By Paul Anderson
It’s the wrong question, really. Are my financial and medical records secure? What about all that information stored in the cloud? What about my desktop computer or cell phone? What about the power grid and other infrastructure? Should I be worried?
The answer to all those questions is “It depends on what you mean by ‘secure.’” One may need to consider: What is the definition security? Or what is an acceptable level of risk at that level of security?
For example, one way to prevent network security issues is to simply not have a network at all. Of course, even then, allowing any sort of external access to data via a storage device also creates a security hazard. And, some very clever people figured out how to “listen” to the RF emissions of computers to figure out what they are doing, so one would really need to put the machine in an RF-shielded room. And really, we wouldn’t want someone to plant a listening device or transmitter on the computer, so then we’d have to search people before they entered the room. But then, perhaps we shouldn’t have any sort of ability to store data externally or print information.
Oh… forget it. I’ll just go back to my pencil and paper. Oh… but what happens if someone gets a hold of my notebook? I’ll write in a secret code and store it in a safe. But… what if someone breaks into my safe? Hmmm… I guess I’ll just have to remember everything and not write anything down.
The point is, absolute security is very hard to achieve. There are secrets, and there are those who benefit from knowing those secrets. The higher the gain, the higher the risk that someone will work very hard to gain access to a given secret. As we have become more dependent on a connected and distributed computing infrastructure, the level of risk associated with security has increased many orders of magnitude. Some secrets may not spell disaster (like the fact that you have Lady Gaga as your ring tone on your smart phone), but then there are other secrets that if divulged could lead to the end of the world as we know it, like nuclear launch codes. Clearly there are different levels of security required to achieve the appropriate level of risk mitigation.
People have long devised methods to keep secrets. The earliest known ciphers go back thousands of years to the ancient times of the Egypt and Greece. Security and cryptography have been interwoven into history since then, often with the outcome of major world events hinging on the success or failure of an attempt to keep secrets. However, it really took the mass adoption of computers and ubiquitous network connectivity for the average consumer to come face to face with the importance of security. With several recent attacks on desktop computers, IT infrastructure, cell phones, and gaming consoles, the consumer has a new appreciation for security.
However, the issue of security is nothing new to the professionals who have dedicated many years of study and hard work to define standards and best practices related to security. International standards have been created to allow a common way to define and implement security requirements. One such standard is the Common Criteria for Information Technology Security Evaluation (CC) that defines security assurance levels that have gained acceptance in the global marketplace. Also defined are the methods by which security levels are evaluated known as the Common Methodology for Information Technology Security Evaluation (CEM). The combination of these standards allows those specifying, designing, and building IT systems and infrastructure to use a common framework and standard. As the demand for higher levels of security assurance increases, so will the mandate to comply with security standards such as these.
Now, let’s go back to the question of the security of Linux. There are many who claim that one OS is more or less secure than another OS. An old thought was that “security through obscurity” was the answer. If people did not have access to the source code, they couldn’t figure out how to exploit the operating system. For very small operating systems that are carefully controlled, and designed specifically to meet higher security requirements, that may be true. However, for general purpose operating systems, there are two basic flaws with that argument. The first is that no matter how hard people try to keep code secret, if someone wants it bad enough, they will get it. The second is that it does not require source code to figure out how to exploit an operating system. Along came open source (not just Linux) with the idea that the more eyeballs you have looking at code, and the more you have people with the White Hats on trying to break the code, the more robust the code will be over time. As it turns out, that was a good idea, and in general, the more people try to break things, the better the code becomes over time.
For commercial grade infrastructure where security assurance levels are needed, certified implementations of Linux are needed. For general purpose operating systems, some commercial vendors offer versions of Linux at the lower levels of the Common Criteria Evaluation Assurance Levels (EAL). For embedded applications, Wind River and other commercial operating system vendors have certified to higher assurance levels.
Wind River has recently combined the best of both worlds with the introduction of Wind River Linux Secure 1.0, which has been certified to the Common Criteria Evaluation Assurance Level 4+ (EAL4+) by the National Information Assurance Partnership (NIAP) using the General Purpose Operating System Protection Profile (GP-OSPP) Its cryptographic library is also certified to Federal Information Processing Standard (FIPS) 140-2, conforming to the requirements defined by the National Institute of Standards and Technology (NIST). For embedded designs using Linux where a higher degree of security assurance is required, such as military, aerospace, industrial, and medical devices, Wind River Linux Secure 1.0 provides a certified base platform to accelerate time to market and reduce costs. Now companies can confidently match their security needs with an open architecture software platform designed to comply with national security criteria.
As security mandates and regulations become stricter across broader markets, the need for security-certified embedded Linux platforms will only continue to increase. For those beginning to design and develop secure embedded platforms, a discussion with Wind River is definitely a smart way to start.