“In space,” read a T-shirt worn by one attendee at the DEF CON hacker conference in Las Vegas last week, “no one can hear you get hacked.” And, increasingly, no one can independently test your software to root out vulnerabilities, according to a presentation there by The Aerospace Corp.’s top cybersecurity expert Brandon Bailey.
With the growing commercialization of space, Bailey pointed out, more and more space systems are running commercial, proprietary, closed-source computer programs, which he characterized as “black box software” because no one outside the company that produces it can get access to the source code.
“Go and ask SpaceX if you can analyze the source code for the Falcon 9—they’re probably not going to let you,” Bailey told Air Force Magazine in an interview.
He contrasted this with more traditional space systems, often using government- or contractor-designed custom software to which engineers and researchers had much greater access.
“In the past, we were operating with more of a white box mentality. And we had full source code access at times,” he told the audience in his presentation. “So we’re trying to figure out, how do we tackle this problem moving forward as we are getting more and more black box software to perform mission-critical activities” in space.
The issue will grow more urgent as more commercial, off-the-shelf technology is deployed in both government and private-sector space systems, he said.
Black box software is a cybersecurity issue, experts say, because one of the main ways to root out vulnerabilities in software—the flaws in a program that let hackers break into and take over computer systems—is to analyze the source code. This is known as static analysis.
When the source code is installed, it is compiled into what’s called a binary—a file of machine language, the 1s and 0s that actually run the computer. Because they’re compiled into machine language, binaries are not amenable to traditional static analysis.
With proprietary software for conventional computers, such as the Windows or Mac operating systems, Bailey explained, cybersecurity researchers can get around this problem quite simply. They just load the software onto a PC with any associated peripherals, such as printers, and switch it on. They can then analyze the binary as it is running—a process known as dynamic analysis.
But in space systems, the software programs generally don’t run on conventional computers such as PCs. Instead, they tend to be embedded in exotic hardware such as the nozzles that control fuel flow or the motors that move an antenna. “When that black box mentality extends itself to spacecraft, and embedded systems, that can be a problem because … with embedded systems, you need the targeted hardware to run it on,” explained Bailey.
He described to the audience at DEF CON a number of different workarounds for this problem—tools that could perform static analysis on binaries, for example.
Bailey said he had been researching the topic, on and off, for “the last few years” but had found only a handful of tools. “For embedded processors and spacecraft, it’s such a niche market. There’s not a whole lot of capabilities out there that can really unpack all these niche architectures that we would see on a spacecraft,” he said.
The issue was that there wasn’t a mass market. “From a commercial perspective, you have got to have a lot of users to make it beneficial from a cost benefit point of view to produce some sort of products or tools to do things.”
Bailey said the automotive industry provided a possible model. “More and more software is being executed on your car, … and the car manufacturers are accepting risk from all [this software] that they don’t know about.” Driven by concerns about their liability for software flaws, automotive manufacturers were seeking to develop tools for, among other things, static analysis of binaries, Bailey said.
“So I see that very interesting parallel with space as we move into this commercialization and start pulling products off the shelf,” he said.