Securing Embedded Devices

    April 26, 2013
    Embedded security was apparent at Design West 2013 or so says Technology Editor Bill Wong.

    Design West 2013

    Related Articles

    Sitting at SFO waiting for a plane. Free WiFi means I can get a blog up before I head home. Design West 2013 is over and it turned out to be an interesting show. We shot a number of videos (see Design West 2013 on Engineering TV) and now have some slide shows up (see Design West 2013 Electronic Design slideshows).

    Floor traffic was not dense but that was due more to the wide isles. Overall the tone was upbeat with a few things emerging from the fray.

    In particular, real security is being addressed and vendors are starting to find traction. It could be the increasing number of attacks on embedded devices or the awareness that products being shipped today are vulnerable. Either way, products like Icon Labs' Floodgate Defender (Fig. 1) were getting a lot of lookers and a few takers.

    Figure 1. Icon Labs' Floodgate Defender is ideal for legacy applications. It sits between an Ethernet node and the network providing protection from Internet attacks.

    The Floodgate Defender is a compact gateway with a pair of Ethernet ports. It also has a host of other interfaces including USB and flash storage but typically these are not needed. The gateway provides a firewall for devices like SCADA nodes that may not have any network protection. Protecting legacy devices becomes more critical as they are connected to the Internet.

    The gateway supports stateful packet inspection (SPI) as well as rule-based filtering. Policies can be used with a batch of Defenders to easily manage large collections of devices. A secure web interface can also be used to configure communication policies.

    Icon Labs is also working with Zilog that has put similar support on their own eZ80Acclaim microcontroller. This allows embedded developers to incorporate the same features as the Floodgate Defender into new devices without having to modify the host processor or software. The system can block packet flooding and other denial of service attacks as well as port scanning.

    I also spoke with McAfee about their embedded security software. This software runs on the host and provides a range of prevention facilities including whitelist control of applications. Like Icon Labs' solutions, individual control or group management is possible. We will have a video on Engineering TV abou this soon. I'll add the link when it is up.

    Finally, I talked with Lynuxworks this week. They did not have a booth at the show but we did talk about how they are using their hypervisor support to detect and prevent bootkit and rootkit viruses. The approach is similar to Green Hills Software that was showing off mobile devices with a split personality (see Reliable Safety-Critical Software At Design West 2013).

    The plane is here so I better get this posted. More later.

    About the Author

    William Wong Blog | Senior Content Director

    Bill's latest articles are listed on this author page, William G. Wong

    Bill Wong covers Digital, Embedded, Systems and Software topics at Electronic Design. He writes a number of columns, including Lab Bench and alt.embedded, plus Bill's Workbench hands-on column. Bill is a Georgia Tech alumni with a B.S in Electrical Engineering and a master's degree in computer science for Rutgers, The State University of New Jersey.

    He has written a dozen books and was the first Director of PC Labs at PC Magazine. He has worked in the computer and publication industry for almost 40 years and has been with Electronic Design since 2000. He helps run the Mercer Science and Engineering Fair in Mercer County, NJ.

    Email

    Continue Reading

    Sponsored Recommendations

    Comments

    To join the conversation, and become an exclusive member of Electronic Design, create an account today!