Improving Embedded Operating System Security Part 4: Partition Systems to Protect Essential Components

By Bill Graham

Bill GrahamAn effective security technique is to separate different major components of a system into partitions. In some cases these partitions are physical, i.e., separate devices with physical separation. With modern virtualization technologies these partitions can be virtual, in software, on the same device or processor. An example of this would be combining a general purpose OS (GPOS) such as Microsoft Windows or Linux and an RTOS such as VxWorks on the same device but each runs in its own virtual environment. In this way security attacks and vulnerabilities on the GPOS do not affect the mission critical control done in the RTOS. Similarly, the GUI and remote access for a device can be in one partition and the control systems in another.  Remote attacks that deny service or crash the GUI partition do not affect the control systems.

The advantages to combining or consolidating systems are significant since it greatly reduces hardware complexity and costs. Leveraging virtualization and the latest multicore processors, this consolidation is now practical and cost beneficial. Moreover, the separation of critical and non-critical improves safety and security in these devices. Figure 1 shows an example of a partitioned embedded system.

ImprovingEmbeddedOperatingSystemSecurity_Figure1 (2)
An attacker maybe able to gain access or interfere with the GPOS in this example, they would not be able to affect the other partitions in the system. The virtualization layer can ensure proper share of processor time and access to hardware resources to prevent a crashed partition from interfering with the others. So if the GPOS was taken down or put into an infinite loop, for example, this wouldn’t stop the critical parts of the system from operating. In fact, a partition could be restarted to restore correct operation of the system. Moreover, systems can offer user and system spaces where downloadable content can be used and consumed (e.g. applications downloaded from an applications marketplace) without affecting the real-time mission critical components. The applications of virtualization and partitioning are numerous, I’d like to hear some of your use cases in the comments below.


For additional information from Wind River, visit us on Facebook.