VxWorks

9 articles

Medical Device Security

By Jeff Fortin A recent study published by GAO caused quite a bit of uproar over medical device security. The GAO declared in its report [read more] that the FDA has not put enough oversight in the premarket approval (PMA) of certain medical devices that are susceptible to threats. In the report the GEO referred to an experiment described in…

First Line of Defense

By Ka Kay Achacoso Designing security into a device requires an understanding of the nature of the attacker.  The cost of security implementation, including  acquiring the technology carrying out the processes, scales up with attacker sophistication.  A rule of thumb is to make the device tampering cost higher than the benefits gained from a security breach.    Wind River’s VxWorks…

Improving Embedded Operating System Security Part 6: Harden the System Against Attack

By Bill Graham In the previous posts I’ve discussed various steps that need to be taken in order to improve security, but these are all preventative measures that require validation before a device is ready for market. Enabling the security features of your embedded OS is the first step, but it’s important to test the system continuously throughout development. The…

Improving Embedded Operating System Security Part 5: Securing Code and Data

By Bill Graham Secure the Boot and Execution Embedded systems are vulnerable at boot time. For example, it’s common for hobbyists to re-flash consumer products’ firmware to change the way it operates. However, malicious attacks on device boot up and operation are undesirable for mission critical systems. In addition, devices often allow updates via web interfaces or other remote access…

Improving Embedded Operating System Security Part 4: Partition Systems to Protect Essential Components

By Bill Graham An effective security technique is to separate different major components of a system into partitions. In some cases these partitions are physical, i.e., separate devices with physical separation. With modern virtualization technologies these partitions can be virtual, in software, on the same device or processor. An example of this would be combining a general purpose OS (GPOS)…

Improving Embedded Operating System Security Part 3: Secure Your Network Communication

By Bill Graham Many security issues with embedded systems stem from their connection via a network with access open to a large population (enterprise network) or even directly to the Internet.  Also, devices designed for small local private networks are increasingly connected to large corporate networks or the Internet directly. It’s safer to assume that all external connections to your…

Improving Embedded Operating System Security Part 2: Enable a More Secure Configuration

By Bill Graham Despite the hype surrounding the state of embedded security, many of the runtime platforms that these systems are based on can be made more secure through proper configuration. Moreover, it’s important to keep the platform updated since the RTOS likely has many security vulnerabilities fixed that were present in older versions.  Default configurations for embedded operating systems…

Improving Embedded Operating System Security

By Bill Graham Security has quickly risen to the top of mind for embedded developers in the last year. Although the Stuxnet worm was a wake up call for the embedded industry, there have been several other notable incidents since. For example, attackers where able to gain control of a home insulin pump and change its settings. In a recent…

Detecting security problems – using static analysis to catch them early and less expensively

By Bill Graham In my previous post I discussed the potential benefits in quality and costs that static analysis brings to software development. In addition to common coding errors, many of the bugs found by static analysis are potential security defects as well.  Buffer overflow, OS command injection, unrestricted string format and integer overflows are among the top 25 most…