Securing Your ICS Software with the AttackSurface Host Analyzer (AHA)

Abstract

Implementing a secure development lifecycle (SDL) presents increasing challenges to software developers as they must ensure software correctly integrates both underlying operating system security features while also managing dependencies on third-party libraries or executables. There are a growing number of security functions that require a close integration between the OS security features and software builds to ensure strong protection. Furthermore, as software platforms grow in complexity, they present many opportunities for misconfigurations and inadequate defenses. This challenge is especially prevalent for industrial control systems (ICS), which oten depend on both legacy sotware platforms, or out of date operating systems. This paper presents the AttackSurface Host Analyzer (AHA) tool, which is used to assess the security of a software platform through its integration with a host operating system. The tool collects data from the various platforms running on an OS, evaluates an array of security properties, and then introduces metrics and visualizations to provide feedback on the system's attack surface based on the external interconnections and the completeness of the available security protections. The paper then explores the attack surface of a variety of industry-standard ICS platforms to provide insight into the current degree of protection enabled by them.