Question

An organization designs and develops safety-critical implemented firmware (Inclusive of embedded OS and services) for the automotive industry. The organization has taken great care to exercise secure software development practices for the firmware. of Paramount importance is the ability to defeat attackers aimed at replacing or corrupting running from where once the vehicle leaves production and is in the field. Integrating which of the following host and OS controls would best protect against this threat?

1. Configure the host to require measured boot with attestation using platform configuration registers extended through the OS and into application space

2. Implement out- of– band monitoring to analyze the state of running memory and persistent storage and, and a failure mode, signal a check engine light condition for the operator

3. perform reverse engineering of the hardware to assess for any implanted logic or other supply chain Integrity violations

4. ensure the firmware includes anti-malware services that will Monitor and respond to any introduction of malicious logic.

5. Required software Engineers to adhere to a coding standard, leverage static and dynamic analysis within the development environment, and perform exhausted State space analysis before deployment

Answer 1