1 / 14

Difficulties in Providing Certification and Assurance for Software Defined Radios

Difficulties in Providing Certification and Assurance for Software Defined Radios. John Giacomoni University of Colorado at Boulder 11/10/2005. Certification & Assurance. Establish a level of assurance that a product conforms to its specifications

Télécharger la présentation

Difficulties in Providing Certification and Assurance for Software Defined Radios

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Difficulties in Providing Certification and Assurance for Software Defined Radios John Giacomoni University of Colorado at Boulder 11/10/2005

  2. Certification & Assurance • Establish a level of assurance that a product conforms to its specifications • Solve trust problems where information asymmetries exist • Product & process certification

  3. Systems Problem • Historical context of trusted computing • More than components or spectrum • SDR device and aggregates (network) • Cross layer/module interactions • Spectrum/SDR Network/OS/Applications • Composition problems • Emergent behavior

  4. Product Certification • Underwriters Laboratories - 1901 • Demonstrates correlation between product certification and risk • CableLabs 1988 • Solve interoperability problems • FCC testing • Adoption of external standards

  5. Problems with Product Testing • The more attributes exist, the more difficult it becomes to achieve acceptable assurance • Boundary value testing • Modular design can help in some situations • Restrictive software interfaces • Restrictive physical limitations • Future products

  6. Process Certification • A group’s maturity or discipline is linked to their ability to repeat past successes • Intuitive for manufacturing • Difficult when domain changes • Information products are in constant evolution • Institutional knowledge • Costly for small companies • Certifications sometimes viewed as a checklist item • Ex: ISO 9000, CMMI

  7. Security Certification • Malicious users • Difficult to correctly describe a system • Need all parties involved • Difficult to correctly evaluate a system • How do we know when to stop? • Appropriate level of assurance? • Documented model ?= implemented model • Ex-post factors: • Removal from market • Assurance by insurance • Lag time to market

  8. InternationalSecurity Certification • Who authors the protection profiles? • Who certifies the evaluators? • Who pays for certification? • Avoid forum shopping

  9. WiFi • WiFi and Part 15 • Functionally correct • Security wise, a weak standard • WEP RC4 problem was well understood • Eventually chose to accept security flaws • Possibly a simpler problem than SDR • Predetermined operating conditions • Band/Power/Mask

  10. FCC Orders • Orders • Flexibility to vendors to properly implement security • Failure results in removal of products from market and liability consequences • No TCBs • Shift from source code evaluation to “high level operational description[s] or flow diagram[s]”

  11. Findings • Complexity make assurance difficult • Complexity increases with degrees of freedom • Process models may limit innovation due to overhead costs • High levels of assurance expensive • Limits small companies ability to innovate • New methods for evaluation

  12. Findings Cont. • Continued vigilance in protecting existing spectrum users • Particularly for public safety&aeronautical • Increasing self determinacy within a license • Assign risk to appropriate parties • International cooperation on certification for compliance

  13. Future Work • Explore how certification requirements may differ between licensing models • Modeling the impact of a misbehaving device • Evaluate likelihood of malicious users • Is spectrum access attractive? • Self regulating ham radio community • Effectiveness of ex-ante & ex-post protections/regulations at each layer

  14. John Giacomoni • john.giacomoni@colorado.edu • Department of Computer Science • University of Colorado at Boulder • Boulder, CO 80309-0430

More Related