zds-2023-06-27-security.pdf

《zds-2023-06-27-security.pdf》由会员分享，可在线阅读，更多相关《zds-2023-06-27-security.pdf（23页珍藏版）》请在三个皮匠报告上搜索。

1、The Zephyr Project Security Overview,Progress and StatusThe Zephyr Project Security Overview,Progress,and StatusDavid Brown,LinaroFlavio Ceolin,IntelZephyr Security Overview Introduction Lifecycle of a Vulnerability Current Status DiscussionIntroduction Zephyr Importance of security Security Committ

2、ee Security Working GroupWhat is Zephyr Open Source Lots of supported architectures and boards Lots of supported features Lots of code Zephyr:1.3 million lines of C Modules:20 million lines of CSecurity Standards ETSI EN 303-645 Cybersecurity Standard for Consumer IoT Devices FIPS 140-3 Security Req

3、uirements for Cryptographic Modules SP 800-128 Secure Software Development Framework Annex K(C11 standard)Security Committee Defined by project charter Has one rep from platinum members,an architect and a chair Architect:Flavio Ceolin,Chair:David Brown Meeting every two weeks Topics that are not pub

4、licSecurity Working Group Open to any participants First met regularly,with committee meeting on demand Now regular and interleaved with committee Many useful discussion have resulted Security Standards Security Processes Code analysis tools Committee mostly dealing with vulnerabilities and sensitiv

5、e informationLifecycle of a vulnerability What is a vulnerability,in our context Why treated differently The processVulnerability“A software vulnerability is a flaw or weakness in a software system that could be exploited to compromise the systems security or functionality.It could be a bug,design f

6、law,or configuration oversight in the softwares code,design,architecture,or user interface.If a vulnerability is exploited,it could potentially lead to unauthorized access,data loss,or data theft.It could allow an attacker to install malicious software,gain access to sensitive data,or gain control o