Cybersecurity: Building & Verifying Countermeasures

Overview

This is the 3rd part of a 4-part webinar series that demonstrates an end-to-end cybersecurity workflow that manages risks efficiently and consistently. The workflow covers everything from early asset and threat identification at system level, to implementation and verification of countermeasures in the software. It integrates safety data from analyses such as FHA and FMEA, enables change analysis, and keeps risk data and decisions consistent with the architecture and design. 

In this third part we show how to plan, implement, and verify countermeasures. We start by defining security goals from each risk that needs to be treated, and allocating them to the model, so that designers can see them. Next, we take the role of the designer and implement a countermeasure in the form of a simple intrusion detection. Towards that, we will use the power of simulation to model an attack, and to verify whether the countermeasure can mitigate its impact. Lastly, we discuss how residual risk analysis helps to validate and refine our the earlier security decisions. The outcome of this webinar will be a system that is robust to certain cyberattacks, and where threats, risks and countermeasures are all synchronized and validated.

Highlights

• Countermeasure (security goal) requirements definition
• Countermeasure implementation
• Countermeasure verification via simulation
• Residual Risk Calculation

About the Presenters

Marco Bimbi is a Principal Application Engineer focusing on Model Based Systems Engineering workflows for safety critical applications. Marco joined MathWorks in 2022. Before joining The MathWorks, he has worked for 10+ years in aerospace as well as rails industries such as Rolls-Royce and Deutsche Bahn focusing on Systems Engineering workflows for safety critical applications. During his career he held various roles such as Control Systems Architect, Model Based Systems Engineering Specialist and Requirements Manager. At MathWorks Marco helps customers to leverage MathWorks toolchain, including System Composer, for their Systems Engineering workflow. Moreover, Marco provides industry insight to the MathWorks development team to drive future product capabilities

Martin Becker is a Principal Application Engineer at The MathWorks and an independent security researcher. He received his Ph.D. in software verification from Technical University of Munich for his work on real-time computer systems, and has 20 years of experience in embedded systems, amongst others working as avionics engineer at Airbus Defense & Space, Research Engineer at Tata Consultancy Services, and Lecturer at Singapore Institute of Technology. In his daily work, he supports customers from all industries in the efficient development of safety-critical software and certification according to industrial standards, accompanies the development of innovative verification tools, and uses them himself as an ethical hacker in the field of FOSS software.