Cybersecurity Concerns #1222
Replies: 5 comments 9 replies
-
We haven't tried to address it at the framework level since cybersecurity is highly dependent on the the platform. The OS/hardware/and other software add-ons is where we would anticipate the cybersecurity to be implemented. |
Beta Was this translation helpful? Give feedback.
-
I have this concern raised when raising this framework to my CTO. The dictionary file is very important since it gives anyone knowledge of what's what in the spacecraft. You could add encryption and decryption module to framer and deframer to make it more secure. Reorganizing F' packet could help too. |
Beta Was this translation helpful? Give feedback.
-
Wouldn't the cybersecurity requirement be the responsibility of the stakeholder? Different projects have vastly different cybersecurity needs and a wide variety of ways (algorithms, libraries, etc) to meet those needs. I don't like the idea of F' prescribing a cybersecurity solution. It could however facilitate that in some way. I think one way F' itself could address some of these concerns is by doing vulnerability scans on the core framework. |
Beta Was this translation helpful? Give feedback.
-
To reassure my managers for the time being, I proposed the following for the cybersecurity aspects of the framework:
It can then be interesting to run fuzzing tests on the whole system or even its components? The famous Google AFL, which is also used on cFS, could be used as a fuzzer. |
Beta Was this translation helpful? Give feedback.
-
On the Github blog, I discovered the Scorecards tool in the article Reducing security risk in open source software with GitHub Actions and OpenSSF Scorecards V4. This is an automated security tool, available on the GitHub marketplace and configurable with GitHub Actions, that identifies risky practices in open source project development environments. The tool evaluates a number of heuristics associated with software security and assigns a score from 0 to 10 to each checkpoint. The checklist can be found here. Do you think it would be useful to set up this GitHub workflow? |
Beta Was this translation helpful? Give feedback.
-
Hello,
I have a few questions regarding the cyber security associated with the project.
In general, industrial companies are facing more and more requirements on the subject of security. They must present the mechanisms implemented to protect information and data so that other systems have the degree of access corresponding to their types and levels of authorization.
As a reference we can find for example the ISO25000 standard describing the sub-characteristics of security.
Have you encountered this type of requirement/concern regarding projects based on F Prime? I suspect that the fact that it is open source may raise concerns at this level.
The choice to adopt F Prime by a stakeholder, e.g., an instrument vendor, may be questioned by customers on cybersecurity grounds. 🤔
Not having the elements to defend against these concerns, I would understand if the stakeholder started from scratch to create their framework.
Beta Was this translation helpful? Give feedback.
All reactions