By Marc Brown, Vice President of Tools and Marketing Operations, Products Group, Wind River
Security is a heavily overloaded term, meaning different things to different people. In the embedded systems world, news on security is often about Stuxnet or similar attacks where an enemy can control devices remotely and shut them down, make them behave abnormally, or worse, cause equipment failure and destruction. In the enterprise world there is news of information breaches and sensitive data exposure which often seems to be unrelated to embedded systems. However, for embedded security it’s important to consider both the safe and correct behavior of the system and the data it may store or transmit. These two key areas of security concerns and priorities are as follows.
First is Information Assurance, this is all about protecting and preserving data. The top priority for information assurance is the data the device stores or transmits, typically this data is confidential or, in government and military applications, it’s highly sensitive possibly secret or top secret. The embedded device must be designed in such a way that it’s very, very difficult for an attacker to gain access to the stored or transmitted information on the device. This protection can include external, network based attacks but also where the attacker has physical access to the device as well. Correct and safe operation of the device is not necessarily the top priority for information assurance.
The second key area is cyber security – where the aim is to protect the device from intrusion from the outside world to prevent failure, incorrect or unsafe behavior. The chief aim of cyber security is to prevent unwanted manipulation of the behavior of the devices. Leaking or exposing data is not a primary concern of cyber security.
The key areas of embedded device security are shown in the following diagram:
Managing device security risk is about prioritization and balance between these two key aspects of information assurance and cyber security. Its not an either-or scenario – no manufacturer wants their device to protect data but be easily disrupted due to attacks. Alternatively, many classes of devices do not handle sensitive data but their correct and safe operation is paramount. However, as machine-to-machine communication grows into important parts of our infrastructure (e.g. the Smart Grid for our electrical system) automation devices maybe safety critical and handle confidential information. Understanding these two key areas of security and managing the risks in both areas is critical for secure embedded device design.
The Next Steps
Understanding the security priorities for your embedded device is important but only part of secure device development approach that needs to start before your devices is designed and built.
* Threat assessment – understanding the security threats to your device, the attack vectors and the desired response from the device under such attacks.
* Secure design – designing security into your device as a key requirement. Employing secure design and development techniques.
* Proper runtime selection – selecting and building upon a secure runtime platform. Embedded operating systems need to support advanced security techniques, communication and data security and robust and reliable operation.
* Securing the applications – applications must be designed and architected for security. Importantly, the device should restrict application execution through whitelisting and greylisting techniques.
* Product lifecycle support – security needs to be designed into a product with platform, process and tools support throughout its lifespan.
In future posts we’ll be discussing the steps to embedded security in more detail.
For additional information about Wind River, visit:
Wind River is an Associate member of the Intel® Embedded Alliance