Stephan Janouch – Technical Marketing Director, EMEA, Green Hills Software – will present ’10 rules to build unsecure embedded systems’ at the 2024 IoTSF conference at London’s IET on Wednesday 23rd October.
One of the biggest trends of the 21st century is global connectivity, driven by the internet and the plethora of its applications. While much of this internet-based connectivity remains in the virtual space, an even more fascinating system has become a reality: the Internet of Things (IoT).
As we all know, the term IoT refers to a group of physical objects, including computers, devices, vehicles and sensors, that exchange data and/or services via the internet. Applications resulting out of or benefitting from this technology are incredibly diverse, ranging from automatically controlled industrial production to smart systems within a house or a community, or value-added services while operating a vehicle.
With the constant addition of new products and services to the IoT, like connected vehicles, smartphones or personal AI assistants (e.g. the Humane AI Pin), the question arises of whether ‘the’ IoT is secure. Undoubtedly, new devices mean new attack surfaces and a greater impact of potential security breaches. While, of course, most manufacturers should have a solid understanding of security measures by now, it remains an ongoing race between hackers and developers.
So, how should security be handled when developing a product that will be connected to the IoT now or later? One answer shows a surprising analogy to real racing: go for lightweight and built-for-purpose components.
For example, consider the operating systems used in many computer systems: Windows and Linux. Both operating systems are based on big monolithic kernels (typically tens of millions of lines of code) and were never designed to be secure. Normally, Windows security concepts consist of a firewall, an antivirus tool and a VPN connection. However, Windows already has hundreds of known vulnerabilities, and many more still unknown or zero-day vulnerabilities that may render the rudimentary security measures listed above useless.
Using such a general-purpose operating system in your private home is risky, with this risk being somewhat acceptable as a private computer typically is only online for a limited amount of time (still you may lose personal data and/or money). However, for safety-critical systems such as self-driving vehicles, medical equipment or critical infrastructure, a security breach can make the difference between life and death. Hence, when building such a system, it’s crucial to base it on proven secure technology. Suppliers, like Green Hills Software, offer real-time operating systems for safety-critical and security-critical embedded systems.
The INTEGRITY operating system family, for example, was designed to meet the highest standards for safety and security and therefore provides military-grade security in commercially available software. Being a separation kernel operating system, INTEGRITY keeps all drivers, middleware stacks and applications outside the kernel space, offering a predefined whitelisting of communications channels between address spaces.
With this approach, if a hacker found an exploitable vulnerability in a 3rd party application running in an address space, their access would be limited to that one address space, and they would have no access to the rest of the system. Furthermore, the system could determine unusual behaviour and either shutdown the address space or reload it as appropriate.
Of course, the Green Hills’ real-time operating systems do not offer all the same functions, services and capabilities as e.g. Windows. However, the INTEGRITY RTOS can virtualize a general-purpose operating system (e.g. Windows, Linux) to run non-critical applications, keeping it isolated from safety-critical applications and providing the secure foundation for a critical system.
Designing with good software practice for both safety and security on a separation kernel leads to a more reliable device too. This makes sense even if there’s no imminent threat visible for a given application because like in racing, something always happens unexpectedly, with unforeseen consequences. Take, for example, the recent ransom hack of a dairy farmer in Zug (Switzerland), which ended in the tragic death of a cow and calf.
The race is on, so you’d better be ready.