By Rick Anderson and Arlen Baker
In recent months, Wind River has offered a free software security assessment on our website.The survey is open to anyone and asks ten very brief yes/no security questions about your software system.
Each question focuses on a different aspect of security as spelled out by the Wind River Helix Security Framework. This framework is built on the industry standard Confidentiality, Integrity and Availability (CIA) Triad. The assessment includes questions about your system’s ability to detect threats, limit access, data encryption, boot processes, and data separation to name a few of the areas.
We have had significant response to the assessment and, indeed, some of the results were quite enlightening. Unfortunately, they were also troublesome, indicating most software systems have a lot of work to do to improve security. It’s fair to say that while an understanding of how to protect software systems has improved over the last few years, actual protection of those systems has yet to occur.
The first question in our online assessment asks about your system’s ability to detect behavior outside of its intended function. 53% of the respondents answered “yes”, meaning 47% of the systems were unable to perform this vital function. Structuring the system to support an Attestation scheme is a significant step in quickly detecting an attack on the device. Defining memory regions that do not change after the initialization process can have message digests calculated over these regions. These baseline values can then be used to compare against calculations done as the device operates. Any change in these calculations can indicate the system is under attack.
One of the most critical areas for protecting your software system revolves around continuous monitoring of security patches in third party software used in your system. Often known as Common Vulnerability and Exposures (CVEs), this monitoring function requires dedicated resources to continuously scan for security threats and fixes. 56% of the respondents indicated this function did not exist for their software systems. Luckily for Wind River customers, we have a dedicated team that monitors our products as well as third party packages we use in our products. This team also gets involved in Day 0 Threats as they become known. For insights about ongoing updates, our Security Center link is a good one to bookmark. Our CVE Database allows you to enter your product and version and see all known vulnerabilities. It provides a description of the problem, a list of products affected, key dates associated with the threat, the priority and other details, like links to patches.
59% of the respondents said their data at rest was not protected by encryption. With modern systems, this can be done both easily and quickly. The availability of security engines (e.g., Trusted Platform Module, Configuration Security Unit, SEC Engine, etc.) can be used to provide a hardware-based solution in securing customer’s data on the device. FIPS (Federal Information Processing Standard) 140-2 is a good benchmark for validating the effectiveness of cryptographic hardware and provide external evidence that your system is secure.
The highest “yes” response we received came in at 63% and was for the question: Does your system limit access to critical OS functions? This aligns to the security principle of least privilege, which states that an entity should be restricted in access to only those resources required to fulfill its function. This minimizes the damage to the entire system if a component of the system is attacked. This approach also can be used to detect an attack when malicious software attempts to access a system function that it is not authorized to execute.
If you haven’t already taken the brief assessment, take a few minutes and see how you do. For more insights on how Wind River can help, we encourage you to learn about our professional services or contact us. Security is always top of mind at Wind River!