As someone who has been working in security for past 10 years and systems / network admin for another 10 before that, I don't even know what a firewall is supposed to be any more.
Also, since I've worked on military systems a lot, I suppose a military grade firewall is just iptables for which someone has written a shitty gui (that might as well just be a webshell) and packaged it into a green rugged box.
Consider this. Almost every car on the road today has an unsecured bus going back to like the 1980s. However you need to actually access the car to do something malicious so the threat vector is zero; since if you have access to the car you can also just cut brakes or put in a pipe bomb.
The only reason why this paradigm changes in the EV era is because the insistence on having EVs phone home. Now you can concievably hack all EVs of this model at once and that is now realistic and even attractive to do. But again not a necessity for running a car. Just something that modern software focused companies want to see that leads to a host of expensive security issues that didn’t exist before. The car could be airgapped with the dealer network used to flash software updates like they do with most other cars before EV era.
The threat is not exactly zero. In some cases, thieves can get physical access to the bus from outside the car, and then inject messages to unlock it, start the engine, and drive away: https://kentindell.github.io/2023/04/03/can-injection/
Sure someone in that situation could also "just cut brakes or put in a pipe bomb" but car theft is a lot more common than assassination, at least where I live.
> Almost every car on the road today has an unsecured bus going back to like the 1980s. However you need to actually access the car to do something malicious
See [1] from 2023, where popping the headlight gives access to the bus. Lack of internal security then gives a way to steal the car.
The threat just isn't the same as the one you are modeling.
Security will come eventually, if only to prevent bad publicity.
I think anybody using this term has a shallow understanding of network security and just bundles it all mentally into a “thing” that stops all the bad stuff from happening.
I know that "military grade" has some relevant distinction in automotive. For example, normal car parts are designed to withstand "up to 80°C" and military grade means "up to 120°C". That has an impact on material choices and cooling.
Such a thing exists though usually not called “military-grade” per se. It is more similar to a data diode [0] than a classic firewall but has significant differences from either.
Data streams are converted into a sequence of objects that are required to have and satisfy certain formally verifiable properties as a pre-condition of forwarding. Any data or objects that cannot satisfy formal analysis requirements are dropped. Forwarding policies are only applied to objects that meet the prerequisite of being rigorously analyzable.
This behavior is bidirectional. It applies equally to data egress to mitigate internal threats and accidental data leakage. The internal mechanics can be pretty complicated and they necessarily operate on a store-and-forward basis. The data objects may be “laundered” by the firewall, what you send may not be exactly what the other side receives.
To make this work, the wire protocol, data representation, etc must be designed specifically to allow this kind of rigorous analysis and work well within these constraints. It usually won’t work on a random web stream and the data representation often sacrifices efficiency of storage for efficiency of verification and analysis at runtime.
In reality, virtually no one uses this type of tech outside of defense and intelligence because it won’t let almost any of the standard web stack slop through.
I guess it's the same as a 'bulletproof firewall'. Just a colloquial saying indicating both high importance and required quality expected for operation in strong adverserial environments.
a firewall that prevents someone getting direct access to CAN bus and ECU, and sending messages like: "Key present", "Engine start", just by connecting to the wires of the headlight lamp (by prying a fender next to headlight)
peanut-walrus|9 months ago
Also, since I've worked on military systems a lot, I suppose a military grade firewall is just iptables for which someone has written a shitty gui (that might as well just be a webshell) and packaged it into a green rugged box.
kjkjadksj|9 months ago
Consider this. Almost every car on the road today has an unsecured bus going back to like the 1980s. However you need to actually access the car to do something malicious so the threat vector is zero; since if you have access to the car you can also just cut brakes or put in a pipe bomb.
The only reason why this paradigm changes in the EV era is because the insistence on having EVs phone home. Now you can concievably hack all EVs of this model at once and that is now realistic and even attractive to do. But again not a necessity for running a car. Just something that modern software focused companies want to see that leads to a host of expensive security issues that didn’t exist before. The car could be airgapped with the dealer network used to flash software updates like they do with most other cars before EV era.
cibyr|9 months ago
Sure someone in that situation could also "just cut brakes or put in a pipe bomb" but car theft is a lot more common than assassination, at least where I live.
fn-mote|9 months ago
See [1] from 2023, where popping the headlight gives access to the bus. Lack of internal security then gives a way to steal the car.
The threat just isn't the same as the one you are modeling.
Security will come eventually, if only to prevent bad publicity.
[1]: https://arstechnica.com/information-technology/2023/04/crook...
ETA: Just as the sibling says...
rangestransform|9 months ago
I would rather have OTA updates than enable parasitic middlemen to siphon money out of me
SAI_Peregrinus|9 months ago
klysm|9 months ago
qznc|9 months ago
No clue about firewalls though.
jmb99|9 months ago
I don’t know what constitutes a “military grade firewall” but presumably something that stops that. Or at least tries to.
jandrewrogers|9 months ago
Data streams are converted into a sequence of objects that are required to have and satisfy certain formally verifiable properties as a pre-condition of forwarding. Any data or objects that cannot satisfy formal analysis requirements are dropped. Forwarding policies are only applied to objects that meet the prerequisite of being rigorously analyzable.
This behavior is bidirectional. It applies equally to data egress to mitigate internal threats and accidental data leakage. The internal mechanics can be pretty complicated and they necessarily operate on a store-and-forward basis. The data objects may be “laundered” by the firewall, what you send may not be exactly what the other side receives.
To make this work, the wire protocol, data representation, etc must be designed specifically to allow this kind of rigorous analysis and work well within these constraints. It usually won’t work on a random web stream and the data representation often sacrifices efficiency of storage for efficiency of verification and analysis at runtime.
In reality, virtually no one uses this type of tech outside of defense and intelligence because it won’t let almost any of the standard web stack slop through.
[0] https://en.wikipedia.org/wiki/Unidirectional_network
Jiocus|9 months ago
cosmicgadget|9 months ago
reliablereason|9 months ago
"military grade" is often used as a marketing term used for things that pretend to be built to be extra strong.
In this case it is a stupid term to use to describe a firewall cause a firewall either works or it does not.
PeterStuer|9 months ago
kersplody|9 months ago
Jiocus|9 months ago
slt2021|9 months ago