embedded security

9 articles

Top Five Variables Influencing the Approach to Device Security

By AJ Shipley In my previous blog post, I covered the importance of having security built in and not bolted on.  In this blog post, I’ll outline the top five key variables that are influencing how we approach device security -- a topic particularly top of mind as I spend this week at the RSA Conference. 1. Connectivity to the enterprise…

Simplifying the Security Approach

By AJ Shipley As a security professional in the business of helping Wind River customers protect their systems from malicious intent I am frequently asked how they should approach security.   Here are my thoughts on a tried and true approach to security. At a very high level, you can approach security from one of two possible paths; you can secure…

Improving Embedded Operating System Security Part 6: Harden the System Against Attack

By Bill Graham In the previous posts I’ve discussed various steps that need to be taken in order to improve security, but these are all preventative measures that require validation before a device is ready for market. Enabling the security features of your embedded OS is the first step, but it’s important to test the system continuously throughout development. The…

Improving Embedded Operating System Security Part 5: Securing Code and Data

By Bill Graham Secure the Boot and Execution Embedded systems are vulnerable at boot time. For example, it’s common for hobbyists to re-flash consumer products’ firmware to change the way it operates. However, malicious attacks on device boot up and operation are undesirable for mission critical systems. In addition, devices often allow updates via web interfaces or other remote access…

Improving Embedded Operating System Security Part 3: Secure Your Network Communication

By Bill Graham Many security issues with embedded systems stem from their connection via a network with access open to a large population (enterprise network) or even directly to the Internet.  Also, devices designed for small local private networks are increasingly connected to large corporate networks or the Internet directly. It’s safer to assume that all external connections to your…

Improving Embedded Operating System Security Part 2: Enable a More Secure Configuration

By Bill Graham  Despite the hype surrounding the state of embedded security, many of the runtime platforms that these systems are based on can be made more secure through proper configuration. Moreover, it’s important to keep the platform updated since the RTOS likely has many security vulnerabilities fixed that were present in older versions.  Default configurations for embedded operating systems…

Improving Embedded Operating System Security

By Bill Graham Security has quickly risen to the top of mind for embedded developers in the last year. Although the Stuxnet worm was a wake up call for the embedded industry, there have been several other notable incidents since. For example, attackers where able to gain control of a home insulin pump and change its settings (source http://www.cbsnews.com/8301-501465_162-20088598-501465.html). In…

Five Steps to Improving Embedded System Security

By Bill Graham Embedded device security needs to be integrated into the development lifecycle of the product rather than being an afterthought. The following are high level guidelines that embedded systems designers should consider when addressing security. This is not a prescriptive methodology, but intended to highlight an approach that looks at embedded security as a development lifecycle issue from…

The new front in cyber warfare: embedded systems

At the recent Take Down Conference, a scheduled talk on security vulnerabilities in SCADA (Supervisory Control And Data Acquisition) systems was cancelled due to direct requests from the Department of Homeland Security and Siemens (CNET - "SCADA hack talk canceled after U.S., Siemens request" . The request was made because the details of the vulnerabilities and the exploits associated with…