Cybersecurity Concerns

[ThibFrgsGmz]

Hello,

I have a few questions regarding the cyber security associated with the project.

In general, industrial companies are facing more and more requirements on the subject of security. They must present the mechanisms implemented to protect information and data so that other systems have the degree of access corresponding to their types and levels of authorization.

As a reference we can find for example the ISO25000 standard describing the sub-characteristics of security.

Have you encountered this type of requirement/concern regarding projects based on F Prime? I suspect that the fact that it is open source may raise concerns at this level.

The choice to adopt F Prime by a stakeholder, e.g., an instrument vendor, may be questioned by customers on cybersecurity grounds. 🤔

Not having the elements to defend against these concerns, I would understand if the stakeholder started from scratch to create their framework.

[timcanham]

We haven't tried to address it at the framework level since cybersecurity is highly dependent on the the platform. The OS/hardware/and other software add-ons is where we would anticipate the cybersecurity to be implemented.

[ThibFrgsGmz]

I understand what you mean; it's not just the responsibility of the framework or even the embedded software system.

[rawinza555]

I have this concern raised when raising this framework to my CTO. The dictionary file is very important since it gives anyone knowledge of what's what in the spacecraft.

You could add encryption and decryption module to framer and deframer to make it more secure. Reorganizing F' packet could help too.

[ThibFrgsGmz]

I had the opportunity to present my research to my CEO and CTO, and like you their main concerns were about cybersecurity and not knowing where the line is between business code and what can be released as open source.

[astroesteban]

Wouldn't the cybersecurity requirement be the responsibility of the stakeholder?

Different projects have vastly different cybersecurity needs and a wide variety of ways (algorithms, libraries, etc) to meet those needs. I don't like the idea of F' prescribing a cybersecurity solution. It could however facilitate that in some way.

I think one way F' itself could address some of these concerns is by doing vulnerability scans on the core framework.

[ThibFrgsGmz]

I agree with you that F Prime should not impose cybersecurity mechanisms in the sense that it should be adaptable enough to meet the specific project/mission requirements.

[ThibFrgsGmz]

To reassure my managers for the time being, I proposed the following for the cybersecurity aspects of the framework:

• To make commits on GitHub, an authentication system is in place, which is constantly being improved by GitHub.
• Code reviews are performed on community contributions.
• Non-regressions are performed on each contribution to ensure that it does not break the system.
• Contributions are only accepted/integrated by a small team with write access.
• LGTM based on CodeQL is used in the project to find vulnerabilities in the codebase.

It can then be interesting to run fuzzing tests on the whole system or even its components? The famous Google AFL, which is also used on cFS, could be used as a fuzzer.

[ThibFrgsGmz]

Maybe we should do like cFS and save this kind of arguments in a file named SECURITY.md?

[timcanham]

I like the idea of instrumenting the build with Google AFL. Why don't you put it in as an issue?

[astroesteban]

I like that too. Having a tool like Google AFL would be of great benefit.

[ThibFrgsGmz]

@timcanham OK, I'm going to create an issue about setting up a Fuzzing infrastructure.

But I won't go so far as to specify a tool because I don't know enough about fuzzing technologies: I don't know all of them, I'm not sure which one is the best or easiest to implement.

Some use AFLPlusPlus, some use LLVM's LibFuzzer which is also implemented by Jason Turner in his cpp_starter_project.

[ThibFrgsGmz]

See #1223

[ThibFrgsGmz]

On the Github blog, I discovered the Scorecards tool in the article Reducing security risk in open source software with GitHub Actions and OpenSSF Scorecards V4.

This is an automated security tool, available on the GitHub marketplace and configurable with GitHub Actions, that identifies risky practices in open source project development environments.

The tool evaluates a number of heuristics associated with software security and assigns a score from 0 to 10 to each checkpoint.

The checklist can be found here.

Do you think it would be useful to set up this GitHub workflow?

[astroesteban]

That looks like a really good tool to have. I like that GitHub has created a a starter GitHub action and workflow for it. It makes it seem like a simple and beneficial addition to the CI/CD pipeline.