Evaluation Engineering - 15

A screenshot of instrument
simulation being performed with
Marvin Test Solutions ATEasy
software.
Marvin Test Solutions

"Teledyne LeCroy offers TDME (trigger,
decode, measure/graph, and eye diagram)
packages for many serial protocols. These
suites of tools can be leveraged for both
protocol testing and cybersecurity verification. For the topic at hand (cybersecurity in embedded systems), an example
would be the Embedded Bundle TDME,
which covers the I2C, SPI, and UART/RS232 protocols.
"In the future, cybersecurity will be
an area of growing concern, and we'll
continue to adapt our tools to cover
emerging needs."
David Holt, director of new product introduction at B&K Precision: "Based on
our customer's feedback, embedded cybersecurity is not a high priority for B&K
Precision. When remote connectivity is
used with our products, both the computer and test instruments are behind a
firewall on a private network. For remote
connections using the worldwide web, the
end user must consider many issues that
go well beyond the test instrument."

Vulnerabilities
Yazma, MTS: "Cybersecurity cannot
be overlooked and in fact, the cost of
not proactively managing cybersecurity is far greater than the cost of actively managing the implementation of
safeguards to protect against security
breaches/infections. As noted above,
ATE systems that are networked can
be the most prone to cybersecurity
threats which, consequently, requires
additional methods and procedures to
ensure that systems are protected from
cyberattacks. Additionally, to ensure
the integrity and protection of test programs, ATE software tools can include
the option to encrypt both source code
and executables-ensuring the integrity
of the test program and preventing unauthorized tampering of code."

Simulation Software
Simulation software has seen great adoption over the past decade, allowing users
to run tests through a virtual platform
that mitigates the cyber risk their computer could otherwise be exposed to with
direct testing.

One of these simulation tools is application virtualization-a process that packages computer programs and their dependencies from the underlying operating
system into a single executable bundle,
which is then transportable across systems. This can be an especially effective
tool for legacy software that has more vulnerabilities than a modern counterpart.
The December 2018 issue of EE featured an article titled, "Mitigate software
obsolescence and cyber risk using application virtualization," by Dr. Christopher
P. Heagney and Lance J. Walker, who
work with the U.S. Navy as science advisor and electrical engineer, respectively. Their article detailed, in-depth,
how application virtualization serves
as an advanced technology solution for
all Department of Defense programs to
reduce their overall cost, improve fielded
systems, and mitigate cyber risk. It does
this by blocking user access, restricted
executables, requires no installation, and
reduces cyberattack surface through
isolation of the "just enough" operating system. The duo presented a paper
at AutoTestCon in September 2018 that
explained how application virtualization
is an 80% solution that they called "good
enough" to maneuver within the cost and
performance trade space.1
Yazma, MTS: "Marvin Test Solutions'
ATEasy software suite has offered simulation capability for several years and
supports simulation of the complete
ATE system-not just simulation of the
test instrumentation. We have not seen
it being used as a method for boosting
or verifying cybersecurity although it

could be used for this purpose
by constructing an "infected"
system component to show
cause and effect. Rather, we
see simulation offering users
the means to develop and test
their test programs without
having to rely upon the test
system for verification of the program,
which improves overall productivity and
shortens test program development/verification time."
MTS markets ATE software in the form
of ATEeasy, a 10th generation product.
It includes both a test executive and test
development environment, and offers a
handful of cybersecurity features:
* Encryption of both executables and
DLLs, which maintains executable
integrity and prevents hacking, reverse engineering, text viewing, or
modifying of the executable (nonrepudiation)
* Encrypted binary source code for
drivers, system, and program files
ensures file integrity and protects
files from malicious changes
* Password or hardware key license
serial number offers access protection for drivers, system, and program
files, which prevents the use, viewing, reverse engineering, or changing
of code
* Management of multiple users and
privileges via a unique password/
user ID mechanism
* Run-time protection from buffer
overruns, call stack mismatch when
calling external components
MTS is working toward complying with
DoD application security and development requirements (ASD 47), of which
there are more than 300.
REFERENCE

1. Dr. Christopher P. Heagney and Lance J.
Walker, "Mitigate software obsolescence and
cyber risk using application virtualization,"
Evaluation Engineering, December 2018.

MAY 2019 EVALUATIONENGINEERING.COM

http://www.rsleads.com/905ee-194 http://www.rsleads.com/905ee-195 http://www.EVALUATIONENGINEERING.COM

Evaluation Engineering

Table of Contents for the Digital Edition of Evaluation Engineering