Safe and Secure system -Setting The Stage

Defining the problem. Threats, implications and user views.

October 13 09:40-12:10

A track covering two full days will be allocated to the subject Safe & Secure Systems.  The first session is setting the stage and showing the potential threats and their implications when all embedded devices start to communicate.

Presentations will be made by:

Christopher Smith and Urban Sanderek, Green Hills Software

We are constantly reminded that safety and security are both extremely important – without one or the other, disasters occur with loss of life, intellectual property and money. From vendors of embedded systems to enterprise infrastructure, is enough being done to meet 21st century threats and challenges?
How safe, reliable and secure do these systems need to be? What role do international standards play as the software industry strives for higher levels of safety and security. Are there practical methodologies that developers can apply to create software that is far more robust that most commercial software? This session will provide an introduction to the Embedded Conference track on Safe and Secure Systems.

Biographies:
Christopher Smith is Worldwide Vice President of Marketing of Green Hills Software, Inc. Mr. Smith has over 25 years experience in engineering, sales and marketing of embedded and real-time systems and software. Mr Smith is an advisory board member for Embedded Systems Conferences (US/UK), Embedded World (Germany), a member of The IET Microelectronics, Embedded Systems and Signal Processing Technical and Professional Network Executive Team and a Professional Member of the British Computer Society.

Urban Sanderek is Field Applications Engineer at Green Hills Software AB. Mr Sanderek has over 10 years of experience in embedded software design, working with real-time operating systems, software design environments and design processes in the telecoms and military industries. He has also taught real-time software design and other software design courses at Swedish universities.

Magnus Melin and Richard W Lageren, C2Solutions

"Information security and risk management regarding embedded devices"

Generic IT-security and personal integrity and means to protect yourself and your business

• Social communities and networking websites, who am I, where am I, what do I do, how do other people perceive me.
• “Google identity” vs. real life identity
• Social engineering and information mining.
• Who owns the information? Remote synchronization services, blogs, “cloud computing”

Information security and risk management on handheld devices,

• Handling information on handheld devices
• Viruses and malicious code

Threats and vulnerabilities in the daily use of mobile phones and PDAs.

• Tracking and localization
• Theft, loss of information control
• Connectability, trust. How much can I as a user trust my connection, Wifi, hotspots and operators.
• Roaming users. The way in. Bringing your trojan horses to work.

Security in embedded system and software development

• Basic and fundamental security regarding embedded system development
• Threats and vulnerabilities, upgrades, updates, injections, hidden functions, hacks
• Lack of knowledge regarding the need of firewall and anti malware functionality

Richard Widh Lagerén
Richard is a Senior IT-security specialist with primary focus on Secure Systems integration. Over the years he has worked on several large complex projects for governmental, military and commercial customers. With an University degree in Computer engineering and Electronics and deep experience from working as an IT-professional since 1995, Richard is currently working with high level security solutions and accreditation within the Swedish Armed Forces.

Magnus Melin
Magnus is a senior information security consultant with a broad experience from several accreditation and information security management projects where he worked for both government agencies and civilian businesses. Magnus has a Masters Degree in System Analysis and has received the Certified Information Systems Security Professional (CISSP) and Information Systems Security Management Professional (ISSMP) certifications. As of late Magnus has been working for a government agency managing a Information Security Management System (ISMS) project.