(주)솔루션링크

To develop a cyber-physical system, such framework elements as cyber security policy, organization, and management system and security lifecycle are needed. In particular, a cyber security organization plays a pivotal role based on security processes in an extensive range of activities to achieve the enterprise cyber security objectives that cover security planning, security training & support, review/audit/assessment, etc.

SOLUTIONLINK extends support for implementation of cyber security management / engineering / service processes in consideration of processes currently available in targeted organizations. In addition, SOLUTIONLINK makes available its inventory of diverse reference processes (ISO 21434, IEC 62443, and the like) and engineering assets for security process implementation projects to ensure faster delivery of enterprise cyber security system.

In the early phase of its development cycle, a cyber-physical system requires TARA (Threat Analysis and Risk Assessment) activities to be performed to identify potential cyber security threats including unauthorized access or malicious attack and assess the risks of identified security threats. Depending on the size of applicable system and the purpose of analysis, TARA can be performed by a wide range of methods including, but not limited to, E-Safety Vehicle Intrusion Protected Applications (EVITA), Threat and Operability Analysis (THROP), Threat, Vulnerabilities, and implementation Risks Analysis (TVRA), Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE), HEAling Vulnerabilities to ENhance Software Security and Safety (HEAVENS), and Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege (STRIDE).

Employing its ample experiences in cyber security threat analysis projects for automotive domains (powertrain, chassis, body, infotainment system, etc.) and public domains covering critical infrastructure (air transport, railroad, utility, etc.) SOLUTIONLINK delivers methods to identify potential threats to prevent and minimize cyber attacks, offering training and coaching programs for systematic assessment of risks of each applicable potential threat.

Cyber security concept that defines a high-level strategy to prevent or detect/address potential threats identified in cyber security threat analysis needs to be developed, and such security requirements as Confidentiality, Integrity, Availability, Authenticity, Authorization, Privacy, Non-repudiation, etc. are required to be specified on the basis of the cyber security concept. Depending on the level of abstraction, security requirements can be refined into system/HW/SW security requirements, and appropriate security mechanisms needed in subsequent development phases must be selected and correctly specified.

Based on extensive cyber-phys8cal system development experiences, SOLUTIONLINK delivers optimized cyber security concept development strategies and provides guidance on how to specify security requirements by converging requirement engineering domain and cyber security threat analysis domain. Furthermore, reference security mechanisms are made available in advance to help customers identify security mechanisms already implemented in other products and specify new security mechanisms in requirement phase.

To address the ever-increasing complexity of systems and ensure compliance with security regulations of countries around the world (NIST FIPS 199, etc.), security architecture needs to be developed from a new cyber security perspective differentiated from legacy system perspectives. Security architecture is built by allocating system elements defined in security requirements specification, and an integrated security architecture that satisfies security requirements and architectural elements embedded with detailed security mechanism need to be developed.

SOLUTIONLINK has system/HW/SW experts who have minimum 10-year experience for applicable products deliver reference architectures and engineering solutions that satisfy security mechanisms and guides customers in incorporating such reference architectures and solutions appropriately and robustly into legacy system/HW/SW architectures.

Cyber-physical system needs to be tested continuously in system/HW/SW development phases to ensure that the system satisfies phase-specific security requirements and incorporates security measures to address analyzed vulnerabilities. To that end, in addition to functional, performance, and safety testing methods, such tests as Fuzz Testing that uses a Fuzzer (CANbuster, Defensics, etc.) to create random interface data for testing and Penetration Testing that uses known vulnerability exploitation cases (Metasploit, etc.) for testing need to be performed.

SOLUTIONLINK delivers an integrated quality system that seamlessly integrates security test processes, test methods and expertise of applicable resources in charge, allowing testers involved in applicable projects early on to ensure security quality of system/HW/SW.