Make Security Your New Year's Resolution For 2009

Jan. 29, 2009
The number of networked devices at this year’s International Consumer Electronics Show (CES) was mind-boggling. No area was spared. Automotive wireless connectivity ranged from the delivery of real-time traffic information to Internet acc

The number of networked devices at this year’s International Consumer Electronics Show (CES) was mind-boggling. No area was spared.

Automotive wireless connectivity ranged from the delivery of real-time traffic information to Internet access. Cars already feature a growing number of networks for everything from engine control to passenger entertainment. Many of these wired and wireless networks are isolated more often than they are tied together. This leads to more flexibility and potentially more functionality. But as any security expert will tell you, it increases the potential attack surface.

Remote services such as location tracking for automobiles are popular. So are communication services like OnStar from General Motors. These applications can be used to track stolen cars and help deploy emergency personnel in the event of an accident. Some technologies can even set the maximum speed of a vehicle involved in a car chase, should law enforcement officials request it. Unfortunately, these same tools can be used for nefarious purposes if the system is compromised.

Likewise, the home is quickly becoming more connected to a wide range of sources. Linking home computers to the Internet was just the beginning. Power and water systems are being linked to utility companies to better report home usage. Wireless support is being pushed as a plus for heating, ventilation, and air conditioning as well (HVAC).

The good guys in security keep the bad guys out of your home and car. Yet how that security is implemented and how it is layered are key to how vulnerable a system will be.

The network spreads the scope of the problem, but the security of each node is what’s important. Network communications can be monitored or compromised. Encryption and authentication can help these vulnerabilities, but they don’t alleviate the need to secure the node.

WE LIKE ISOLATIONS Secure, bugless applications are a laudable goal for most programmers, though they’re difficult to deliver in practice. Hardware tools such as memory management units (MMU) and virtual-machine management (VMM) provide a mechanism to isolate errant or nefarious applications within a node.

MMUs provide application isolation while allowing the application to access memory arbitrarily. An operating system normally handles the MMU and application dispatching. VMMs move to the next level by virtualizing the MMU so the application or an operating system has full access to the virtual machine. A hypervisor is an operating system tailored to manage VMM support.

Using a hypervisor to isolate applications and operating systems running at different security levels is becoming more common (see the figure). This is the same mechanism used to meld different operating systems including legacy code onto a single computing platform.

The underlying hypervisor is key to the success and security of this approach. This is one reason why hypervisors tend to be as small as possible. The National Information Assurance Partnership (NIAP), a U.S. government initiative operated by the National Security Agency (NSA), has certified Green Hills’ Integrity-178B platform at Common Criteria Evaluation Assurance Level (EAL) 6+, High Robustness. This provides a pedigree, but Green Hills is not alone in this space.

Still, certification is a significant step, and Green Hills will be taking advantage of it. The company’s Integrity Global Security LLC subsidiary will target corporations and organizations that require highsecurity platforms. The Integrity real-time operating system (RTOS) will likely be a central part of solutions delivered by the subsidiary.

However, there is much more than just using a hypervisor to isolate environments like Linux and Windows. This is because the design of the security system is usually complex. Deployment can be even more challenging, but neither is possible without a good understanding of the security issues, attacks, and support necessary to make a secure and robust environment.

I expect Green Hills efforts to be the tip of the iceberg when it comes to security. It has been an area that most designers and programmers have ignored or addressed improperly. We will have to wait and see if security garners more comprehensive support from the industry in 2009.

About the Author

William G. Wong | Senior Content Director - Electronic Design and Microwaves & RF

I am Editor of Electronic Design focusing on embedded, software, and systems. As Senior Content Director, I also manage Microwaves & RF and I work with a great team of editors to provide engineers, programmers, developers and technical managers with interesting and useful articles and videos on a regular basis. Check out our free newsletters to see the latest content.

You can send press releases for new products for possible coverage on the website. I am also interested in receiving contributed articles for publishing on our website. Use our template and send to me along with a signed release form. 

Check out my blog, AltEmbedded on Electronic Design, as well as his latest articles on this site that are listed below. 

You can visit my social media via these links:

I earned a Bachelor of Electrical Engineering at the Georgia Institute of Technology and a Masters in Computer Science from Rutgers University. I still do a bit of programming using everything from C and C++ to Rust and Ada/SPARK. I do a bit of PHP programming for Drupal websites. I have posted a few Drupal modules.  

I still get a hand on software and electronic hardware. Some of this can be found on our Kit Close-Up video series. You can also see me on many of our TechXchange Talk videos. I am interested in a range of projects from robotics to artificial intelligence. 

Sponsored Recommendations

Comments

To join the conversation, and become an exclusive member of Electronic Design, create an account today!