into a market ...

2:09

0 comments
The Network Issues for ...
People think about IoT network impact in terms of ...


0 comments
Three Concerns for the ...
Scale, standards, and interoperability are ...

1:23

0 comments
There's More Than One IoT
The IoT isn't homogeneous. It's really a collection ...

2:09

0 comments
You Need the Cloud for the ...
The IoT is more than scattering sensors around, ...

2:12

2 comments
follow us on twitter
like us on facebook
IoT World
About Us     Contact Us     Help     Register     Twitter     Facebook     RSS
Tom Nolle
Balancing Sensor Cost Against IoT Reliability

7|18|14   |   1:47   |   (0) comments


In IoT, using an intermediary sensor controller makes sensor networks cheaper, but it also creates a single point of failure. There's a cost to using directly addressable sensors beyond the sensor cost itself, and that's the cost of securing your sensors.
Tom Nolle
Good IoT Standards Aim at the Right Targets

7|17|14   |   2:14   |   (0) comments


IoT standards initiatives could be a monumental waste of time if we don't focus them where they count: on the connection between sensor controllers and applications. We need consistent APIs here because developers won't do a zillion versions of their software to fit all the possible interfaces.
Tom Nolle
Contextual Services as the IoT Driver

7|15|14   |   2:03   |   (0) comments


Mobile services have to be "contextual" in that they have to reflect the physical, social, and event contexts in which the user is operating. The biggest benefit of the IoT may be in getting enough useful information to build contextual services.
Tom Nolle
The IoT & IPv6

7|9|14   |   2:13   |   (0) comments


We've heard for decades that we need to move to IPv6, because we're running out of Internet addresses, and we've somehow worked around it. Flash: The workaround doesn't work with most devices we think will make up the IoT, and IPv6 may be a mandatory step.
Tom Nolle
Managing the Cost of IoT

7|9|14   |   2:14   |   (0) comments


Experience says the cost of IoT depends most on the cost of the sensor network and the cost of storage. There are steps you can take to manage both, and these will help you make the business case for IoT more easily and also ease ongoing ownership costs.
Tom Nolle
Standards & the IoT

7|9|14   |   2:11   |   (0) comments


The buzz created by Microsoft joining the AllSeen alliance raises the question of the importance of standards in IoT, and it's not an easy one. It may depend on just how much generalized sensor deployment and use you think will happen.
Video Blogs
Governance of the IoT Under Contention

7|3|14   |   1:42   |   (1) comment


Three major contenders are in play to provide governance of the Internet of Things.
Tom Nolle
Interpreting Events in Your IoT Application

7|3|14   |   2:10   |   (0) comments


The geographic dispersal of sensors in IoT can wreak havoc with the interpretation of events by your control processes because of issues with recognizing event time stamps and also analyzing the context of events relative to each other.
Tom Nolle
There's a Lot of Cloud in IoT's Future

6|25|14   |   2:10   |   (0) comments


The distributability and scale of the Internet of Things makes it a logical place to apply cloud technology and to harness cloud services. In fact, cloud/IoT symbiosis may be the most important thing to watch as a metric for assessing how far IoT has and will come.
Tom Nolle
Publish & Subscribe in Your IoT

6|25|14   |   2:14   |   (0) comments


The use of publish-and-subscribe connections to IoT sensors can provide a lot of benefits, ranging from DoS protection and general policy/compliance control, to ensuring that users of data can find it without having to browse through hosts of non-relevant sensors.
Tom Nolle
Is There More IoT News Than Apple's?

6|25|14   |   2:09   |   (0) comments


Apple's IoT announcements enter it into a market already established. GE has some new IoT technology that could expand on what's already the largest IoT application, RFID, by adding in imprintable sensors.
Tom Nolle
The Network Issues for IoT: More Than 'Traffic'

6|25|14   |     |   (0) comments


People think about IoT network impact in terms of traffic, but most IoT devices aren't big traffic generators. What matters in an IoT control network is low latency and low packet loss, and these issues may drive IoT networks to a different and separate place vs. normal enterprise networks.
Video Blogs
Three Concerns for the IoT: Scale

6|16|14   |   1:23   |   (0) comments


Scale, standards, and interoperability are significant concerns that the Internet of Things must address. This vblog is about scaling.
Tom Nolle
There's More Than One IoT

6|16|14   |   2:09   |   (0) comments


The IoT isn't homogeneous. It's really a collection of different technology communities based on control or open networks, smart or dumb sensors, and fixed or mobile/variable collectors.
Tom Nolle
You Need the Cloud for the IoT to Succeed

6|11|14   |   2:12   |   (2) comments


The IoT is more than scattering sensors around, it's also doing useful things with the outputs. IoT applications are dynamic, so dynamic that only cloud models can support them effectively. We need to be working on the intersection of IoT and the cloud to insure everything connects efficiently.