This position paper of the SIL Platform (www.nen.nl) indicates that it is common practice to operate process plants at maximum performance, optimum capacity and minimum risk levels. A Safety Integrity Level (SIL) is often determined through e.g. a Layer of Protection Analysis (LOPA) [1] [2]
[3], which is a means to quantify risks. However, LOPA is usually not the starting point for quantifying risks. This is often done with the use of a Risk Assessment Matrix (RAM). Contrary to LOPA and SIL, the use and type of RAM is not clearly pre-scribed or defined.
The intention of this guide is to provide guidance on RAM and show the relations between RAM, LOPA and SIL levels. What are the pitfalls? What is usually applied? What is often missed? It is not the intention to explain in detail the various available risk assessment techniques.
How to arrive at a SIL level in the correct manner leading to a qualitatively proper design and implementation is described in the EN-IEC 61511 standard [4]. Achieving a SIL requires amongst other aspects:
Correct identification of Safety Instrumented Functions (SIF)
Correct determination of required SIL rating of the various SIFs.
This guide strives to improve this quality by improving the quality of the risk assessment(s) providing input to the SIL determination. The targeted audience of this guide is the Dutch Process Industry Sector.
This position paper of the SIL Platform (www.nen.nl) indicates that it is common practice to operate process plants at maximum performance, optimum capacity and minimum risk levels. A Safety Integrity Level (SIL) is often determined through e.g. a Layer of Protection Analysis (LOPA) [1] [2]
[3], which is a means to quantify risks. However, LOPA is usually not the starting point for quantifying risks. This is often done with the use of a Risk Assessment Matrix (RAM). Contrary to LOPA and SIL, the use and type of RAM is not clearly pre-scribed or defined.
The intention of this guide is to provide guidance on RAM and show the relations between RAM, LOPA and SIL levels. What are the pitfalls? What is usually applied? What is often missed? It is not the intention to explain in detail the various available risk assessment techniques.
How to arrive at a SIL level in the correct manner leading to a qualitatively proper design and implementation is described in the EN-IEC 61511 standard [4]. Achieving a SIL requires amongst other aspects:
Correct identification of Safety Instrumented Functions (SIF)
Correct determination of required SIL rating of the various SIFs.
This guide strives to improve this quality by improving the quality of the risk assessment(s) providing input to the SIL determination. The targeted audience of this guide is the Dutch Process Industry Sector.
This is the presentation slides on the paper "Safe & Sec Case Patterns" at ASSURE 2015. This research investigate how to integrate safety and security from process patterns and show an integrated assurance case for both.
Prof. Vladimir Marik presented at Stanford's program on European Entrepreneurship and Innovation at the Engineering School. At the invitation from Burton Lee, PhD, MBA Lecturer at Stanford School of Engineering.
Functional hazard analysis is the first step in the process of ensuring functional safety. For safety-critical product developers, this step is fundamental as it helps identify and assess the potential hazardous situations that could lead to accidents. A systematic and structured approach to hazards analysis is crucial to identify Safety Goals and their related ASILs as an input for the development of safety related products.
Watch video recording: https://intland.com/on-demand-webinar/hazard-analysis-and-functional-safety-compliance/
The Smart Energy Management System (SEMS) market is an important strategic opportunity for electrical distributors and will require them to stretch beyond their traditional capabilities. This research explores the opportunities and strategies to take advantage of the growing commercial and residential sectors.
> While still in the early stages of adoption, US residential and commercial SEMS market exceeds $3.5B today and is forecasted to surpass $8.3B by 2020
> Market growth is underpinned by strong and accelerating customer demand, and driven by improved solution economics for customers, regulatory compliance, and environmental sentiment
> Distributors perceive SEMS as critical to their company’s success; it is an opportunity for both competitive differentiation and to evolve traditional distributor business models
Introduction to Functional Safety and SIL CertificationISA Boston Section
This overview session will acquaint attendees with the key concepts in the IEC 61508 standard for functional safety of electrical/electronic and programmable electronic systems. An introduction is provided to safety integrity levels (SIL), the safety lifecycle and the requirements needed to achieve a functional safety certificate. Information will be provided on documentation requirements and an introduction to the basic objectives of product design for functional safety.
business model, business model canvas, mission model, mission model canvas, customer development, hacking for defense, H4D, lean launchpad, lean startup, stanford, startup, steve blank, pete newell, bmnt, entrepreneurship, I-Corps, autonomy, NSIN,
Would you like to know how SOTIF addresses possible hazards caused by intended behavior? Discuss the first draft of the SOTIF standard with international working group members and functional safety experts during the SOTIF Conference. Find out more here: http://bit.ly/SOTIF_Agenda_2019
This is the presentation slides on the paper "Safe & Sec Case Patterns" at ASSURE 2015. This research investigate how to integrate safety and security from process patterns and show an integrated assurance case for both.
Prof. Vladimir Marik presented at Stanford's program on European Entrepreneurship and Innovation at the Engineering School. At the invitation from Burton Lee, PhD, MBA Lecturer at Stanford School of Engineering.
Functional hazard analysis is the first step in the process of ensuring functional safety. For safety-critical product developers, this step is fundamental as it helps identify and assess the potential hazardous situations that could lead to accidents. A systematic and structured approach to hazards analysis is crucial to identify Safety Goals and their related ASILs as an input for the development of safety related products.
Watch video recording: https://intland.com/on-demand-webinar/hazard-analysis-and-functional-safety-compliance/
The Smart Energy Management System (SEMS) market is an important strategic opportunity for electrical distributors and will require them to stretch beyond their traditional capabilities. This research explores the opportunities and strategies to take advantage of the growing commercial and residential sectors.
> While still in the early stages of adoption, US residential and commercial SEMS market exceeds $3.5B today and is forecasted to surpass $8.3B by 2020
> Market growth is underpinned by strong and accelerating customer demand, and driven by improved solution economics for customers, regulatory compliance, and environmental sentiment
> Distributors perceive SEMS as critical to their company’s success; it is an opportunity for both competitive differentiation and to evolve traditional distributor business models
Introduction to Functional Safety and SIL CertificationISA Boston Section
This overview session will acquaint attendees with the key concepts in the IEC 61508 standard for functional safety of electrical/electronic and programmable electronic systems. An introduction is provided to safety integrity levels (SIL), the safety lifecycle and the requirements needed to achieve a functional safety certificate. Information will be provided on documentation requirements and an introduction to the basic objectives of product design for functional safety.
business model, business model canvas, mission model, mission model canvas, customer development, hacking for defense, H4D, lean launchpad, lean startup, stanford, startup, steve blank, pete newell, bmnt, entrepreneurship, I-Corps, autonomy, NSIN,
Would you like to know how SOTIF addresses possible hazards caused by intended behavior? Discuss the first draft of the SOTIF standard with international working group members and functional safety experts during the SOTIF Conference. Find out more here: http://bit.ly/SOTIF_Agenda_2019
System z Mainframe Data with Amazon S3 and Amazon Glacier (ENT107) | AWS re:I...Amazon Web Services
(Presented by CA Technologies) There are a lot of mainframes still out there, with a lot of data to back up and archive. CA Technologies (CA) is the largest mainframe software provider in the world. This session provides an overview and demo of CA’s Cloud Storage for System z solution used for mainframe storage backup to the AWS cloud. Traditional mainframe storage solutions are expensive and complex. For IT Directors, VPs of IT, VPs of Storage, and Storage Administrators, this session discusses how CA has partnered with AWS and Riverbed to provide an innovative solution that provides a low cost and secure solution for efficient backup and recovery of critical mainframe data.
You see a demo of Chorus managing data flow from the mainframe to the cloud using the Riverbed Whitewater appliance. You also hear from a demanding customer, Mark Behrje, Sr. Director Global Information Services, CA Technologies, about how they implemented quickly, how much they’ve reduced their backup TCO, and lessons learned.
Ten Things You Should not Forget in Mainframe Security CA Technologies
Given the current state of security and breaches in the news every day, you won’t want to miss this session. We will cover the top 10 areas that you should be reviewing as a security practitioner that most organizations overlook. With the knowledge taken from this session, you will be able to better educate your staff and auditors about how to take security to the next level for your business and protect z/OS®.
For more information, please visit http://cainc.to/Nv2VOe
Qualifying a high performance memory subsysten for Functional SafetyPankaj Singh
Addressing the Challenges of Safety verification for LPDDR4.
✓Avoid traditional approach of starting functional safety after functional verification : Iterative and expensive development phase
1. Functional Safety Need to be Architected and not added later.
2. Safety Analysis must start prior to implementation. ‘Design for safety/verification’
3. Reuse & Synergize : Nominal and Functional Safety Verification.
✓Fault optimization with formal and other techniques is necessary to overcome challenges with scaling simulation and analysis.
✓Integrated push button fault simulation flow is need of hour and saves verification engineers time.
✓Analog defect modelling and coverage can be performed based on IEEE P2427.
Model-Driven Development for Safety-Critical Softwaregjuljo
Presentation given at the IBM Systems Engineering Symposium, in 2012, about Model-Driven Development for Safety-Critical Software.
With special focus on the usage of Rational Rhapsody for C++ in real-time and safety-critical software development.
Software occupy an increasingly prominent place in the critical embedded systems : their size and complexity is increasing , while their criticality also continues to rise. In this context, how the aeronautical, space , automotive, industrial domains are facing these challenges ? Application of international standards is essential to define the scope of practices recognized by the community as " state of the art " in terms of producing safety critical software . What are these practices, the principles on which they are built ? Starting with (re)defining the concept of software criticality and placing this concept in the whole system, then we will try to answer all these questions. During this presentation , we will illustrate the point with examples from aeronautics, air traffic control , space , automotive or railway . Finally, we will take a look at some trends , particularly through standards recently released.
The purpose of this guide is to share insights on industrial vs commercial storage and assist you to make an informed buying decisions during the selection process
La sicurezza della rete non significa solo impedire o bloccare gli attacchi. Attraverso il virtual patching e l'analisi di contenuti e contesti, un ' Next Generation Intrusion Prevention System' puo' fornire una nuova dimensione di Security Intelligence per proteggere il business
Stefano Di Capua, HP Enterprise Secuirity Presales Manager Southern Europe
RCA OCORA: Safe Computing Platform using open standardsAdaCore
The railway sector is facing a major transition as it moves towards more fully automated systems on both the train and infrastructure side. This in turn, requires the development of appropriate, future-proof connectivity and IT platforms.
The Reference Control Command and Signalling Architecture (RCA) and Open Control Command and Signalling Onboard Reference Architecture (OCORA) have developed a functional architecture for future trackside and onboard functions. The RCA OCORA open Control Command Signalling (CCS) on-board reference architecture introduces a standardized separation of safety-relevant and non-safety-relevant railway applications and the underlying IT platforms. This allows rail operators to decouple the very distinct life cycles of the domains and aggregate multiple railway applications on common IT platforms.
Based on a Safe Computing Platform (SCP), the architecture accommodates a Platform Independent Application Programming Interface (PI API) between safety-relevant railway applications and IT platforms. This approach supports the portability of railway applications among IT platform realisations from different vendors.
Two of its authors will discuss the RCA OCORA architecture with emphasis on its safe computing framework. The talk will review the required operating system standards and the discuss the newly-released DDS Reference Implementation for Safe Computing Platform Messaging. While designed for rail, this architecture will have elements of interest for other industries.
Long-lived software is a challenge. This was seen very clearly a couple of years ago in the “US COBOL crisis”, but the reasons are less clearly understood, and are worth exploring. The speaker works in Computer Algebra, where “younger” systems are 30-40 years old, and the algorithmic kernel of SageMath, the newest major system, is actually 55 years old, and the people who can debug it are in single figures. More recently, very substantial retooling was required to enable Line 14, the driverless line, of the Paris Métro to be extended. Having reviewed these cases, the speaker will make some tentative suggestions for the management of long-lived software.
Rust and the coming age of high integrity languagesAdaCore
Rust is undeniably successful. In just over 7 year, it moved from a newly released language to one that is considered as a language for high integrity systems. This success did not happen in isolation - Rusts success is deeply rooted in a number of contributing environmental factors.
In this talk, I’d like to make the case why Rust success is due to a general ground shift in software development. What we are seeing is a resurging interest in software practices that were usually part of safety-critical environments being applied to non-safety related, mission-critical environments. On the other side, we are seeing the worlds of safety and security merging.
I’d like to take a step back and talk about coming opportunities, changes and chances not only for Rust, but also for other languages and products.
SPARKNaCl: A verified, fast cryptographic libraryAdaCore
SPARKNaCl https://github.com/rod-chapman/SPARKNaCl is a new, freely-available, verified and fast reference implementation of the NaCl cryptographic API, based on the TweetNaCl distribution. It has a fully automated, complete and sound proof of type-safety and several key correctness properties. In addition, the code is surprisingly fast - out-performing TweetNaCl's C implementation on an Ed25519 Sign operation by a factor of 3 at all optimisation levels on a 32-bit RISC-V bare-metal machine. This talk will concentrate on how "Proof Driven Optimisation" can result in code that is both correct and fast.
Developing Future High Integrity Processing SolutionsAdaCore
Rolls-Royce has been developing high integrity digital processing solutions for its safety critical aerospace engine controllers since the 1980s. By the turn of the century, the electronics industry experienced an inflection point. This resulted in a shift to a consumer driven market and a much-reduced focus on the harsh environment electronics and the extended life cycles required by the aerospace industry. As a result, Rolls-Royce took the decision to design its own microprocessor, and for the last 25 years, has been successfully developing harsh environment safety critical processing solutions for all its aerospace engines.
Alongside the ever-increasing performance expectations, the past few years have seen cyber-security become a major driver in new processor developments. This presents new and interesting development challenges that will need to be addressed.
Taming event-driven software via formal verificationAdaCore
Event-driven software can be found everywhere, from low-level drivers, to software that controls and coordinates complex subcomponents, and even in GUIs. Typically, event-driven software is characterised as consisting of a number of stateful components that communicate by sending messages to each other. Event-driven software is notoriously difficult to test. There are often many different sequences of events, and because the exact order of the events will affect the state of the system, it can be easy for bugs to lurk in obscure un-tested sequences of events. Even worse, reproducing these bugs can be difficult due to the need to reproduce the exact sequence of events that led to the issue.
Formal verification is one method of solving this: rather than writing tests to check each of the different possible sequences of events, automated formal verification could be used to verify that the software is correct no matter what sequence of events is observed. In this talk, we will look at what capabilities are required to ensure that this will be successful, including what it means for event-driven software to be correct, and how to ensure that the verification can scale to industrial-sized software projects.
Pushing the Boundary of Mostly Automatic Program ProofAdaCore
With the large-scale verification of complex programs like compilers and microkernels, program proof has realised the grand challenge of creating a “verifying compiler” proposed by Sir Tony Hoare in 2003. Still, the effort and expertise required for developing the program and its proof to feed to the “verifying compiler” will exceed the V&V budget of most projects. Another approach gaining traction is to automate the proof as much as possible. More specifically, by tailoring the proof tool to the strengths of a target programming language, leveraging an array of automatic provers, and limiting the ambition of proof to those properties for which proof can be mostly automated. This is the approach we are following in SPARK. In this talk, we will survey what properties can be “mostly” proved automatically, and what this means in terms of effort and expertise.
RCA OCORA: Safe Computing Platform using open standardsAdaCore
The railway sector is facing a major transition as it moves towards more fully automated systems on both the train and infrastructure side. This in turn, requires the development of appropriate, future-proof connectivity and IT platforms.
The Reference Control Command and Signalling Architecture (RCA) and Open Control Command and Signalling Onboard Reference Architecture (OCORA) have developed a functional architecture for future trackside and onboard functions. The RCA OCORA open Control Command Signalling (CCS) on-board reference architecture introduces a standardized separation of safety-relevant and non-safety-relevant railway applications and the underlying IT platforms. This allows rail operators to decouple the very distinct life cycles of the domains and aggregate multiple railway applications on common IT platforms.
Based on a Safe Computing Platform (SCP), the architecture accommodates a Platform Independent Application Programming Interface (PI API) between safety-relevant railway applications and IT platforms. This approach supports the portability of railway applications among IT platform realisations from different vendors.
Two of its authors will discuss the RCA OCORA architecture with emphasis on its safe computing framework. The talk will review the required operating system standards and the discuss the newly-released DDS Reference Implementation for Safe Computing Platform Messaging. While designed for rail, this architecture will have elements of interest for other industries.
Product Lines and Ecosystems: from customization to configurationAdaCore
Digitalization is concerned with a fundamental shift in value delivery to customers from transactional to continuous. For R&D this requires adopting processes such as DevOps and continuous deployment. Systems engineering companies using platforms need to adjust their ways of working and be cognisant of the role of the ecosystem surrounding them to capitalize on this transformation. The keynote talk will discuss these developments and provide industrial examples from Software Center, a collaboration between 17 large, international companies and five universities with the intent of accelerating the digital transformation of the European software intensive industry.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
2. 2
SAFE HARBOR
Forward-Looking Statements
Except for the historical information contained herein, certain matters in this presentation including, but not limited to, statements as to: our strategies, growth, position,
opportunities, and continued expansion; the performance and benefits of our products and technologies; the state of affairs of firmware and C; consequences of software
vulnerability; the benefits and impact of, development challenges with, and adoption path for, SPARK; and other predictions and estimates are forward-looking statements
within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements and any other forward-looking statements that go beyond
historical facts that are made in this presentation are subject to risks and uncertainties that may cause actual results to differ materially. Important factors that could
cause actual results to differ materially include: global economic conditions; our reliance on third parties to manufacture, assemble, package and test our products; the
impact of technological development and competition; development of new products and technologies or enhancements to our existing product and technologies; market
acceptance of our products or our partners’ products; design, manufacturing or software defects; changes in consumer preferences and demands; changes in industry
standards and interfaces; unexpected loss of performance of our products or technologies when integrated into systems and other factors. For a complete discussion of
factors that could materially affect our financial results and operations, please refer to the reports we file from time to time with the SEC, including our Form 10-K for the
annual period ended January 27, 2019 and our Form 10-Q for the quarterly period ended October 27, 2019. Copies of reports we file with the SEC are posted on our website
and are available from NVIDIA without charge. These forward-looking statements are not guarantees of future performance and speak only as of November 13, 2019, based
on information currently available to us. Except as required by law, NVIDIA disclaims any obligation to update these forward-looking statements to reflect future events or
circumstances.
3. 3
Why SPARK for firmware?
Usage of SPARK at NVIDIA
Learn
Adoption Path
AGENDA
5. 5
FIRMWARE: STATE OF AFFAIRS
Omnipresent (PCs, supercomputers, IOT devices, cellphones, cars etc)
Executes at elevated privilege (higher than rich OS)
Attractive target for attackers to implant malware (ransomware, rootkit)
With OS security advancements, focus shifted to firmware
Developed predominantly in C
6. 6
C: STATE OF AFFAIRS
Security vulnerabilities continue to happen (or recur)
Memory corruption vulnerabilities (Buffer overflow, ROP etc)
Numeric truncation
Typos in ifdefs (ifdef READ_ABLE vs ifdef READABLE)
Regressions (security regressions usually invisible)
https://cve.mitre.org/ (Nov 10)
7. 7
C: DID WE UNDER INVEST?
Security vulnerabilities continue to happen despite
Usage of static analysis tools such as coverity
Compiler hardening techniques such as stack canary, address sanitizer
HW countermeasures
Negative tests (ex: fuzzing)
Peer reviews
8. 8
C: WHY DO PROBLEMS HAPPEN - 1
Static analysis tools
Do not cover enough
Get noisy as we try to extract more out of them and still fall short
HW countermeasures
Expensive
Can’t solve all issues
9. 9
C: WHY DO PROBLEMS HAPPEN - 2
Fuzzing
Very time consuming
Tricky for firmware (crashes are costly)
Peer reviews
Not enough reviewers (practically unsolvable scalability problem)
Reviewers may not have domain knowledge
Humans get tired and less effective as code grows
10. 10
C: WHY DO PROBLEMS HAPPEN - 3
Developers
Lack training (difficult to find courses on FW let alone FW security)
Lack the time for training
Lack the mindset
Attackers are getting smarter
Tools for reverse engineering becoming cheaper and widely available
11. 11
CONSEQUENCES OF VULNERABILITY
Even a single incident could be disastrous
Millions of $s of penalty
Product recall
Man years lost in IR (Incident Response)
Brand damage
Lost sales
Lives lost
13. 13
SPARK
A language and a set of tools
Language is a large subset of Ada
Tool: GNATprove
Formal Verification
Built in goodness: AORTE / Silver
User contracts
14. 14
SPARK: A PROBLEM SOLVER - 1
Static analysis
High quality
Low noise
[Peer] Reviews (automated)
Machine never gets tired
Reviewers freed up to focus on more important parts ➔ Scalability problem less severe
15. 15
SPARK: A PROBLEM SOLVER - 2
HW countermeasures
No need to pay (for some of them)
And yet better results
Fuzzing
No fuzzing required
Significant machine hours savings
Reduced time to market
16. 16
SPARK: A PROBLEM SOLVER - 3
Developers
Don’t need to know or test for many classes of attack
Gets even better with SPARK contracts
Regressions reduced
20. 20
WHERE ARE THESE SPs?
C
R
O
S
S
B
A
R
SP SP SP
Graphics /
Compute
E
E
P
R
O
M
Internal Bus External Bus
GPU Board
FB
Board / Die
21. 21
DETAILED SP USAGE
Secure boot
Video decoding
DRM
Power management
Clock and voltage programming
And more...
22. 22
HW TARGET: VARIATIONS
RISCV is brand new, falcon has been around since over a decade
Transition from falcon to RISCV underway and will take time
RISCV can address larger IMEM and DMEM
Does not mean space constraints have disappeared entirely (low power RAMs, EEPROM, boot perf)
RISCV uses native compiler while falcon uses CCG
23. 23
SW TARGET: SAMPLE USER CONTRACTS
Simple / Mid level
If mutex has been acquired, it shall be released under all exit paths
Tainted data can not be consumed without sanitization (abstraction + contracts)
Advanced
Memory model: Whenre-sizing a protection region, every byte that was previously
Part of protection region but no longer is, shall be scrubbed
Not part of protection region, shall stay unchanged
25. 25
DEVELOPMENT CHALLENGES - HW
Require highly optimized code
Space constraints (IMEM/DMEM, Low power RAMs, EEPROM)
Performance constraints
26. 26
DEVELOPMENT CHALLENGES – SPARK - 1
New language (for Nvidia)
Need to find equivalent of every tool / trick being used with C
Safety cert makes it furthermore challenging
Need to study specs such as Cert-C and MISRA to craft equivalent rules + checkers
Small community
Lack of reviewers (“we don’t know what we don’t know”)
Engineering efficiency impacted
27. 27
DEVELOPMENT CHALLENGES – SPARK - 2
Bit fields (Ada records converted to bit fields by CCG)
Not portable in C
Unbearable code bloat ➔ One of the grounds for SPARK rejection in a potential use case
Lack of support in popular IDEs (ex: Visual Studio)
Additional learning curve ➔ displeasure
29. 29
ADOPTION PATH
POC (Proof Of Concept) with handholding and mentorship
Ramping up on more FWs under mentorship
Started with boot firmware on falcon (but not all parts)
Added RISCV bootrom
Hope to convert more critical components from C to SPARK
Don’t expect to convert all FWs (not practical in near future)
30. 30
SPARK SUMMARY
Very appealing for
Security and safety critical applications
Addressing scalability concerns (of critical expertise)
Not entirely free of challenges. So, pick the targets wisely