Improving Embedded Operating System Security Part 4: Partition Systems to Protect Essential Components
By Bill Graham
An effective security technique is to separate different major components of a system into partitions. In some cases these partitions are physical, i.e., separate devices with physical separation. With modern virtualization technologies these partitions can be virtual, in software, on the same device or processor. An example of this would be combining a general purpose OS (GPOS) such as Microsoft Windows or Linux and an RTOS such as VxWorks on the same device but each runs in its own virtual environment. In this way security attacks and vulnerabilities on the GPOS do not affect the mission critical control done in the RTOS. Similarly, the GUI and remote access for a device can be in one partition and the control systems in another. Remote attacks that deny service or crash the GUI partition do not affect the control systems.