5g
Factories of the Future
Media & Entertainment
Smart Cities
Smart Energy
Smart Ports
SME Opportunities
Societal Impacts
Technology Development
Telecoms Providers
5G CAM
5G Automotive
5G CAM KPIs
5G CAM Standardisation
5G Corridors
5G Multimodal Connectivity
5G Transport Network
Artificial Intelligence & Machine Learning
Artificial Intelligence & Machine Learning in big data
Artificial Intelligence & Machine Learning technologies
Big data
Big data algorithms
Big data analytics
Collaborative Classification and Models
Business Models, Process Improvement, Contract Management, KPIs and Benchmarking Indexes
Collaboration Risk and Value Sharing
Collaborative Planning and Synchromodality
Customs & Regulatory Compliance
Environmental Performance Management
Logistics Optimisation
Stock Optimisation
Supply Chain Corrective and Preventive Actions (CAPA)
Supply Chain Financing
Supply Chain Visibility
Common Information Objects
Booking
Customs Declarations
Transport Service Description
Transport Status
Waybills
Computing and Processing
Big Data Management and Analytics
Cloud
Edge
Fog
Knowledge Graphs
Machine Learning
MIST
Stream Processing
Connectivity
Architecture
Blockchain
Connectivity Interfaces
Technologies (Bluetooth, Ethernet, Wifi)
Data Management, Simulation and Dashboards
Dashboards
Data Fusion
Data Governance, Integrity, Quality Management and Harmonization
Event Handling
Open Data
Simulation
Statistics and Key Performance Indicators (KPIs)
Data market
Data ecosystem
Data marketplace
Data Platform
Data Providers
Devices
IoT Controllers
IoT Gateways
IoT Sensors
Tracking Sensors
Digitisation Frameworks
Control Towers
Data Pipelines
e-Freight
e-Maritime
National Single Windows
Port Community Systems
Federation
Data Federation
Platform Federation
Industrial IoT Sectors
Rail Sector Active Predictive Maintenance
Interoperability
Data interoperability
Data interoperability mechanisms
Interoperability solutions
Platform interoperability
IoT Secuirty, Privacy and Safety Systems
PKI Technology
Privacy-preservation
Data privacy preserving technologies
Privacy preserving technologies
Project Results
5G-SOLUTIONS Deliverables
5G-SOLUTIONS Publications
CHARIOT Capacity Building and Trainings
CHARIOT Deliverables
CHARIOT Publications
SELIS Deliverables
SELIS Publications and Press Releases
Project Results - 5g Routes
5G-ROUTES Deliverables
5G-ROUTES Innovation
5G-ROUTES Publications
Project Results - TRUSTS
TRUSTS Deliverable
TRUSTS Publications
Safety, Security and Privacy Systems
Access Management
Coordinated Border Management
Information Security
International Organisations
Risk Assessment and Management
Risk Management
Safety and Security Assessment
Source Code Analysis
Sectors and Stakeholders
Airports and Air Transport
Banks, investors and other funding providers
Custom Authorities
Facilities, Warehouses
Freight Forwarders
Inland Waterways
Multimodal Operators
Ports and Terminals
Railway
Retailers
Road Transport
Shippers
Shipping
Smart Buildings
Trusties and other Intermediary Organizations
Urban and Countryside Logistics
Urban Logistics
Sectors and Stakeholders - TRUSTS
Audit & Law firms
Corporate offices
Enterprises
Financial Institutions
Telecommunications
Security
Secured Data
Secured Infrastructure
Secured Platform
Sovereignty
Data sovereignty
Standards
Good Distribution Practices
International data standards
International Organization for Standardization (ISO)
UN/CEFACT
World Customs Organization (WCO)
Supply Chain Management
Business Models, Process Improvement, Contract Management, KPIs and Benchmarking Indexes
Risk Management
Risk-Based Controls
Screening and tracking
Supervision Approach
Technologies
5g
Agile Deployment, Configuration Management
Business Applications
Business Integration Patterns, Publish-Subscribe
Cloud Technologies/Computing, Services Virtualisation
Cognitive
Community Node Platform and Application Monitoring
Connectivity Technologies (Interfaces and Block Chain)
Hybrid S/T Communication and Navigation Platforms
IoT (Sensors, platforms)
Mobile
Physical Internet (PI)
Public key infrastructure (PKI)
Radio-frequency identification (RFID)

Source Code Analysis

Automated Software Development Tools for Improving IoT Device Security


Bill Graham 21/07/2016 00:00:00

For IoT and M2M device security assurance, it's critical to introduce automated software development tools into the development lifecycle. Although software tools' roles in quality assurance is important, it becomes even more so when security becomes part of a new or existing product's requirements.


Automated Software Development Tools

There are three broad categories of automated software development tools that are important for improving quality and security in embedded IoT products:

•Application lifecycle management (ALM): Although not specific to security, these tools cover requirements analysis, design, coding, testing and integration, configuration management, and many other aspects of software development. However, with a security-first embedded development approach, these tools can help automate security engineering as well. For example, requirements analysis tools (in conjunction with vulnerability management tools) can ensure that security requirements and known vulnerabilities are tracked throughout the lifecycle.  Design automation tools can incorporate secure design patterns and then generate code that avoids known security flaws (e.g. avoiding buffer overflows or checking input data for errors). Configuration management tools can insist on code inspection or static analysis reports before checking in code. Test automation tools can be used to test for "abuse" cases against the system. In general, there is a role for ALM tools in the secure development just as there is for the entire project.

•Dynamic Application Security Testing (DAST): Dynamic testing tools all require program execution in order to generate useful results. Examples include unit testing tools, test coverage, memory analyzers, and penetration test tools. Test automation tools are important for reducing the testing load on the development team and, more importantly, detecting vulnerabilities that manual testing may miss.

•Static Application Security Testing (SAST): Static analysis tools work by analyzing source code, bytecode (e,g, compiled Java), and binary executable code. No code is executed in static analysis, but rather the analysis is done by reasoning about the potential behavior of the code. Static analysis is relatively efficient at analyzing a codebase compared to dynamic tools. Static analysis tools also analyze code paths that are untested by other methods and can trace execution and data paths through the code. Static analysis can be incorporated early during the development phase for analyzing existing, legacy, and third-party source and binaries before incorporating them into your product. As new source is added, incremental analysis can be used in conjunction with configuration management to ensure quality and security throughout. 

 

Reference Link

Attached Documents

The “CHARIOT IoT Search Index” aims to provide a web location where publications, articles, and relevant documents can be centralized hosted in a well-structured and easily accessed way.

Tags

Contact Us
Enter Text
Contact our department
123movie