Defence organisations perform information security evaluations to confirm that electronic communications devices are safe to use in security-critical situations. Such evaluations include tracing all possible dataflow paths through the device, but this process is tedious and error-prone, so automated reachability analysis tools are needed to make security evaluations faster and more accurate. Previous research has produced a tool, SIFA, for dataflow analysis of basic digital circuitry, but it cannot analyse dataflow through microprocessors embedded within the circuit since this depends on the software they run. We have developed a static analysis tool that produces SIFA-compatible dataflow graphs from embedded microcontroller programs written in C. In this paper we present a case study which shows how this new capability supports combined hardware and software dataflow analyses of a security-critical communications device.
|Cite as: Mills, C., Fidge, C. J. and Corney, D. (2012). Tool-Supported Dataflow Analysis of a Security-Critical Embedded Device. In Proc. Australasian Information Security Conference (AISC 2012) Melbourne, Australia. CRPIT, 125. Pieprzyk, J.and Thomborson, C. Eds., ACS. 59-70 |
(local if available)