The number of networked devices at this year’s International Consumer Electronics Show (CES) was mind-boggling. No area was spared.
Automotive wireless connectivity ranged from the delivery of real-time traffic information to Internet access. Cars already feature a growing number of networks for everything from engine control to passenger entertainment. Many of these wired and wireless networks are isolated more often than they are tied together. This leads to more flexibility and potentially more functionality. But as any security expert will tell you, it increases the potential attack surface.
Remote services such as location tracking for automobiles are popular. So are communication services like OnStar from General Motors. These applications can be used to track stolen cars and help deploy emergency personnel in the event of an accident. Some technologies can even set the maximum speed of a vehicle involved in a car chase, should law enforcement officials request it. Unfortunately, these same tools can be used for nefarious purposes if the system is compromised.
Likewise, the home is quickly becoming more connected to a wide range of sources. Linking home computers to the Internet was just the beginning. Power and water systems are being linked to utility companies to better report home usage. Wireless support is being pushed as a plus for heating, ventilation, and air conditioning as well (HVAC).
The good guys in security keep the bad guys out of your home and car. Yet how that security is implemented and how it is layered are key to how vulnerable a system will be.
The network spreads the scope of the problem, but the security of each node is what’s important. Network communications can be monitored or compromised. Encryption and authentication can help these vulnerabilities, but they don’t alleviate the need to secure the node.
WE LIKE ISOLATIONS Secure, bugless applications are a laudable goal for most programmers, though they’re difficult to deliver in practice. Hardware tools such as memory management units (MMU) and virtual-machine management (VMM) provide a mechanism to isolate errant or nefarious applications within a node.MMUs provide application isolation while allowing the application to access memory arbitrarily. An operating system normally handles the MMU and application dispatching. VMMs move to the next level by virtualizing the MMU so the application or an operating system has full access to the virtual machine. A hypervisor is an operating system tailored to manage VMM support.
Using a hypervisor to isolate applications and operating systems running at different security levels is becoming more common (see the figure). This is the same mechanism used to meld different operating systems including legacy code onto a single computing platform.
The underlying hypervisor is key to the success and security of this approach. This is one reason why hypervisors tend to be as small as possible. The National Information Assurance Partnership (NIAP), a U.S. government initiative operated by the National Security Agency (NSA), has certified Green Hills’ Integrity-178B platform at Common Criteria Evaluation Assurance Level (EAL) 6+, High Robustness. This provides a pedigree, but Green Hills is not alone in this space.
Still, certification is a significant step, and Green Hills will be taking advantage of it. The company’s Integrity Global Security LLC subsidiary will target corporations and organizations that require highsecurity platforms. The Integrity real-time operating system (RTOS) will likely be a central part of solutions delivered by the subsidiary.
However, there is much more than just using a hypervisor to isolate environments like Linux and Windows. This is because the design of the security system is usually complex. Deployment can be even more challenging, but neither is possible without a good understanding of the security issues, attacks, and support necessary to make a secure and robust environment.
I expect Green Hills efforts to be the tip of the iceberg when it comes to security. It has been an area that most designers and programmers have ignored or addressed improperly. We will have to wait and see if security garners more comprehensive support from the industry in 2009.