Securing Embedded Devices

Securing Embedded Devices

Sitting at SFO waiting for a plane. Free WiFi means I can get a blog up before I head home. Design West 2013 is over and it turned out to be an interesting show. We shot a number of videos (see Design West 2013 on Engineering TV) and now have some slide shows up (see Design West 2013 Electronic Design slideshows).

Floor traffic was not dense but that was due more to the wide isles. Overall the tone was upbeat with a few things emerging from the fray.

In particular, real security is being addressed and vendors are starting to find traction. It could be the increasing number of attacks on embedded devices or the awareness that products being shipped today are vulnerable. Either way, products like Icon Labs' Floodgate Defender (Fig. 1) were getting a lot of lookers and a few takers.

Figure 1. Icon Labs' Floodgate Defender is ideal for legacy applications. It sits between an Ethernet node and the network providing protection from Internet attacks.

The Floodgate Defender is a compact gateway with a pair of Ethernet ports. It also has a host of other interfaces including USB and flash storage but typically these are not needed. The gateway provides a firewall for devices like SCADA nodes that may not have any network protection. Protecting legacy devices becomes more critical as they are connected to the Internet.

The gateway supports stateful packet inspection (SPI) as well as rule-based filtering. Policies can be used with a batch of Defenders to easily manage large collections of devices. A secure web interface can also be used to configure communication policies.

Icon Labs is also working with Zilog that has put similar support on their own eZ80Acclaim microcontroller. This allows embedded developers to incorporate the same features as the Floodgate Defender into new devices without having to modify the host processor or software. The system can block packet flooding and other denial of service attacks as well as port scanning.

I also spoke with McAfee about their embedded security software. This software runs on the host and provides a range of prevention facilities including whitelist control of applications. Like Icon Labs' solutions, individual control or group management is possible. We will have a video on Engineering TV abou this soon. I'll add the link when it is up.

Finally, I talked with Lynuxworks this week. They did not have a booth at the show but we did talk about how they are using their hypervisor support to detect and prevent bootkit and rootkit viruses. The approach is similar to Green Hills Software that was showing off mobile devices with a split personality (see Reliable Safety-Critical Software At Design West 2013).

The plane is here so I better get this posted. More later.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.