 |
By Paul Parkinson
On Wednesday, it will be exactly ten years since I joined Wind River.
I was thinking about this on my flight to San Francisco on Saturday, and as well as wondering how I long I've spent watching the VxWorks boot loader counting down to zero on the serial console over the years, I was also reminiscing about my early days with the company.
By Paul Parkinson
I've recently finished updating presentations on The Essentials of Multicore Software and Challenges of Security Software Development for our forthcoming Aerospace & Defence Conferences which we are holding across Europe in November.
It's been interesting to think about how multicore
can be used in technology refreshes and applied to new programmes. I'm
looking forward to discussing these issues with customers, as well as
understanding their security requirements, particularly as the need for
interoperability continues to grow.
By Nikhil Chauhan
Wi-Fi Alliance launches a specification called Wi-Fi Direct that allows WLAN (Wireless LAN) devices to connect directly without an Access Point in between. Well, well, this appears to be a war of worlds between the WLAN and Bluetooth camps because this surely will fit the use cases of Bluetooth users. Does this also mean the end of WLAN Access Points (AP)? That's yet to be seen.
802.11 WLAN technology, as you might be aware of, offers two types of WLANs: 'Ad Hoc' and 'Infrastructure'. The 'Ad Hoc', termed as IBSS (Independent Basic Service Set), allows two WLAN stations to talk to each other directly. In other words, this is technology that exists today. So, what's the new hoopla around Wi-Fi Direct.
By Paul Parkinson
I am looking forward to Defence Systems and Equipment International (DSEi), the world's largest fully integrated international defence exhibition, which is being held in London from 8-11th September 2009. In preparation for the event, I've been setting up some Wind River VxWorks MILS 2.0 demos on a Curtiss-Wright VPX6-185 board.
VxWorks MILS is Wind River's implementation of the Multiple Independent Levels of Security (MILS) security architecture, which can host applications running at different security classifications, including multilevel secure (MLS), on the same platform. VxWorks MILS is able to do this by implementing information flow control, data isolation, periods processing and damage limitation, whilst ensuring that data does not leak from one partition to another through either overt or covert channels. The demos also show how Wind River Workbench can perform concurrent debugging of multiple partitions, which is invaluable when developing multi-partition systems.
By Mike Deliman
So with all this virtualization going on, one computer can run multiple copies of an OS (or multiple OSs), all acting like they own the whole computer. With only some fancy shim layer keeping them from corrupting themselves and everything else, what are the implications for security? Security is an issue that has been raised more frequently as computers have become more powerful and the network more pervasive. I mean, viruses spread fast enough when the World Wide Web was mostly single computers with modems dialing up to servers. In this day of broadband everywhere and constant connections, doesn't virtualization present a special problem? Doesn't a machine running 10 virtual servers just mean that a virus gets to invade 10 servers for the price of entering one machine? Let the SPAM flow! NOT!
By Mike Deliman
This morning we've made a couple of announcements that will hopefully surprise and delight the Real Time computing community. Wind River is releasing two new products that have their base in virtualization: Wind River's Hypervisor, and Wind River's MILS 2.0. Both of these products introduce platform virtualization, used in different ways. Wind River's implementations allow for a "flotilla" of OS's" to be run amongst a "sea of Cores" - it can be run as a one-to-many, many-to-many, or many-to one configuration (that is with SMP, one OS can be run by many cores, the Hypervisor is capable of running / scheduling many OS's among many cores, and both the Hypervisor and MILS 2.0 are capable of running many OS's over one shared core).
Both of these products are very high-powered and sophisticated. Both products are designed with an eye to the future. The Hypervisor itself can be used in SMP, AMP, Supervised-AMP and cooperative multicore configurations, and can also be configured to paravirtualize several Operating Systems and run them all (time-share style) on a single core. The MILS 2.0 product is designed specifically to paravirtualize OS's and run them on a single shared-core with a high degree of separation maintained by the MILS 2.0 separation kernel.
By Alex Wilson
Today we launched our VxWorks MILS 2.0 product, details can be found on our web on the VxWorks MILS Page.
VxWorks MILS 2.0 previously went into evaluation at NIAP at Common Criteria EAL 6+ and has been discussed by Paul Parkinson on his blog.
I was interested in this release as the product addresses a lot of the concerns and challenges we are facing in this difficult time. If you have been following the reports coming out of the Paris Airshow, you will have seen many signs of the economic problems facing the commercial airline industry and the hope that the defence industry carries us through to new economic growth.
By Paul Parkinson
In case you missed the news, VxWorks MILS 2.0 has officially entered formal security evaluation at Common Criteria EAL 6+ (NIAP website).
So what does this mean for Wind River's customers? Well, VxWorks MILS 2.0 will enable them to develop applications to what the US National Security Agency (NSA) defines as "High Robustness".
Many people are familiar with Communications Security (ComSec), which involves the secure transmission and reception of information across networks, using technologies such as encryption and firewalls. However, what is less well known is Information Security (InfoSec), which involves the secure transformation of information between applications, subsystems, or networks. This is becoming an increasingly important requirement in systems, where there is the need for applications to handle data of different security classifications and to ensure that only that the authorized data flows are allowed and no unauthorized information disclosure can occur.
By Mike Deliman
Diebold has apparently gaffe'd their software again. Their ATM systems run software based on Windows. This gives me a perfect opportunity. Recently some of my friends heard me talking about our MILS software starting under it's evaluation path. I heard a question being asked more and more about government programs and practices, "okay, but what good does this do for me?" In the article mentioned above we have an excellent example of where MILS could benefit the average person every day:
But Yerrapragada told SCMagazineUS.com that machines need run-time control software to ensure nothing can tamper with authorized applications. "You could have firewalls and hardening, but... if those things are not patched, you are out of luck," he said.
By Paul Parkinson
Yesterday, I had strong sense of déjà vu as I read the news story 'Major cyber spy network uncovered' (BBC News), which reports on a 10-month investigation by the Information Warfare Monitor (IWM) into a cyber espionage network, which they called GhostNet. This has a number of similarities with the plot within the novel 'The Edge of Madness' which I discussed in a previous blog.
The IWM report ''Tracking Ghostnet: Investigating a Cyber Espionage Network' is comprehensive to say the least, and I expect that people will find it either fascinating or terrifying, depending on their disposition. The IWM report is available to view online at the IWM website, but I found it more convenient to download the PDF version from the F-Secure mirror site to read offline.
By Mike Deliman
Diebold Admits Systemic Audit Log Failure
SACRAMENTO, California - Premier Election Solutions (formerly Diebold Election Systems) admitted in a state hearing Tuesday that the audit logs produced by its tabulation software miss significant events, including the act of someone deleting votes on election day. The company acknowledged that the problem exists with every version of its tabulation software.
=======
I'll leave it to you to read the rest of the article. So how is it that a system used to select representatives to the highest office was built to such low standards that critical functions (such as deleting votes) can escape being logged? You mean there's no provision to protect this data from unauthorized access? How can this be?
By Paul Parkinson
The topic of data security is finding its way into mainstream media news reports these days, often due to high-profile lapses or breaches; and whilst encryption is sometimes mentioned in passing, the media reports rarely delve into the detail.
So, on Wednesday evening when I had the opportunity to attend a local history talk about the Enigma machine and other encryption devices, I jumped at the chance. In addition to listening to the talk, I saw a number of working exhibits, including two Enigmas and a Russian Fialka which was used in the Cold War.
By Paul Parkinson
One of the Christmas presents I received was the book The Edge of Madness by Michael Dobbs. It's a novel about cyber warfare and is set in the present day. Despite mixed reviews of the book in the media (Daily Telegraph, Guardian), I found it to be a gripping read, and finished it over two evenings.
The reason why it held my attention was because of its central theme: the imminent threat of cyber warfare against a nation through co-ordinated attacks against critical national infrastructure (banking, commerce, energy, telecommunications, etc.) bypassing national defence forces. Although we have yet to witness an offensive on this scale, there have been several instances of international cyber warfare in recent years, so perhaps these can only escalate in the future?
By Mike Deliman
The Protection Profile for Separation Kernels in environments requiring high robustness is starting to get a lot of attention. What is it? What is it about? What can it do for me?
If you're the average Joe, it's probably not going to mean much to you until products for information assurance and seals for conformance / validation start becoming popular. When that starts to happen, you'll want to see it on your bank's web-site, at the dentist's office, and over the door for your company's IT department. What the SKPP, or Protection Profile for Separation Kernels, is, is a document that describes the things a kernel must do in order to provide separation between instances of software in containers called partitions, and provide absolute control over any data flowing between any two of these partitions.
By Paul Parkinson
A few months ago I commented on some of the technical developments in passenger in-flight systems ('In-flight Internet access...and mobile phones too?'). In recent weeks, there have been some rapid developments, not on the technical front, but in terms of regulation and operation, with announcements from the UK telecommunications regulator Ofcom and the European Commission.
On the 26th March, Ofcom published the results of its consultation on the use of Mobile Communications on Aircraft (MCA). The executive summary summarizes the findings and Ofcom's decisions, but the full statement (PDF) provides much more detail, revealing a mixture of social, operational, safety and security issues.
By Paul Parkinson
Earlier today HMS Astute, the first boat in new submarine class for the UK Royal Navy was launched ('New UK nuclear submarine launched', BBC News). This is a significant event, as the Astute class submarine is an incredible technological achievement. For example: it can traverse the globe without surfacing because it can generate oxygen from sea water; and the Thales 2076 sonar (Aviation Week) has the world's largest number of hydrophones of any sonar system in service - it is claimed that under the right conditions an Astute in the English Channel could detect the QE2 cruise ship leaving New York harbour on the other side of the Atlantic Ocean (BAE SYSTEMS press release). You can read more about these amazing facts on the UK Royal Navy website; there's also a rare video clip of the inside of the Astute on the BBC News website, and there are some nice photos on the Gizmodo blog.
By Mike Deliman
Recently my cohorts Paul Parkinson and Doug Gaff
have been making a bit of noise about changes in the software industry
- evolution of software, and specialized software for military and
commercial avionics,and other applications that have strict time and
security requirements. Aside from requiring strict adherence to
standards, critical systems software - especially medical or flight
related - have an increasing litany of certification inspections it
must pass. In the secure-systems markets the same trend is evident.
Each of these markets are starting to require time- and space- critical
systems.
Let me define time and space critical.
By Mike Deliman
There's an old adage in the world of flight - space flight, or otherwise.
"Test as you fly, fly as you test."
It's pretty short and sweet and straight-forward. Don't fly what you haven't tested. Test exactly the ways you expect to fly.
In a big, round, wonderful world, it seems "funny" when we hear about problems related to living here. Problems like aircraft "flipping over" when they crossed the equator because they were adjusting to negative latitude - the coder hadn't thought far enough ahead to think about crossing the equator.
By Mike Deliman
Software Defined Radio. The term doesn't mean much to the average person. But to certain security and defense industry types, the word brings a gleam to their eyes: to them it means multiple levels of security, the ability to share and protect data, and the ability to change the encodings and waveforms that implement their protocols - on the fly.
But... what would this kind of technology mean to the average guy? In this BBC news item, the experts allude to a brave new world of wireless toys utilizing SDR. It kind-of glosses over the real guts and technology of SDR.
A&D
Ares Defense Technology Blog
Defense Industry Daily
The Mil And Aero Blog
Automotive
Autopia
Business Exchange Vehicle Telematics Blog
Car Tech
The Auto Beat
Embedded
EDN Embedded Webblog
The EE Times Blog
VDC’s On Target: Embedded Systems
Mobile
Android Developers Blog
AndroidGuys
LiMo Foundation Blog
Multicore/Virtualization
Go Parallel
Multicore Association
MulticoreInfo.com
Virtualization Journal
Virtualization Report
Virtually Speaking
Networking
OpenSAF Foundation
Scope Alliance
Service Availability Forum
Subscribe to RSS feed.
