Download PDFOpen PDF in browserThou shalt not fail - Targeting Lifecycle-Long Robustness while being vigilant for the Black SwansEasyChair Preprint 69123 pages•Date: December 23, 2018AbstractSoftware products used in the critical infrastructure (CI) and command and control (C2) realms have very long lifecycles and have many interfaces that are crucial for secure interoperability and networked use. When exposed to the shorter lifecycles of the commercial off-the-shelf (COTS) software used within, new approaches are needed to keep these products secure. Many of the commonly used software components have shorter lifecycles than the CI products using them. An inherent security debt develops if vendors creating the CI/C2 systems do not keep up updating underlying components. It is also possible that newer security testing methods might find new security issues on old software which are not any more under constant development and therefore not under quality assurance (QA) scrutiny. Another source for security debt are changes in environment in which the system is operated in, and the assumptions of the typical usage of the product: Adding new network links, bringing in new data streams and new ways of using the system may seem simple and straightforward changes but may bring the security of the whole system under serious threat. This paper suggests a sustainable long-term approach to address new sources of security debt of critical long-lifecycle software. Firstly, highly automated robustness testing setup is proposed to constantly go through the most critical interfaces of the system. Secondly, a periodical threat analysis is applied to the product in order to detect the subtle but important changes in the environment the product is used in. Keyphrases: Critical Infrastructure, Robustness Testing, Security debt, Software Engineering, black swan, fuzz testing, software lifecycle, software obsolescence, software robustness, threat analysis
|