Experimental Physics and
Industrial Control System
| 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 <2023> 2024 | Index | 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 <2023> 2024 |
| <== Date ==> | <== Thread ==> |
|---|
| Subject: | Re: [EXTERNAL] Re: EPICS Software Supply Chain Risk Management (SSCRM) |
| From: | Jonathan Jacky via Tech-talk <tech-talk at aps.anl.gov> |
| To: | "Evans, Richard K. (GRC-H000)" <richard.k.evans at nasa.gov> |
| Cc: | "tech-talk at aps.anl.gov" <tech-talk at aps.anl.gov>, S Banerian <banerian at uw.edu> |
| Date: | Wed, 12 Jul 2023 10:30:08 -0700 |
> Is it your position that any software that has been demonstrated to be
“safe” for use in mitigating risks to personnel health and safety is
also safe from external vulnerabilities due to the development process?
Yes, but you have to be careful to account for the scope of what was demonstrated. We verified that the input-output behavior of the EPICS database record types we used in our application conformed to their descriptions in the EPICS Record Reference Manual (RRM). Our verification would have detected discrepancies between EPICS behavior and the RRM arising from any cause. We were worried about undiscovered coding errors in EPICS (or writing errors in the RRM), but the verification would also have detected discrepancies caused by malicious tampering.
> However
the verification process you are
referring to seems like it is highly dependent on the specific
application and specific integration of otherwise established code.
Yes it was. The properties we verified were carefully chosen and limited to just those we needed to ensure the safety and correctness of our particular application. And, our application was carefully designed so that its safety and correctness depended on a limited number of properties that we expected would be feasible to verify. So we only used some (but not all) EPICS record types, we didn't use the EPICS state machine, we didn't use subroutine records or any custom coding in records, etc.
I believe it is not meaningful to make statements like "EPICS is safe" or "EPICS is secure". EPICS is a large collection of components that can be used in many ways.
You can only investigate whether a particular EPICS application -- a selected subset of EPICS components programmed to behave in a particular way, running in a particular environment, for a particular purpose -- is safe or secure.
For example, on tech-talk Joshua Einstein-Curtis wrote, " formally verified code does not mean the communication network between meets the same level of safety."
That is correct. We designed our system so the safety requirements were met by an EPICS program (database composed of the record types we verified) running on a single IOC, without depending on the EPICS Channel Access (CA) network protocol. This was a deliberate design decision made (in part) so we would not need to verify CA.
-- Jon Jacky
- References:
- Re: EPICS Software Supply Chain Risk Management (SSCRM) Jonathan Jacky via Tech-talk
- Re: [EXTERNAL] Re: EPICS Software Supply Chain Risk Management (SSCRM) Evans, Richard K. (GRC-H000) via Tech-talk
- Navigate by Date:
- Prev: Re: [EXTERNAL] Re: EPICS Software Supply Chain Risk Management (SSCRM) Gedare Bloom via Tech-talk
- Next: Suspended thread Mark Rivers via Tech-talk
- Index: 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 <2023> 2024
- Navigate by Thread:
- Prev: Re: [EXTERNAL] Re: EPICS Software Supply Chain Risk Management (SSCRM) Gedare Bloom via Tech-talk
- Next: A question on modbus Amber via Tech-talk
- Index: 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 <2023> 2024
·
Home
·
News
·
About
·
Base
·
Modules
·
Extensions
·
Distributions
·
Download
·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·