Tag Archives: security
Systems Architecture with the Functional Safety-Security emphasis
I was asked to give a talk on the unification of Functional Safety (FuSa) and Security for which I replied that two disciplines cannot be viewed separately from Systems Engineering. Instead of talking about safety/security interop, I explained how to build complex systems and how these systems fail. Only when you understand that we do […]
Think about trust, not threats
A conversation arose today about threat analysis and I responded that I am against this practice of doing threat analysis. I thought that others will benefit from reminding them about design goals and how security fits in them. Threat – countermeasure is easy to explain to a novice but produces very ugly and inefficient systems. […]
Security Architecture for Cyber Physical Systems
Slides I presented at the Automotive Cybersecurity conference at Detroit on Friday. The main message is captured in the last bullet in the Summary: We do not know how to build 100% reliable systems, we only know how to manage risk – your system will fail and you have to build for failure. This was […]
The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software
Several quotes from ‘The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software’ 2006 book by Michael Howard; Steve Lipner Design specifications miss important security details that appear only in code. Don’t just say, “This is bad.” Instead, say, “This is the way you should do it.” In our experience, engineering staff […]
Integrated Development of Safety and Security Requirements
Reprinted from Technical Papers on the Development of Embedded Electronics by Vector Christof Ebert, CEO of Vector Consulting Services GmbH and a professor at the University of StuttgartEduard Metzker, Solution Manager for Cyber Security at Vector Informatik GmbH Today, the systematic development of safety requirements is essential in developing embedded systems. Due to the growing […]
Secure communication for CAN FD
Reprinted from Technical Papers on the Development of Embedded Electronicsby Vector Here I would like to highlight some of the most interesting ideas from the set of articles by Vector. This is 7 of 7 posts on this topic. Encrypted data transmission is not yet the norm in vehicle networks. Vector has conceived an implementation […]
Defending cyber-physical systems from digital attacks
Every 30 years there is a new wave of things that computers do. Around 1950 they began to model events in the world (simulation), and around 1980 to connect people (communication). Since 2010 they have begun to engage with the physical world in a non-trivial way (embodiment – giving them bodies). ‒ Butler Lampson, Microsoft […]
My picks, 2015-11
These are the latest articles and videos I found most interesting. Mathematics and sex Kob Mating Ritual Capuchin monkey flirting Gorilla Mating Croc vs. Hippo IXV: Mastering atmospheric reentry Miguel Nicolelis: Brain-to-brain communication has arrived. How we did it Security Analysis of Estonia’s Internet Voting System How robots could be your future surgeons Mathematics and […]
My picks, 2015-1
These are the latest articles and videos I found most interesting. Why Electronic Voting is a BAD Idea Are You Sitting Too Much? Why Do We Eat Spoiled Food? Cute Jumping Indri Lemurs – Madagascar Danny Macaskill: The Ridge CGI VFX Breakdown HD: “Winter Olympics: Sochi 2014 Opening” How Much Salmon Can a Kodiak Bear […]
JSON Web Token (JWT)
JWT is the standard for securing REST web services. “JSON Web Token (JWT) is a compact token format intended for space constrained environments such as HTTP Authorization headers and URI query parameters. JWTs encode claims to be transmitted as a JavaScript Object Notation (JSON) object […]”. References below describe it as well as provide links to […]
Alan Tatourian 