By AJ Shipley
As a security professional in the business of helping Wind River customers protect their systems from malicious intent I am frequently asked how they should approach security. Here are my thoughts on a tried and true approach to security.
At a very high level, you can approach security from one of two possible paths; you can secure the infrastructure that devices use to communicate with each other or you can secure the devices that are attaching to the infrastructure. Although great security requires addressing both the infrastructure and the devices, Wind River is specifically suited to securing the devices because of where Wind River products reside in the device stack.
A secure device is an orchestra of different security instruments including hardware security, application security, secure middleware, and secure communication stacks. The conductor of this orchestra is the operating system which can effectively weave all of these instruments together to create a security symphony.
Security requires an architectural, defense in depth, approach starting from the time a device is connected to another device until the time that device is taken out of service and destroyed. This defense in depth should include functions such as image signing and verification, secure and measured boot, runtime security like ASLR and application whitelisting, secure network authentication, authorization, and accounting (AAA) and secure communication channels. A secure development lifecycle and security testing are also necessary when building secure systems.
The security arms race requires an organization that can adapt quickly. At Wind River we develop secure product functionality in our generally available (GA) products, and are constantly evaluating and adding more security capabilities. When our customers require security capabilities that are not yet generally available, the Wind River Professional Services organization can augment Wind River's GA products to create custom and highly-differentiated security solutions to meet our customers evolving and unique security requirements.
I am always interested in having a conversation about security and helping our customers understand how to build security into their products and systems. If you are interested in learning more about the security capabilities of Wind River products or services or are struggling with how to add the right level of security to your products, feel free to reach out and contact me or any member of the Wind River organization.
For additional information from Wind River, visit us on Facebook.
Subscribe
"...until the time that device is taken out of service and destroyed"
That fits the description of a retiree also :).
If the "taken out of service" is a foreseeable event it can be programmed for. I mean the device can detect it is past due and selfdestruct. A microprocessor can determine that it was on for the required time-length and automatically refuse to reboot ( or permanently destroy its microcode). This destructive end of service will leave a void but nothing is irreplaceable after all.
Posted by: EOL | 06/10/2012 at 01:36 AM
Very infomative article. It provides a new insight in to how to achieve PCIDSS.
Posted by: iOS Application Development | 06/13/2012 at 12:53 AM
I removed it mlanauly, but mine didn't drop a rootkit. Kaspersky found it, but it wouldn't quarantine it (odd) but it helped me find it because it displayed the folder it was in (same as rogueamp's) and deleted it.. I found the way around this .exe problem. Right-click and click Run as admin. Then, I went to BleepingComputer and downloaded a file named FixNCR.reg. That fixed it. Then I ran MBAM and removed any remains and it found 3.
Posted by: Editha | 07/21/2012 at 01:24 AM