The notion of 15 billion intelligent connected devices within the next few years makes me wonder if the embedded industry is ready to meet the security challenges of this fast-approaching era. Connecting all these devices to the Internet will potentially allow every person in the world to reach out and touch your product. Will devices like hospital bedside patient monitors become vulnerable to attack by hackers and viruses? Will high school hackers cause auto accidents by commandeering traffic signals? ...Not to mention an organized terrorist threat against our infrastructure. Adding pervasive connectivity to embedded devices requires some fresh thinking about security and Intel® Virtualization Technology (VTTM) can play a key role in the solution.
Virtualization is defined as multiple Operating Systems (OS) running on a single physical machine (processor). The OSs can be multiple instances of the same or a mix of different ones, even a combination of a general purpose OS with an RTOS. While widely adopted in the IT space- especially for server farm consolidation, it's perhaps less known that virtualization can also be applied to embedded applications in a number of different usage models both on single- and multi-core processors. One of those uses is security. And this is not limited to devices that provide an explicit security function- like a network firewall- but encompasses securing connected devices of all types.
Let me start by looking at embedded applications that are at extreme end of the security scale. There are certain systems that have forever been subject to rigorous requirements for security and safety- defense communications systems and aircraft flight controls being excellent examples. Indeed these systems are so critical that they are tightly regulated and certified by government agencies such as the NSAhttp://community.edc.intel.com/t5/forums/postpage/board-id/#_ftn1 and FAAhttp://community.edc.intel.com/t5/forums/postpage/board-id/#_ftn2  (Note that for the purpose of this article I am viewing safety-critical as a superset of security-critical as both rely on some common principles and techniques).
One key concept employed in extreme security implementations is isolation. This involves separating the security-critical code and completely isolating it from the rest of the system. In some older systems this was even done by running the isolated code on a separate processor (long before multi-core). Along came an architecture known as Multiple Levels of Security (MLS) which is intended to reduce the size, complexity, and ultimately the costs and speed of deploying security-critical code. MLS defines four conceptual layers of separation: separation kernel and hardware; middleware services; trusted applications; and distributed communications, and requires that each of these components be separated from the others. To obtain government approval, a solution must be highly trusted- which means it is mathematically validated by formal methods. Cost aside, the sheer complexity of this process constrains the software components, e.g. the separation kernel, to a very small footprint. Today there are various separation kernels shipping based on Intel® Architecture (IA) processors that help meet various levels of system certification.
What does this have to do with virtualization? Well, virtualization provides an excellent foundation for implementing the MLS architecture. The figure below shows a conceptualized example of using virtualization to isolate the network connectivity component from the "core application" of an embedded device. The connectivity software which could be susceptible to external attack runs in its own partition and is prevented from overwriting, or even accessing data in the other partition.
So you ask, "what's new? Virtualization's a decades old concept, isn't it? That's true enough. But in the past virtualization was confined to specialized, proprietary, high-end servers and mainframes. What's new is the ability to implement virtualization on Intel® embedded processors in a cost-effective and power-efficient manner and with high performance. This is made possible by Intel® Virtualization Technology (VTTM), a suite of hardware assist features built into IA processors, combined with software provided by member companies of the Intel® Embedded and Communications Alliance.
Of course it would be silly of me to suggest that the Internet-connected infotainment system in my car needs anywhere near the same security as an aircraft but I thought it would be worth thinking about the extreme solution to see what can be borrowed and perhaps down-scaled for the "Internet of Things."
What I've discussed here is just one of the many aspects of security, and Intel® VTTM is but one of a broader family of Intel technologies that help you build a secure system. In a future blog, I plan to write about two other powerful features of IA processors: Intel's Trusted Execution Technology (TXT), and Active Management Technology (AMT).
Is your embedded product ready to be connected to the world? I'd be interested to learn if virtualization fits into your product plans.
This post is based in part on an Intel® Technology Journal article. To read the full article, visit:
J. Felix McNulty
Intel® Embedded Design Center Community
http://community.edc.intel.com/t5/forums/postpage/board-id/#_ftnref1 U.S. National Security Agency
http://community.edc.intel.com/t5/forums/postpage/board-id/#_ftnref2 U.S. Federal Aviation Administration