ELISA Workshop Spring 2022

Workshop kickoff welcome session. Kate and Shuah will give an overview of ELISA project and Technical Strategy. This session is intended as an introductory session for new comers and ELISA members that aren't regular participants in the Working Groups.

The recently proposed "Runtime Verification Monitor" framework ([1]) has the capability of monitoring the Kernel Drivers / Subsystems to behave as expected and to protect them against interference from within the Kernel itself. The session will explain how the RVM framework works with a specific focus on the Watchdog Monitor that has been proposed in the patchset [1] and how it can support a functional safety claim

[1]:https://lore.kernel.org/lkml/a0c00c72bdb6fc183a67df3c8d913f990e2b522b.1644830251.git.bristot@kernel.org/T/itors inside the Kernel

Network with other attendees by joining the Hallway Conversation zoom meeting between sessions and during break times. This will be a great time to connect with colleagues on shared ELISA topics, continue conversations from sessions, and make new connections.

The idea is to discuss, if there is room for an (industrial) IoT work group within ELISA. The framing would consider light weight SOUP safety standards, but focusing on those touch points which are not fully covered by other use case driven WGs.

Assuming we are reaching an arguable SOUP Linux variant state a lot of questions to operate a product are to be considered. They involve license handling (e.g. with SPDX), handling of CVEs, a lot of testing (e.g. with KernelCI), extra long term Kernel updates (e.g. OTA), guidelines how to utilize new hyped technologies (e.g. container, Xen-virtualization), how to manage scalable product variants and more.

A bunch of these topics are already handled in other projects such as AGL, CIP, OpenChain, SPDX, but for creating a mixed-criticality product all these elements need to be linked together for a proper argumentation.
This discussion should settle opinions whether ELISA is a proper place to start such a work group or if there are better communities to reach out.

Last year the ISO26262 standard community realised the need for a guideline to accommodate the qualification of complex pre-existing SW products and decided to kickoff a new ISO PAS 8926 task-force. Red Hat decided to actively participate and to contribute to this international effort by sharing its recognised expertise on Operating System and "open-source" development processes. This talk will give a summary of the ISO PAS 8926 status, the next steps and the Red Hat strategy to collaborate. 

Trust, transparency, and integrity of software supply chains is at the center of many of the global security and safety challenges confronting communities around the world, including government agencies and the industries that support them or provide our critical infrastructure. The pandemic, utility ransomware attacks, the attack on SolarWinds, and the Ever Given have brought supply chain security, resilience, integrity, transparency, and trustworthiness into sharpened focus to a broader audience, and the many inadequacies have surfaced regarding timely access to reliable suppliers, software, and stocks of fuel, personal protective equipment, micro-electronics, medical devices, and food supplies, to name a few.

At the same time, the computerization of everything gave rise to pervasive cyber threats for more and more of the capabilities and infrastructure we and our organizations rely upon to function – including those stemming from vulnerabilities inherent in repurposed software of often dubious provenance and unknown pedigree. Further complicating this landscape is the increasingly globalized nature of the technology in these systems and lack of transparency. Adversaries large and small seek to inject themselves into every conceivable stage of software technology development, supply, and support, for disruptive, monetary and intelligence goals of their own.

This session will discuss the capabilities emerging across industry and government to assess and address the challenges to providing trustworthy software supplies with assurance of integrity and transparency to their composition, source, and veracity – the building blocks of software supply chains we can gain justifiable confidence in at scale and speed.

This talk will give an overview of the address space descriptors and critical Kernel code involved along different scenarios (process creation, memory allocation, context switch, etc.) and raise a discussion on the next steps. 

Present the methodology to apply STPA to software non-physical system and application of case study on dynamic memory allocation.

Network with other attendees by joining the Hallway Conversation zoom meeting between sessions and during break times. This will be a great time to connect with colleagues on shared ELISA topics, continue conversations from sessions, and make new connections.

RAFIA (Risk Analysis, Fault Injection and Automation) is a safety approach proposed by Codethink, which addresses the challenges of creating safety argumentation and supporting evidence for systems involving open source software. This talk provides an update on how this approach is being applied and refined, both as part of ELISA workgroup activities and in Codethink's own projects.

Discuss the Linux configuration for available instance types ( such as VM/barematal instance types in AWS, GCP, AlibabaCloud etc. ) , discuss the trade off between performance and configurations that potentially contribute to safety; find the best practice for Linux configuration.

Create a common understanding of mixed-criticality processing on Linux and the related problems, collect and discuss alternatives for addressing the problems. 

Within the Automotive WG weekly session we have a small group of engineers working on the telltale use case and the STPA analysis for the same. The workshop session should reach a wider audience who can contribute by practical experience in field of Automotive and especially telltale use case to challenge and support the concept which has been created so far.

It is beneficial and we recommend that you attend Mixed-Criticality Processing on Linux prior to this session.

Network with other attendees by joining the Hallway Conversation zoom meeting between sessions and during break times. This will be a great time to connect with colleagues on shared ELISA topics, continue conversations from sessions, and make new connections.

Discussion and brain storming session. Set goals for next quarter for ELISA and derives goals for WGs based on ELISA goals.