EPICS Home EPICS Controls Argonne National Laboratory

Experimental Physics and
Industrial Control System

Format page
for printing


Search Tech-talk
1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  <20182019  2020  2021  2022  2023  2024  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  <20182019  2020  2021  2022  2023  2024 
<== Date ==> <== Thread ==>
Subject: Re: Security Hardening for EPICS/RTEMS
From: Gedare Bloom <[email protected]>
To: Andrew Johnson <[email protected]>
Cc: Talk EPICS Tech <[email protected]>
Date: Tue, 24 Apr 2018 10:16:50 -0400 
Andrew,

On Mon, Apr 23, 2018 at 7:02 PM, Andrew Johnson <[email protected]> wrote:
> Hi Gedare,
>
> On 04/21/2018 09:53 AM, Gedare Bloom wrote:
>> Hello EPICS Community,
>>
>> tl;dr: I'm looking for a partner willing to work with me on security
>> hardening their EPICS deployment over the next 3 years if we
>> successfully obtain NSF funding. I'm also looking for statements of
>> general interest/enthusiasm about security hardening for EPICS.
>
> I can provide the latter, on behalf of the Core Developers group. We are
> going to be interested in various aspects of what you're planning, and
> should be able to offer suggestions and pointers on how hardening could
> be integrated into the existing code-base. Eventually we will also have
> to review any changes to the EPICS Core that your project comes up with
> before they can be merged, so it is in all our interests to collaborate
> and work together.
>

That's great! I will reach out to you for feedback early, and often.
If I get the grant, I will certainly be in continual contact with the
Core devs throughout the project (and beyond).

>> I'm one of the RTEMS maintainers and also an assistant professor of
>> computer science at Howard University. I'm planning an NSF CICI grant
>> proposal submission before June 4 [1] that would intend to improve the
>> cyber security of the EPICS hardware/software infrastructure for
>> scientific research with an emphasis on RTOS security hardening, EPICS
>> security hardening, and evaluation/enhancement of the EPICS network
>> protocols for secure access.
>>
>> If you're generally interested in this project, or you think it is a
>> total waste of time, I'd be glad to hear about it here and discuss
>> some more of the overall ideas. If you and your institution might be
>> able to partner on this, please keep reading and contact me privately
>> so we can arrange to discuss details offline.
>>
>> I'm looking for a partner in the EPICS community able and willing to
>> commit to work with me on integration of security improvements with a
>> plan to install/upgrade EPICS (using RTEMS on the IOCs) in their
>> deployment in the next 3 years.
>
> I hope you will be able to find one or more such partners here. The code
> that you develop must run on all our supported targets (not just RTEMS)
> to be eligible for inclusion in official EPICS releases, and be licensed
> under a compatible license (the EPICS Open license is BSD-like).
>

I've had a few private letters of interest, but no official partners
yet. I forgot to mention that any partner should be US based (and
non-profit preferred) due to NSF funding requirements. The licensing
issue is good to keep in mind. I am preferential to the 2-clause BSD
and plan to use that in general.

>> I have reached out to the EPICS Council to gauge a general interest in
>> this direction of development and received an initially positive
>> response. Now, I would like to find a partner so that I can put
>> together a proposal with firm commitments in place before the proposal
>> submission deadline. I can carve out some funding for a partner
>> willing to work directly with me to integrate and deploy the
>> prototypes developed through the project.
>>
>> [1] https://www.nsf.gov/pubs/2018/nsf18547/nsf18547.htm
>>
>> Sincerely,
>> Gedare Bloom
>> RTEMS Project Maintainer
>> Assistant Professor of Computer Science
>> Howard University
>
> Please join and use our core-talk mailing list for technical discussions
> and questions that don't need to be communicated to the whole community.
> All the Core developers are subscribed to that list as well as here.
>
> Thanks, and welcome!
>

I appreciate the warm welcome. I've been lurking on the core-talk as
well, and will engage there if/when I get to start hacking.

Gedare

> - Andrew
>
>
> --
> Arguing for surveillance because you have nothing to hide is no
> different than making the claim, "I don't care about freedom of
> speech because I have nothing to say." -- Edward Snowdon
References:
Security Hardening for EPICS/RTEMS Gedare Bloom
Re: Security Hardening for EPICS/RTEMS Andrew Johnson
Navigate by Date:
Prev: using epics-base with yocto Mariano Ruiz
Next: Re: dbReadDatabase in base-7.0 Andrew Johnson
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  <20182019  2020  2021  2022  2023  2024 
Navigate by Thread:
Prev: Re: Security Hardening for EPICS/RTEMS Andrew Johnson
Next: base-3.15.5/templates/makeBaseApp/top/iocBoot/ioc/Makefile@Common John Dobbins
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  <20182019  2020  2021  2022  2023  2024 
ANJ, 24 Apr 2018 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·