SlideShare une entreprise Scribd logo

Securing the Future of Safety and Security of Embedded Software

AdaCore
AdaCore

SPARK / Ada Journey to Adoption Daniel Rohrer, VP SW Product Security, NVIDIA – November 21, 2019

Technologie
1  sur  51
Télécharger pour lire hors ligne
Daniel Rohrer, VP SW Product Security, NVIDIA – November 21, 2019 SPARK / ADA JOURNEY TO ADOPTION
2 SAFE HARBOR Forward-Looking Statements Except for the historical information contained herein, certain matters in this presentation including, but not limited to, statements as to: our strategies, growth, position, opportunities, goals, and continued expansion; the performance and benefits of our products and technologies; the impact of macro trends on software security; the benefits and impact of, and adoption path for, Ada/SPARK and AdaCore; and other predictions and estimates are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements and any other forward-looking statements that go beyond historical facts that are made in this presentation are subject to risks and uncertainties that may cause actual results to differ materially. Important factors that could cause actual results to differ materially include: global economic conditions; our reliance on third parties to manufacture, assemble, package and test ourproducts; the impact of technological development and competition; development of new products and technologies or enhancements to our existing product and technologies; market acceptance of our products or our partners’ products; design, manufacturing or software defects; changes in consumer preferences and demands; changes in industry standards and interfaces; unexpected loss of performance of our products or technologies when integrated into systems and other factors. For a complete discussion of factors that could materially affect our financial results and operations, please refer to the reports we file from time to time with the SEC, including our Form 10-K for the annual period ended January 27, 2019 and our Form 10-Q for the quarterly period ended October 27, 2019. Copies of reports we file with the SEC are posted on our website and are available from NVIDIA without charge. These forward-looking statements are not guarantees of future performance and speak only as of November 21, 2019, based on information currently available to us. Except as required by law, NVIDIA disclaims any obligation to update these forward-looking statements to reflect future events or circumstances.
3 NVIDIA JOURNEY TO FORMALISM ADACORE Learnings & the Journey Ahead AGENDA
4 BUSINESS CONTEXT Increasingly complex system (consumer, embedded, auto, robotics, medical, HPC) Increasing criticality (IP Risk, Life safety/ISO26262, physical attacks) Attacker trending lower in technology stack Ecosystem tooling not keeping pace with attacks Human and Human-in-loop techniques not scaling Increasing cost to update MACRO TRENDS DRIVING RISK AND INNOVATION
5 BUSINESS CONTEXT Increasingly complex system (consumer, embedded, auto, robotics, medical, HPC) Increasing criticality (IP Risk, Life safety/ISO26262, physical attacks) Attacker trending lower in technology stack Ecosystem tooling not keeping pace with attacks Human and Human-in-loop techniques not scaling Increasing cost to update NVIDIA TAKES SECURITY AND SAFETY VERY SERIOUSLY WHAT ABOUT THIS PROBLEM CAN WE CHANGE? MACRO TRENDS DRIVING RISK AND INNOVATION
6 START WITH FIRST PRINCIPLES What key factors drive outcomes? Human Factors Ambiguity / Decidability of language Effectiveness of Tooling Ecosystem support Measurable
7 START WITH FIRST PRINCIPLES What key factors drive outcomes? Human Factors Ambiguity / Decidability of language Effectiveness of Tooling Ecosystem support Measurable Skilled practitioners are hard to find (ISC)2 reports ~500,000 workforce shortage for cybersecurity in US alone Human time scales are too slow to meet market demands already. What strategies can amplify the human capital we already have?
8 What can help us address intrinsic development and language shortfalls? START WITH FIRST PRINCIPLES What key factors drive outcomes? Human Factors Ambiguity / Decidability of language Effectiveness of Tooling Ecosystem support Measurable https://cve.mitre.org/(Nov 10)
9 START WITH FIRST PRINCIPLES What key factors drive outcomes? Human Factors Ambiguity / Decidability of language Effectiveness of Tooling Ecosystem support Measurable Decidability limits static analysis effectiveness What tool and test strategies can generate higher confidence assertions?
10 START WITH FIRST PRINCIPLES What key factors drive outcomes? Human Factors Ambiguity / Decidability of language Effectiveness of Tooling Ecosystem support Measurable Availability of off the shelf fuzzing and dynamic analysis is limited. These often don’t meet safety standards. How can I meet business requirements without diluting product development investment?
11 START WITH FIRST PRINCIPLES What key factors drive outcomes? Human Factors Ambiguity / Decidability of language Effectiveness of Tooling Ecosystem support Measurable We improve what we measure Prefer leading indicator to trailing indicators. What methodologies increase our ability to measure risk and safety outcomes?
12 ADOPTION JOURNEY
13 ADOPTION PATH BUILDING A BUSINESS CASE How much are we investing TODAY? How much will we NEED to invest TOMORROW? Is it POSSIBLE to address this with our current strategy? PICK A SOLUTION PICK A TARGET ADOPT NEW LANGUAGE AND DEVELOPMENT MODEL
14 PICK A SOLUTION Language (Ambiguity/Decidability) Credible Ecosystem Emphasize ‘provability’ over ‘test/verif’ Meets scaling needs Responsive ADA/SPARK & ADACORE Strongly typed, decidable backed by formal methods aligned with our integrity goals Compatible feature set Had C linkability.
15 PICK A SOLUTION Language (Ambiguity/Decidability) Credible Ecosystem Emphasize ‘provability’ over ‘test/verif’ Meets scaling needs Responsive ADA/SPARK & ADACORE Mature language broad ecosystem and commercial support upstream OSS presence safety certifiable with success in adjacent markets Partner willing to support short term and long term goals.
16 PICK A SOLUTION Language (Ambiguity/Decidability) Credible Ecosystem Emphasize ‘provability’ over ‘test/verif’ Meets scaling needs Responsive ADA/SPARK & ADACORE Contract design and proof moves makes implicit requirements explicit. Effective outcome is to move security left Supports our goal of formalism within safety programs.
17 PICK A SOLUTION Language (Ambiguity/Decidability) Credible Ecosystem Emphasize ‘provability’ over ‘test/verif’ Meets scaling needs Responsive ADA/SPARK & ADACORE I can buy machines, no experts available to hire Eliminates other overheads (test, fuzzing) Can re-invest human capital back into product
18 PICK A SOLUTION Language (Ambiguity/Decidability) Credible Ecosystem Emphasize ‘provability’ over ‘test/verif’ Meets scaling needs Responsive ADA/SPARK & ADACORE Partner already invested in the ecosystem. Was able to engage at deep technical level, Familiar with core challenges Highly responsive
19 PICK A TARGET Omnipresent (Consumer, Enterprise, IOT/Automotive, Mobile, etc) Executes at very high privilege impacting critical security decisions Attacker trends shifting to firmware and HW targets Generally high cost to remediate Predominantly C development Smaller code bases and teams to ramp Aligned to increased customer sensitivity to persistence attacks FIRMWARE IS IDEAL!
Dhawal Kumar (Principal System Software Engineer) 21-Nov-2019 SECURING THE FUTURE OF SAFETY AND SECURITY OF EMBEDDED SOFTWARE
22 Firmwares and their environment What is SPARK? Alternatives considered (and dismissed) POC, its conclusions and concerns Benefits and summary AGENDA
23 FIRMWARES AND THEIR ENVIRONMENT
24 FIRMWARES AND THEIR ENVIRONMENT Falcon NVIDIA proprietary ISA CCG to convert SPARK to C RISC-V Public ISA Native compiler 2 kinds of Security Processors Secure boot DRM Video decoding Clock and voltage programming … Security and Safety Critical Firmwares Security Processors Run On
25 WHAT IS SPARK?
26 INTRO TO SPARK Large subset of Ada programming language Most notable difference compared to Ada = Reduced flexibility on pointer usage Paradigms close to C/C++ (imperative, procedural or object oriented, programming in the large…) Additional capabilities for specification and verification ➔ Can “prove” programs No undefined behavior
27 SPARK: BASIC VERIFICATIONS My_Array (Index) := (X * Y) / Z; Index out of bounds of My_Array? Z potentially 0? (X * Y) potentially overflow? (X * Y) / Z potentially overflow? (X * Y) / Z potentially out of range? Index initialized? X, Y, Z initialized? My_Array [Index] = (X * Y) / Z;Equivalent C
28 SPARK: ADVANCED VERIFICATIONS - 1 Replace defensive code with contracts (save space, no need to simulate error condition that may never happen) Simple properties can be specified and verified, e.g. mutex release after acquisition procedure Next (A : in out Array; Iterator : in out Integer; Stop : Value) with Pre => Iterator in A'Range; procedure Perform_Critical_Operation with Post => Mutex.Is_Taken'Old = Mutex.Is_Taken;
29 Functional requirement can be specified and verified SPARK: ADVANCED VERIFICATIONS - 2 procedure Move_Protection_Region (From_Start, From_End, To_Start, To_End : Integer) with Post => (for all Byte in Memory'Range => (if Byte in From_Start .. From_End and not Byte in To_Start .. To_End then Memory (Byte).Erased -- Blue erased else not Memory (Byte).Erased)); -- Green, pink, orange not erased From To Memory'Range
30 ALTERNATIVES: BACKGROUND STORY
31 NVIDIA GOALS - SECURITY Make a major difference to security robustness story Existing tools and techniques such as static analysis, fuzzing, compiler hardening haven’t been moving the needle sufficiently Desire to put certain class of problems to rest for good Reduce the reliance on humans such as reviewers and developers Humans get tired and less effective as LOC rises
32 NVIDIA GOALS – SAFETY (ISO-26262) Ensure that new language, or tool Does not slow NVIDIA down on safety certification New language or tool automatically implies some slowdown Preferably helps make it easier to do safety certification Less effort Ticks more checkboxes in ISO-26262 spec Is acceptable to NVIDIA’s safety assessor
33 NVIDIA GOALS - PRACTICALITY Ensure that new language or tool Is practical enough to be adopted by NVIDIA Can’t expect typical NVIDIA engineer to be an expert in formal methods, do proofs by hands etc Can’t expect NVIDIA to build toolchain to compile SPARK for falcon (proprietary ISA). Hands full already with C Has good support system Commercial backing for anything new is practically must have Does not add unreasonable run time burden Memory footprint Performance
34 ALTERNATIVES CONSIDERED
35 ALTERNATIVES - MAJOR Frama-C (+) Nearly all the same capabilities as SPARK (at least on paper) (+) It’s “C” (-) Need to learn the specification/contract language (ACSL) (-) Requires refactoring/rewrite to be prover friendly (-) “C” means inherently weak type system (-) Only partial commercial support, no safety certification Rust (+) Active community (+) Memory safety (-) Does not address many class of vulnerabilities (e.g. CWE) that SPARK or Frama C do (-) No ability to write user contracts (program specific requirements) (-) High memory footprint (based on findings reported in Wookey paper) (-) Does not have a formalized spec (-) No commercial vendor, no near term plan for safety certification
36 ALTERNATIVES – LESSER KNOWN Ivory (-) Substantially different language from C. So, wouldn’t be better than SPARK in terms of learning curve (-) Not enough data points about commercial support or usage while Ada had plenty with SPARK gaining traction
37 PROOF OF CONCEPT
38 POC: GOALS - 1 Understand language and toolchain Gain hands on experience Determine the difficulty and learning curve for others Establish ROI Demonstrate AORTE for two high value code bases Determine engineering cost to get to AORTE Evaluate support system Establish how to surmount challenges not encountered during POC (commercial support, stackoverflow, books, etc) Understand efficacy and latency of Adacore’s support system
39 POC: GOALS - 2 Run time overhead Code bloat Performance
40 POC: CODE BASES Applications Baremetal app acting as root of trust for code running on several security processors App under RTOS for handling re-size of security protection regions Both security critical
41 MAIN ENGINEERING CONCERNS I can’t find examples on the Internet The code size may increase The prover is difficult to understand Not all tools support Ada It’s difficult to find trained engineers There is a lot of code already in C
42 MAIN ENGINEERING CONCERNS & MITIGATIONS I can’t find help on the Internet The code size may increase The prover is difficult to understand Not all tools support Ada It’s difficult to find trained engineers There is a lot of code already in C Support services are available Alternative tools are available for most needs Engineers can be trained in house C can be interfaced with Ada & SPARK The increase is manageable with switches and re-write In-house expertise is developed No silver bullet here There is a cost to adopting SPARK
43 POC CONCLUSION
44 POC: CONCLUSIONS - SECURITY Nearly all code can be written in SPARK. This would make a major impact to security robustness Reliance on humans can indeed be lessened given The soundness of SPARK Ability to write user contracts
45 POC: CONCLUSIONS - SAFETY Safety was not a target during POC but subsequent investigation demonstrated that Ada/SPARK Tick more checkboxes in ISO-26262 spec Are acceptable (in fact preferred) to safety assessor provided developers have sufficient training Can be safely mixed with C if needed May not change “effort” due to one time costs such as engineer ramp up and effort spent discovering equivalent tools and processes for Ada/SPARK
46 POC: CONCLUSIONS – PRACTICALITY Practical enough to be a candidate for adoption in security and safety critical applications Support system is world class. Nvidia can count on Adacore Low latency Focused on solving customer problems Need additional memory Compiler switches (-gnatp, no –gnata, possibly -flto) are necessary for memory constrained targets Hand optimizations may be necessary Some areas such as CCG may still produce code that could have been optimized but isn’t being
47 SPARK BENEFITS AND SUMMARY
48 KEY SPARK BENEFITS “If it proves, it works” Reviewers can focus on complex problems Numerous CWEs put to rest for good Less effort in debugging Developers become quality engineers No MISRA-C overhead It is worth it
49 NVIDIA SUMMARY SPARK is now used for NVIDIA security- and safety-critical firmware applications Software expected to be productized in 2020 Addresses scalability (of critical expertise) concerns Not entirely free of challenges. Recommend picking the targets wisely
51 © 2019 NVIDIA Corporation. All rights reserved. NVIDIA and the NVIDIA logo are trademarks and/or registered trademarks of NVIDIA Corporation in the U.S. and other countries. Other company and product names may be trademarks of the respective companies with which they are associated.

Recommandé

OpenAPIを利用したPythonWebアプリケーション開発
OpenAPIを利用したPythonWebアプリケーション開発OpenAPIを利用したPythonWebアプリケーション開発
OpenAPIを利用したPythonWebアプリケーション開発Takuro Wada
 
Clique problem step_by_step
Clique problem step_by_stepClique problem step_by_step
Clique problem step_by_stepSing Kuang Tan
 
CLISP Lab Manual - Dr.J.VijiPriya
CLISP Lab Manual - Dr.J.VijiPriyaCLISP Lab Manual - Dr.J.VijiPriya
CLISP Lab Manual - Dr.J.VijiPriyaVijiPriya Jeyamani
 
Linuxでソフトシンセを作って動かす
Linuxでソフトシンセを作って動かすLinuxでソフトシンセを作って動かす
Linuxでソフトシンセを作って動かすMasahiko Kimoto
 
Np hard
Np hardNp hard
Np hardjesal_joshi
 
A Star Search
A Star SearchA Star Search
A Star SearchComputing Cage
 
Spring Framework勉強会
Spring Framework勉強会Spring Framework勉強会
Spring Framework勉強会Masakazu Matsushita
 
zkStudyClub - ProtoStar (Binyi Chen & Benedikt Bünz, Espresso Systems)
zkStudyClub - ProtoStar (Binyi Chen & Benedikt Bünz, Espresso Systems)zkStudyClub - ProtoStar (Binyi Chen & Benedikt Bünz, Espresso Systems)
zkStudyClub - ProtoStar (Binyi Chen & Benedikt Bünz, Espresso Systems)Alex Pruden
 

Recommandé

OpenAPIを利用したPythonWebアプリケーション開発
OpenAPIを利用したPythonWebアプリケーション開発OpenAPIを利用したPythonWebアプリケーション開発
OpenAPIを利用したPythonWebアプリケーション開発Takuro Wada
 
Clique problem step_by_step
Clique problem step_by_stepClique problem step_by_step
Clique problem step_by_stepSing Kuang Tan
 
CLISP Lab Manual - Dr.J.VijiPriya
CLISP Lab Manual - Dr.J.VijiPriyaCLISP Lab Manual - Dr.J.VijiPriya
CLISP Lab Manual - Dr.J.VijiPriyaVijiPriya Jeyamani
 
Linuxでソフトシンセを作って動かす
Linuxでソフトシンセを作って動かすLinuxでソフトシンセを作って動かす
Linuxでソフトシンセを作って動かすMasahiko Kimoto
 
Np hard
Np hardNp hard
Np hardjesal_joshi
 
A Star Search
A Star SearchA Star Search
A Star SearchComputing Cage
 
Spring Framework勉強会
Spring Framework勉強会Spring Framework勉強会
Spring Framework勉強会Masakazu Matsushita
 
zkStudyClub - ProtoStar (Binyi Chen & Benedikt Bünz, Espresso Systems)
zkStudyClub - ProtoStar (Binyi Chen & Benedikt Bünz, Espresso Systems)zkStudyClub - ProtoStar (Binyi Chen & Benedikt Bünz, Espresso Systems)
zkStudyClub - ProtoStar (Binyi Chen & Benedikt Bünz, Espresso Systems)Alex Pruden
 
Backtracking
Backtracking Backtracking
Backtracking Vikas Sharma
 
Astar algorithm
Astar algorithmAstar algorithm
Astar algorithmShuqing Zhang
 
PHP para Adultos: Clean Code e Object Calisthenics
PHP para Adultos: Clean Code e Object CalisthenicsPHP para Adultos: Clean Code e Object Calisthenics
PHP para Adultos: Clean Code e Object CalisthenicsGuilherme Blanco
 
Race condition
Race conditionRace condition
Race conditionhama7230
 
Phonebook Directory or Address Book In Android
Phonebook Directory or Address Book In AndroidPhonebook Directory or Address Book In Android
Phonebook Directory or Address Book In AndroidABHISHEK DINKAR
 
ある工場の Redmine 2021 ( Redmine of one plant 2021 )
ある工場の Redmine 2021 ( Redmine of one plant 2021 )ある工場の Redmine 2021 ( Redmine of one plant 2021 )
ある工場の Redmine 2021 ( Redmine of one plant 2021 )Kohei Nakamura
 
All Pair Shortest Path Algorithm – Parallel Implementation and Analysis
All Pair Shortest Path Algorithm – Parallel Implementation and AnalysisAll Pair Shortest Path Algorithm – Parallel Implementation and Analysis
All Pair Shortest Path Algorithm – Parallel Implementation and AnalysisInderjeet Singh
 
NP completeness
NP completenessNP completeness
NP completenessAmrinder Arora
 
Maze Problem Presentation
Maze Problem PresentationMaze Problem Presentation
Maze Problem PresentationInnovative Pencils
 
マーク&スイープ勉強会
マーク&スイープ勉強会マーク&スイープ勉強会
マーク&スイープ勉強会7shi
 
Nimで競技プログラミングを始めた話(1ヶ月)
Nimで競技プログラミングを始めた話(1ヶ月)Nimで競技プログラミングを始めた話(1ヶ月)
Nimで競技プログラミングを始めた話(1ヶ月)tattaka_sun
 
Randomizing quicksort algorith with example
Randomizing quicksort algorith with exampleRandomizing quicksort algorith with example
Randomizing quicksort algorith with examplemaamir farooq
 
Pda to cfg h2
Pda to cfg h2Pda to cfg h2
Pda to cfg h2Rajendran
 
[DL Hacks]FPGA入門
[DL Hacks]FPGA入門[DL Hacks]FPGA入門
[DL Hacks]FPGA入門Deep Learning JP
 
Software Security
Software SecuritySoftware Security
Software SecurityRoman Oliynykov
 
Dual element MIMO planar inverted-F antenna for 5G millimeter wave application
Dual element MIMO planar inverted-F antenna for 5G millimeter wave applicationDual element MIMO planar inverted-F antenna for 5G millimeter wave application
Dual element MIMO planar inverted-F antenna for 5G millimeter wave applicationTELKOMNIKA JOURNAL
 
Greedy algorithms -Making change-Knapsack-Prim's-Kruskal's
Greedy algorithms -Making change-Knapsack-Prim's-Kruskal'sGreedy algorithms -Making change-Knapsack-Prim's-Kruskal's
Greedy algorithms -Making change-Knapsack-Prim's-Kruskal'sJay Patel
 
file handling, dynamic memory allocation
file handling, dynamic memory allocationfile handling, dynamic memory allocation
file handling, dynamic memory allocationindra Kishor
 
PPL 2022 招待講演: 静的型つき函数型組版処理システムSATySFiの紹介
PPL 2022 招待講演: 静的型つき函数型組版処理システムSATySFiの紹介PPL 2022 招待講演: 静的型つき函数型組版処理システムSATySFiの紹介
PPL 2022 招待講演: 静的型つき函数型組版処理システムSATySFiの紹介T. Suwa
 
amCharts勉強会
amCharts勉強会amCharts勉強会
amCharts勉強会Naoki Iwami
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentAdaCore
 
Walls of Steel, Doors of Wood - Relevance of Application Security
Walls of Steel, Doors of Wood - Relevance of Application SecurityWalls of Steel, Doors of Wood - Relevance of Application Security
Walls of Steel, Doors of Wood - Relevance of Application SecurityAbdul Jaleel
 

Contenu connexe

Tendances

PHP para Adultos: Clean Code e Object Calisthenics
PHP para Adultos: Clean Code e Object CalisthenicsPHP para Adultos: Clean Code e Object Calisthenics
PHP para Adultos: Clean Code e Object CalisthenicsGuilherme Blanco
 
Race condition
Race conditionRace condition
Race conditionhama7230
 
Phonebook Directory or Address Book In Android
Phonebook Directory or Address Book In AndroidPhonebook Directory or Address Book In Android
Phonebook Directory or Address Book In AndroidABHISHEK DINKAR
 
ある工場の Redmine 2021 ( Redmine of one plant 2021 )
ある工場の Redmine 2021 ( Redmine of one plant 2021 )ある工場の Redmine 2021 ( Redmine of one plant 2021 )
ある工場の Redmine 2021 ( Redmine of one plant 2021 )Kohei Nakamura
 
All Pair Shortest Path Algorithm – Parallel Implementation and Analysis
All Pair Shortest Path Algorithm – Parallel Implementation and AnalysisAll Pair Shortest Path Algorithm – Parallel Implementation and Analysis
All Pair Shortest Path Algorithm – Parallel Implementation and AnalysisInderjeet Singh
 
マーク&スイープ勉強会
マーク&スイープ勉強会マーク&スイープ勉強会
マーク&スイープ勉強会7shi
 
Nimで競技プログラミングを始めた話(1ヶ月)
Nimで競技プログラミングを始めた話(1ヶ月)Nimで競技プログラミングを始めた話(1ヶ月)
Nimで競技プログラミングを始めた話(1ヶ月)tattaka_sun
 
Randomizing quicksort algorith with example
Randomizing quicksort algorith with exampleRandomizing quicksort algorith with example
Randomizing quicksort algorith with examplemaamir farooq
 
Dual element MIMO planar inverted-F antenna for 5G millimeter wave application
Dual element MIMO planar inverted-F antenna for 5G millimeter wave applicationDual element MIMO planar inverted-F antenna for 5G millimeter wave application
Dual element MIMO planar inverted-F antenna for 5G millimeter wave applicationTELKOMNIKA JOURNAL
 
Greedy algorithms -Making change-Knapsack-Prim's-Kruskal's
Greedy algorithms -Making change-Knapsack-Prim's-Kruskal'sGreedy algorithms -Making change-Knapsack-Prim's-Kruskal's
Greedy algorithms -Making change-Knapsack-Prim's-Kruskal'sJay Patel
 
file handling, dynamic memory allocation
file handling, dynamic memory allocationfile handling, dynamic memory allocation
file handling, dynamic memory allocationindra Kishor
 
PPL 2022 招待講演: 静的型つき函数型組版処理システムSATySFiの紹介
PPL 2022 招待講演: 静的型つき函数型組版処理システムSATySFiの紹介PPL 2022 招待講演: 静的型つき函数型組版処理システムSATySFiの紹介
PPL 2022 招待講演: 静的型つき函数型組版処理システムSATySFiの紹介T. Suwa
 
amCharts勉強会
amCharts勉強会amCharts勉強会
amCharts勉強会Naoki Iwami
 

Tendances (20)

Backtracking
Backtracking Backtracking
Backtracking
 
Astar algorithm
Astar algorithmAstar algorithm
Astar algorithm
 
PHP para Adultos: Clean Code e Object Calisthenics
PHP para Adultos: Clean Code e Object CalisthenicsPHP para Adultos: Clean Code e Object Calisthenics
PHP para Adultos: Clean Code e Object Calisthenics
 
Race condition
Race conditionRace condition
Race condition
 
Phonebook Directory or Address Book In Android
Phonebook Directory or Address Book In AndroidPhonebook Directory or Address Book In Android
Phonebook Directory or Address Book In Android
 
ある工場の Redmine 2021 ( Redmine of one plant 2021 )
ある工場の Redmine 2021 ( Redmine of one plant 2021 )ある工場の Redmine 2021 ( Redmine of one plant 2021 )
ある工場の Redmine 2021 ( Redmine of one plant 2021 )
 
All Pair Shortest Path Algorithm – Parallel Implementation and Analysis
All Pair Shortest Path Algorithm – Parallel Implementation and AnalysisAll Pair Shortest Path Algorithm – Parallel Implementation and Analysis
All Pair Shortest Path Algorithm – Parallel Implementation and Analysis
 
NP completeness
NP completenessNP completeness
NP completeness
 
Maze Problem Presentation
Maze Problem PresentationMaze Problem Presentation
Maze Problem Presentation
 
マーク&スイープ勉強会
マーク&スイープ勉強会マーク&スイープ勉強会
マーク&スイープ勉強会
 
Nimで競技プログラミングを始めた話(1ヶ月)
Nimで競技プログラミングを始めた話(1ヶ月)Nimで競技プログラミングを始めた話(1ヶ月)
Nimで競技プログラミングを始めた話(1ヶ月)
 
Randomizing quicksort algorith with example
Randomizing quicksort algorith with exampleRandomizing quicksort algorith with example
Randomizing quicksort algorith with example
 
Pda to cfg h2
Pda to cfg h2Pda to cfg h2
Pda to cfg h2
 
[DL Hacks]FPGA入門
[DL Hacks]FPGA入門[DL Hacks]FPGA入門
[DL Hacks]FPGA入門
 
Software Security
Software SecuritySoftware Security
Software Security
 
Dual element MIMO planar inverted-F antenna for 5G millimeter wave application
Dual element MIMO planar inverted-F antenna for 5G millimeter wave applicationDual element MIMO planar inverted-F antenna for 5G millimeter wave application
Dual element MIMO planar inverted-F antenna for 5G millimeter wave application
 
Greedy algorithms -Making change-Knapsack-Prim's-Kruskal's
Greedy algorithms -Making change-Knapsack-Prim's-Kruskal'sGreedy algorithms -Making change-Knapsack-Prim's-Kruskal's
Greedy algorithms -Making change-Knapsack-Prim's-Kruskal's
 
file handling, dynamic memory allocation
file handling, dynamic memory allocationfile handling, dynamic memory allocation
file handling, dynamic memory allocation
 
PPL 2022 招待講演: 静的型つき函数型組版処理システムSATySFiの紹介
PPL 2022 招待講演: 静的型つき函数型組版処理システムSATySFiの紹介PPL 2022 招待講演: 静的型つき函数型組版処理システムSATySFiの紹介
PPL 2022 招待講演: 静的型つき函数型組版処理システムSATySFiの紹介
 
amCharts勉強会
amCharts勉強会amCharts勉強会
amCharts勉強会
 

Similaire à Securing the Future of Safety and Security of Embedded Software

Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentAdaCore
 
Walls of Steel, Doors of Wood - Relevance of Application Security
Walls of Steel, Doors of Wood - Relevance of Application SecurityWalls of Steel, Doors of Wood - Relevance of Application Security
Walls of Steel, Doors of Wood - Relevance of Application SecurityAbdul Jaleel
 
DDOG 2024 Investor Day.pdf - Q4 2024 Datadog
DDOG 2024 Investor Day.pdf - Q4 2024 DatadogDDOG 2024 Investor Day.pdf - Q4 2024 Datadog
DDOG 2024 Investor Day.pdf - Q4 2024 DatadogRaviNeppalli
 
Scaling DevOps Adoption
Scaling DevOps AdoptionScaling DevOps Adoption
Scaling DevOps AdoptionMark Rendell
 
Breaking silos between DevOps and SecOps with Elastic
Breaking silos between DevOps and SecOps with ElasticBreaking silos between DevOps and SecOps with Elastic
Breaking silos between DevOps and SecOps with ElasticElasticsearch
 
Introduction to CAST HIGHLIGHT - Rapid Application Portfolio Analysis
Introduction to CAST HIGHLIGHT - Rapid Application Portfolio AnalysisIntroduction to CAST HIGHLIGHT - Rapid Application Portfolio Analysis
Introduction to CAST HIGHLIGHT - Rapid Application Portfolio AnalysisCAST
 
RA TechED 2019 - SS16 - Security Where and Why do I start
RA TechED 2019 - SS16 - Security Where and Why do I startRA TechED 2019 - SS16 - Security Where and Why do I start
RA TechED 2019 - SS16 - Security Where and Why do I startRockwell Automation
 
Symantec Migration infographic
Symantec Migration infographic Symantec Migration infographic
Symantec Migration infographic BHD Creative Ltd
 
325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-SessionRyan Faircloth
 
A Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesA Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesRyan Faircloth
 
Red Cat - Investor Presentation Feb 2021
Red Cat - Investor Presentation Feb 2021Red Cat - Investor Presentation Feb 2021
Red Cat - Investor Presentation Feb 2021RedChip Companies, Inc.
 
Sand river capabilities corporate
Sand river capabilities corporateSand river capabilities corporate
Sand river capabilities corporatesandrivertech
 
Red Cat - Investor Presentation Mar 2021
Red Cat - Investor Presentation Mar 2021Red Cat - Investor Presentation Mar 2021
Red Cat - Investor Presentation Mar 2021RedChip Companies, Inc.
 
What's new at Elastic: Update on major initiatives and releases
What's new at Elastic: Update on major initiatives and releasesWhat's new at Elastic: Update on major initiatives and releases
What's new at Elastic: Update on major initiatives and releasesElasticsearch
 
Linder,William H IT Auditor 0216
Linder,William H IT Auditor 0216Linder,William H IT Auditor 0216
Linder,William H IT Auditor 0216William Linder
 
Safety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoTSafety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoTIoT613
 
How to implement security compliance with SanerNow
How to implement security compliance with SanerNowHow to implement security compliance with SanerNow
How to implement security compliance with SanerNowSecPod
 
DevOps for Highly Regulated Environments
DevOps for Highly Regulated EnvironmentsDevOps for Highly Regulated Environments
DevOps for Highly Regulated EnvironmentsDevOps.com
 

Similaire à Securing the Future of Safety and Security of Embedded Software (20)

Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware Development
 
Walls of Steel, Doors of Wood - Relevance of Application Security
Walls of Steel, Doors of Wood - Relevance of Application SecurityWalls of Steel, Doors of Wood - Relevance of Application Security
Walls of Steel, Doors of Wood - Relevance of Application Security
 
DDOG 2024 Investor Day.pdf - Q4 2024 Datadog
DDOG 2024 Investor Day.pdf - Q4 2024 DatadogDDOG 2024 Investor Day.pdf - Q4 2024 Datadog
DDOG 2024 Investor Day.pdf - Q4 2024 Datadog
 
Scaling DevOps Adoption
Scaling DevOps AdoptionScaling DevOps Adoption
Scaling DevOps Adoption
 
Breaking silos between DevOps and SecOps with Elastic
Breaking silos between DevOps and SecOps with ElasticBreaking silos between DevOps and SecOps with Elastic
Breaking silos between DevOps and SecOps with Elastic
 
Introduction to CAST HIGHLIGHT - Rapid Application Portfolio Analysis
Introduction to CAST HIGHLIGHT - Rapid Application Portfolio AnalysisIntroduction to CAST HIGHLIGHT - Rapid Application Portfolio Analysis
Introduction to CAST HIGHLIGHT - Rapid Application Portfolio Analysis
 
RA TechED 2019 - SS16 - Security Where and Why do I start
RA TechED 2019 - SS16 - Security Where and Why do I startRA TechED 2019 - SS16 - Security Where and Why do I start
RA TechED 2019 - SS16 - Security Where and Why do I start
 
Symantec Migration infographic
Symantec Migration infographic Symantec Migration infographic
Symantec Migration infographic
 
CAST HIGHLIGHT - Overview & Demos
CAST HIGHLIGHT - Overview & DemosCAST HIGHLIGHT - Overview & Demos
CAST HIGHLIGHT - Overview & Demos
 
325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session
 
A Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesA Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use Cases
 
Red Cat - Investor Presentation Feb 2021
Red Cat - Investor Presentation Feb 2021Red Cat - Investor Presentation Feb 2021
Red Cat - Investor Presentation Feb 2021
 
Sand river capabilities corporate
Sand river capabilities corporateSand river capabilities corporate
Sand river capabilities corporate
 
Red Cat - Investor Presentation Mar 2021
Red Cat - Investor Presentation Mar 2021Red Cat - Investor Presentation Mar 2021
Red Cat - Investor Presentation Mar 2021
 
Website Security Service.pdf
Website Security Service.pdfWebsite Security Service.pdf
Website Security Service.pdf
 
What's new at Elastic: Update on major initiatives and releases
What's new at Elastic: Update on major initiatives and releasesWhat's new at Elastic: Update on major initiatives and releases
What's new at Elastic: Update on major initiatives and releases
 
Linder,William H IT Auditor 0216
Linder,William H IT Auditor 0216Linder,William H IT Auditor 0216
Linder,William H IT Auditor 0216
 
Safety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoTSafety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoT
 
How to implement security compliance with SanerNow
How to implement security compliance with SanerNowHow to implement security compliance with SanerNow
How to implement security compliance with SanerNow
 
DevOps for Highly Regulated Environments
DevOps for Highly Regulated EnvironmentsDevOps for Highly Regulated Environments
DevOps for Highly Regulated Environments
 

Plus de AdaCore

RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?AdaCore
 
Rust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesRust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesAdaCore
 
SPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic librarySPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic libraryAdaCore
 
Developing Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsDeveloping Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsAdaCore
 
Taming event-driven software via formal verification
Taming event-driven software via formal verificationTaming event-driven software via formal verification
Taming event-driven software via formal verificationAdaCore
 
Pushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofPushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofAdaCore
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
Product Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationProduct Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationAdaCore
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...AdaCore
 
The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!AdaCore
 
Adaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaCore
 
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...AdaCore
 
Software Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologySoftware Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologyAdaCore
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextAdaCore
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareAdaCore
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareAdaCore
 
Bounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentBounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentAdaCore
 
Multi-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical SystemsMulti-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical SystemsAdaCore
 
Ada 202x A broad overview of relevant news
Ada 202x A broad overview of relevant newsAda 202x A broad overview of relevant news
Ada 202x A broad overview of relevant newsAdaCore
 

Plus de AdaCore (20)

RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?
 
Rust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesRust and the coming age of high integrity languages
Rust and the coming age of high integrity languages
 
SPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic librarySPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic library
 
Developing Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsDeveloping Future High Integrity Processing Solutions
Developing Future High Integrity Processing Solutions
 
Taming event-driven software via formal verification
Taming event-driven software via formal verificationTaming event-driven software via formal verification
Taming event-driven software via formal verification
 
Pushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofPushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program Proof
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 
Product Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationProduct Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configuration
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
 
The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!
 
Adaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR Architecture
 
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
 
Software Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologySoftware Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar Technology
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 context
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle software
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling Software
 
Bounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentBounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise Environment
 
Multi-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical SystemsMulti-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical Systems
 
Ada 202x A broad overview of relevant news
Ada 202x A broad overview of relevant newsAda 202x A broad overview of relevant news
Ada 202x A broad overview of relevant news
 

Dernier

[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 

Dernier (20)

[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 

Securing the Future of Safety and Security of Embedded Software

  • 1. Daniel Rohrer, VP SW Product Security, NVIDIA – November 21, 2019 SPARK / ADA JOURNEY TO ADOPTION
  • 2. 2 SAFE HARBOR Forward-Looking Statements Except for the historical information contained herein, certain matters in this presentation including, but not limited to, statements as to: our strategies, growth, position, opportunities, goals, and continued expansion; the performance and benefits of our products and technologies; the impact of macro trends on software security; the benefits and impact of, and adoption path for, Ada/SPARK and AdaCore; and other predictions and estimates are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements and any other forward-looking statements that go beyond historical facts that are made in this presentation are subject to risks and uncertainties that may cause actual results to differ materially. Important factors that could cause actual results to differ materially include: global economic conditions; our reliance on third parties to manufacture, assemble, package and test ourproducts; the impact of technological development and competition; development of new products and technologies or enhancements to our existing product and technologies; market acceptance of our products or our partners’ products; design, manufacturing or software defects; changes in consumer preferences and demands; changes in industry standards and interfaces; unexpected loss of performance of our products or technologies when integrated into systems and other factors. For a complete discussion of factors that could materially affect our financial results and operations, please refer to the reports we file from time to time with the SEC, including our Form 10-K for the annual period ended January 27, 2019 and our Form 10-Q for the quarterly period ended October 27, 2019. Copies of reports we file with the SEC are posted on our website and are available from NVIDIA without charge. These forward-looking statements are not guarantees of future performance and speak only as of November 21, 2019, based on information currently available to us. Except as required by law, NVIDIA disclaims any obligation to update these forward-looking statements to reflect future events or circumstances.
  • 3. 3 NVIDIA JOURNEY TO FORMALISM ADACORE Learnings & the Journey Ahead AGENDA
  • 4. 4 BUSINESS CONTEXT Increasingly complex system (consumer, embedded, auto, robotics, medical, HPC) Increasing criticality (IP Risk, Life safety/ISO26262, physical attacks) Attacker trending lower in technology stack Ecosystem tooling not keeping pace with attacks Human and Human-in-loop techniques not scaling Increasing cost to update MACRO TRENDS DRIVING RISK AND INNOVATION
  • 5. 5 BUSINESS CONTEXT Increasingly complex system (consumer, embedded, auto, robotics, medical, HPC) Increasing criticality (IP Risk, Life safety/ISO26262, physical attacks) Attacker trending lower in technology stack Ecosystem tooling not keeping pace with attacks Human and Human-in-loop techniques not scaling Increasing cost to update NVIDIA TAKES SECURITY AND SAFETY VERY SERIOUSLY WHAT ABOUT THIS PROBLEM CAN WE CHANGE? MACRO TRENDS DRIVING RISK AND INNOVATION
  • 6. 6 START WITH FIRST PRINCIPLES What key factors drive outcomes? Human Factors Ambiguity / Decidability of language Effectiveness of Tooling Ecosystem support Measurable
  • 7. 7 START WITH FIRST PRINCIPLES What key factors drive outcomes? Human Factors Ambiguity / Decidability of language Effectiveness of Tooling Ecosystem support Measurable Skilled practitioners are hard to find (ISC)2 reports ~500,000 workforce shortage for cybersecurity in US alone Human time scales are too slow to meet market demands already. What strategies can amplify the human capital we already have?
  • 8. 8 What can help us address intrinsic development and language shortfalls? START WITH FIRST PRINCIPLES What key factors drive outcomes? Human Factors Ambiguity / Decidability of language Effectiveness of Tooling Ecosystem support Measurable https://cve.mitre.org/(Nov 10)
  • 9. 9 START WITH FIRST PRINCIPLES What key factors drive outcomes? Human Factors Ambiguity / Decidability of language Effectiveness of Tooling Ecosystem support Measurable Decidability limits static analysis effectiveness What tool and test strategies can generate higher confidence assertions?
  • 10. 10 START WITH FIRST PRINCIPLES What key factors drive outcomes? Human Factors Ambiguity / Decidability of language Effectiveness of Tooling Ecosystem support Measurable Availability of off the shelf fuzzing and dynamic analysis is limited. These often don’t meet safety standards. How can I meet business requirements without diluting product development investment?
  • 11. 11 START WITH FIRST PRINCIPLES What key factors drive outcomes? Human Factors Ambiguity / Decidability of language Effectiveness of Tooling Ecosystem support Measurable We improve what we measure Prefer leading indicator to trailing indicators. What methodologies increase our ability to measure risk and safety outcomes?
  • 13. 13 ADOPTION PATH BUILDING A BUSINESS CASE How much are we investing TODAY? How much will we NEED to invest TOMORROW? Is it POSSIBLE to address this with our current strategy? PICK A SOLUTION PICK A TARGET ADOPT NEW LANGUAGE AND DEVELOPMENT MODEL
  • 14. 14 PICK A SOLUTION Language (Ambiguity/Decidability) Credible Ecosystem Emphasize ‘provability’ over ‘test/verif’ Meets scaling needs Responsive ADA/SPARK & ADACORE Strongly typed, decidable backed by formal methods aligned with our integrity goals Compatible feature set Had C linkability.
  • 15. 15 PICK A SOLUTION Language (Ambiguity/Decidability) Credible Ecosystem Emphasize ‘provability’ over ‘test/verif’ Meets scaling needs Responsive ADA/SPARK & ADACORE Mature language broad ecosystem and commercial support upstream OSS presence safety certifiable with success in adjacent markets Partner willing to support short term and long term goals.
  • 16. 16 PICK A SOLUTION Language (Ambiguity/Decidability) Credible Ecosystem Emphasize ‘provability’ over ‘test/verif’ Meets scaling needs Responsive ADA/SPARK & ADACORE Contract design and proof moves makes implicit requirements explicit. Effective outcome is to move security left Supports our goal of formalism within safety programs.
  • 17. 17 PICK A SOLUTION Language (Ambiguity/Decidability) Credible Ecosystem Emphasize ‘provability’ over ‘test/verif’ Meets scaling needs Responsive ADA/SPARK & ADACORE I can buy machines, no experts available to hire Eliminates other overheads (test, fuzzing) Can re-invest human capital back into product
  • 18. 18 PICK A SOLUTION Language (Ambiguity/Decidability) Credible Ecosystem Emphasize ‘provability’ over ‘test/verif’ Meets scaling needs Responsive ADA/SPARK & ADACORE Partner already invested in the ecosystem. Was able to engage at deep technical level, Familiar with core challenges Highly responsive
  • 19. 19 PICK A TARGET Omnipresent (Consumer, Enterprise, IOT/Automotive, Mobile, etc) Executes at very high privilege impacting critical security decisions Attacker trends shifting to firmware and HW targets Generally high cost to remediate Predominantly C development Smaller code bases and teams to ramp Aligned to increased customer sensitivity to persistence attacks FIRMWARE IS IDEAL!
  • 20.
  • 21. Dhawal Kumar (Principal System Software Engineer) 21-Nov-2019 SECURING THE FUTURE OF SAFETY AND SECURITY OF EMBEDDED SOFTWARE
  • 22. 22 Firmwares and their environment What is SPARK? Alternatives considered (and dismissed) POC, its conclusions and concerns Benefits and summary AGENDA
  • 24. 24 FIRMWARES AND THEIR ENVIRONMENT Falcon NVIDIA proprietary ISA CCG to convert SPARK to C RISC-V Public ISA Native compiler 2 kinds of Security Processors Secure boot DRM Video decoding Clock and voltage programming … Security and Safety Critical Firmwares Security Processors Run On
  • 26. 26 INTRO TO SPARK Large subset of Ada programming language Most notable difference compared to Ada = Reduced flexibility on pointer usage Paradigms close to C/C++ (imperative, procedural or object oriented, programming in the large…) Additional capabilities for specification and verification ➔ Can “prove” programs No undefined behavior
  • 27. 27 SPARK: BASIC VERIFICATIONS My_Array (Index) := (X * Y) / Z; Index out of bounds of My_Array? Z potentially 0? (X * Y) potentially overflow? (X * Y) / Z potentially overflow? (X * Y) / Z potentially out of range? Index initialized? X, Y, Z initialized? My_Array [Index] = (X * Y) / Z;Equivalent C
  • 28. 28 SPARK: ADVANCED VERIFICATIONS - 1 Replace defensive code with contracts (save space, no need to simulate error condition that may never happen) Simple properties can be specified and verified, e.g. mutex release after acquisition procedure Next (A : in out Array; Iterator : in out Integer; Stop : Value) with Pre => Iterator in A'Range; procedure Perform_Critical_Operation with Post => Mutex.Is_Taken'Old = Mutex.Is_Taken;
  • 29. 29 Functional requirement can be specified and verified SPARK: ADVANCED VERIFICATIONS - 2 procedure Move_Protection_Region (From_Start, From_End, To_Start, To_End : Integer) with Post => (for all Byte in Memory'Range => (if Byte in From_Start .. From_End and not Byte in To_Start .. To_End then Memory (Byte).Erased -- Blue erased else not Memory (Byte).Erased)); -- Green, pink, orange not erased From To Memory'Range
  • 31. 31 NVIDIA GOALS - SECURITY Make a major difference to security robustness story Existing tools and techniques such as static analysis, fuzzing, compiler hardening haven’t been moving the needle sufficiently Desire to put certain class of problems to rest for good Reduce the reliance on humans such as reviewers and developers Humans get tired and less effective as LOC rises
  • 32. 32 NVIDIA GOALS – SAFETY (ISO-26262) Ensure that new language, or tool Does not slow NVIDIA down on safety certification New language or tool automatically implies some slowdown Preferably helps make it easier to do safety certification Less effort Ticks more checkboxes in ISO-26262 spec Is acceptable to NVIDIA’s safety assessor
  • 33. 33 NVIDIA GOALS - PRACTICALITY Ensure that new language or tool Is practical enough to be adopted by NVIDIA Can’t expect typical NVIDIA engineer to be an expert in formal methods, do proofs by hands etc Can’t expect NVIDIA to build toolchain to compile SPARK for falcon (proprietary ISA). Hands full already with C Has good support system Commercial backing for anything new is practically must have Does not add unreasonable run time burden Memory footprint Performance
  • 35. 35 ALTERNATIVES - MAJOR Frama-C (+) Nearly all the same capabilities as SPARK (at least on paper) (+) It’s “C” (-) Need to learn the specification/contract language (ACSL) (-) Requires refactoring/rewrite to be prover friendly (-) “C” means inherently weak type system (-) Only partial commercial support, no safety certification Rust (+) Active community (+) Memory safety (-) Does not address many class of vulnerabilities (e.g. CWE) that SPARK or Frama C do (-) No ability to write user contracts (program specific requirements) (-) High memory footprint (based on findings reported in Wookey paper) (-) Does not have a formalized spec (-) No commercial vendor, no near term plan for safety certification
  • 36. 36 ALTERNATIVES – LESSER KNOWN Ivory (-) Substantially different language from C. So, wouldn’t be better than SPARK in terms of learning curve (-) Not enough data points about commercial support or usage while Ada had plenty with SPARK gaining traction
  • 38. 38 POC: GOALS - 1 Understand language and toolchain Gain hands on experience Determine the difficulty and learning curve for others Establish ROI Demonstrate AORTE for two high value code bases Determine engineering cost to get to AORTE Evaluate support system Establish how to surmount challenges not encountered during POC (commercial support, stackoverflow, books, etc) Understand efficacy and latency of Adacore’s support system
  • 39. 39 POC: GOALS - 2 Run time overhead Code bloat Performance
  • 40. 40 POC: CODE BASES Applications Baremetal app acting as root of trust for code running on several security processors App under RTOS for handling re-size of security protection regions Both security critical
  • 41. 41 MAIN ENGINEERING CONCERNS I can’t find examples on the Internet The code size may increase The prover is difficult to understand Not all tools support Ada It’s difficult to find trained engineers There is a lot of code already in C
  • 42. 42 MAIN ENGINEERING CONCERNS & MITIGATIONS I can’t find help on the Internet The code size may increase The prover is difficult to understand Not all tools support Ada It’s difficult to find trained engineers There is a lot of code already in C Support services are available Alternative tools are available for most needs Engineers can be trained in house C can be interfaced with Ada & SPARK The increase is manageable with switches and re-write In-house expertise is developed No silver bullet here There is a cost to adopting SPARK
  • 44. 44 POC: CONCLUSIONS - SECURITY Nearly all code can be written in SPARK. This would make a major impact to security robustness Reliance on humans can indeed be lessened given The soundness of SPARK Ability to write user contracts
  • 45. 45 POC: CONCLUSIONS - SAFETY Safety was not a target during POC but subsequent investigation demonstrated that Ada/SPARK Tick more checkboxes in ISO-26262 spec Are acceptable (in fact preferred) to safety assessor provided developers have sufficient training Can be safely mixed with C if needed May not change “effort” due to one time costs such as engineer ramp up and effort spent discovering equivalent tools and processes for Ada/SPARK
  • 46. 46 POC: CONCLUSIONS – PRACTICALITY Practical enough to be a candidate for adoption in security and safety critical applications Support system is world class. Nvidia can count on Adacore Low latency Focused on solving customer problems Need additional memory Compiler switches (-gnatp, no –gnata, possibly -flto) are necessary for memory constrained targets Hand optimizations may be necessary Some areas such as CCG may still produce code that could have been optimized but isn’t being
  • 48. 48 KEY SPARK BENEFITS “If it proves, it works” Reviewers can focus on complex problems Numerous CWEs put to rest for good Less effort in debugging Developers become quality engineers No MISRA-C overhead It is worth it
  • 49. 49 NVIDIA SUMMARY SPARK is now used for NVIDIA security- and safety-critical firmware applications Software expected to be productized in 2020 Addresses scalability (of critical expertise) concerns Not entirely free of challenges. Recommend picking the targets wisely
  • 50.
  • 51. 51 © 2019 NVIDIA Corporation. All rights reserved. NVIDIA and the NVIDIA logo are trademarks and/or registered trademarks of NVIDIA Corporation in the U.S. and other countries. Other company and product names may be trademarks of the respective companies with which they are associated.