Trusted Computing: Application Development, Testing, and Analysis for Optimal SecurityDownload PDF
Trusted Computing: The COTS Perspective Series
Application software in military systems enables warfighters to carry out their missions, so it’s essential that this code is trusted and secure. Other hardware and software is designed to start the application software securely; once it starts, application software relies on the system’s fundamental security building blocks, but requires special attention to ensure it functions as intended.
However, this is often easier said than done because only a small, finite number of system developers typically have access to the application code. Most application software is custom-built to execute a specific mission or run a particular algorithm, so far fewer software engineers will access or review it than would see open-source, or even most commercial, software.
Application code must be thoroughly tested before deployment in order to ensure it is secure.
This can result in undiscovered vulnerabilities, which can be made worse because opportunities to review and update deployed application code typically are few and far between. Application code in military systems is developed to a particular specification; once tested, the system often is deployed with less opportunity for retesting than a general-purpose system would.
Complicating matters is the narrow technology refresh window of deployed systems. Limitations on time, budgets, and mission requirements can make it nearly impossible to update application software once it’s in the field. Even if users discover code issues or security vulnerabilities, the costs to bring a deployed system back for an update is excessive.
On the other hand, it takes far less time and cost to find, fix, and test software problems prior to deployment. For this reason, it’s imperative for system developers to make the right decisions about application code from the very beginning.
Download the 'Trusted Computing: Application Development, Testing, and Analysis for Optimal Security' white paper to learn more about:
- Securing data transfer between applications
- Performing thorough testing and analysis
- Leveraging existing processor features and security libraries