网络安全、物联网和嵌入式系统：通过笔测试降低风险

Cybersecurity threats emerged prominently in the embedded systems landscape in 2016 with the Mirai botnet attack, which disrupted major websites using compromised IoT devices. This incident highlighted the lack of security in low-cost IoT products, prompting embedded developers to address cybersecurity vulnerabilities alongside Industrial IoT (IIoT) devices. Critical embedded systems, such as those in aviation and automotive sectors, were found to be vulnerable to attacks sooner than anticipated. For instance, a U.S. Department of Homeland Security (DHS) team demonstrated a remote penetration of a Boeing 757 using off-the-shelf hardware, and DHS issued warnings about hacking vulnerabilities in aircraft Controller Area Network (CAN) data buses in 2019. Cybersecurity risks also extend to other sectors, including automotive automation and building automation systems, which have faced cyber ransom attacks.

Embedded systems specifications like DO-178C/278A, dating back to 2012, struggle to adapt to the rapidly evolving cybersecurity landscape. As system complexity increases, the attack surface expands exponentially across new bus architectures, HMI, IP networks, and data protection requirements.

To mitigate cybersecurity risks, vulnerability testing, or penetration testing (pen testing), and fault injection are recommended. Pen testing involves simulating attacks to detect known vulnerabilities, using a library of known attacks to drive automated tools that inject faults and analyze device responses. This testing is performed using unmodified binaries, ensuring no unintended interference from test rigging. Pen testing should be conducted throughout the system's lifecycle—during development, deployment, and after modifications—to effectively mitigate cybersecurity risks.

Wind River® Simics® is highlighted as an effective tool for conducting pen testing via simulation engines. Simics allows decoupling work from physical hardware while retaining the ability to connect physical hardware when needed. It supports full-system simulations, enabling detection of threats originating from one component attacking others. Key advantages of Simics include:

• Simulating complete networked systems running full production software stacks.
• Recent releases improve multi-core and parallel core support, with full parallel simulation on the horizon.
• Distributing complex, multi-core simulations across available host resources.
• Connecting physical hardware via pass-through technology using standard interfaces like Ethernet, I2C, PCI, SCSI, serial, and USB.

Simics is also used for full-system regression testing, as demonstrated by NASA's Independent Test Capability Team, which employs Simics in its NASA Operational Simulator (NOS) to model spacecraft missions in real time.

Given the escalating cybersecurity threats for embedded systems, it is recommended to begin pen testing mixed-criticality systems using Simics, which can simulate systems ranging from standalone modules to complex mission-running systems.