Simplifying the Security Approach

By AJ Shipley

AJ Shipley Blog PhotoAs a security professional in the business of helping Wind River customers protect their systems from malicious intent I am frequently asked how they should approach security.   Here are my thoughts on a tried and true approach to security.

At a very high level, you can approach security from one of two possible paths; you can secure the infrastructure that devices use to communicate with each other or you can secure the devices that are attaching to the infrastructure.  Although great security requires addressing both the infrastructure and the devices, Wind River is specifically suited to securing the devices because of where Wind River products reside in the device stack.

A secure device is an orchestra of different security instruments including hardware security, application security, secure middleware, and secure communication stacks.  The conductor of this orchestra is the operating system which can effectively weave all of these instruments together to create a security symphony. 

Security requires an architectural, defense in depth, approach starting from the time a device is connected to another device until the time that device is taken out of service and destroyed.  This defense in depth should include functions such as image signing and verification, secure and measured boot, runtime security like ASLR and application whitelisting, secure network authentication, authorization, and accounting (AAA) and secure communication channels.  A secure development lifecycle and security testing are also necessary when building secure systems.

The security arms race requires an organization that can adapt quickly.  At Wind River we develop secure product functionality in our generally available (GA) products, and are constantly evaluating and adding more security capabilities.  When our customers require security capabilities that are not yet generally available, the Wind River Professional Services organization can augment Wind River's GA products to create custom and highly-differentiated security solutions to meet our customers evolving and unique security requirements.

I am always interested in having a conversation about security and helping our customers understand how to build security into their products and systems.  If you are interested in learning more about the security capabilities of Wind River products or services or are struggling with how to add the right level of security to your products, feel free to reach out and contact me or any member of the Wind River organization. 

 

For additional information from Wind River, visit us on Facebook.