We take Internet connectivity for granted in our PCs, but the fact is that Internet support is coming to embedded systems of all types. Applications from military & aerospace to industrial to medial utilize the Internet as way to share data. Security is paramount in such applications. It’s extremely convenient, for example, when a factory system can be managed and updated over the Internet. But such a system connected to the public Internet must be completely secured from any malicious or accidentally-damaging code. Embedded designers can use technologies such as Intel® Virtualization Technology (VT) and Intel® Trusted Execution Technology (TXT) to provide such security.
Kontron* and Intel have collaborated on a project to develop a security methodology with research being conducted at the University of Applied Science in Deggendorf, Germany. The work is focused on the development of proof-of-concept security-system designs that utilize Intel® Architecture (IA) initiatives such as VT and TXT along with other accepted security mechanisms including the Trusted Platform Module (TPM) technology that’s promulgated by the Trusted Computing Group of which Intel is a member.
The research has focused on several scenarios. One is the connection of legacy systems to the Internet. In such a case the studied methodology includes adding a secure system that acts as a firewall to handle the communications. A second scenario focuses on the need for a secure boot chain in a case where the required operating system (OS) doesn’t include a secure-boot mechanism. The researchers are studying VT as a way to add a second secure OS that boots first and then boots the non-secure OS. A third scenario is focused on highly-secure applications in which separate security and application OSs are always required.
The Figure below shows a block diagram of the system that’s being used to research and validate the security capabilities. The design relies on a carrier board with the CPU functionality hosted on a computer-on-module (COM) design. Such a design could use the industry-standard COM Express modular technology, ETX modules originally developed by Kontron and now supported by the ETX Industrial Group, or alternatives such as the Qseven module developed by the Qseven Consortium.
The design utilizes TPM ICs on both the carrier board and COM platform. The embedded designer can determine whether the TPM security should be associated with the carrier or CPU module. TPM combined with a TXT-enabled CPU allows the system designer to create isolated execution environments or partitions that can be safely accessed remotely by a system with the correct TPM encryption key. TXT is supported across most of the latest IA processors and chip sets including the second-generation Intel® Core™ 2 processors -- the Intel® Core i7, i5, and i3 families.
The virtualization layer provides the isolation between the secure OS and either legacy OSs with no security or perhaps an OS with no secure boot capability. The ongoing research is using the open-source Xen hypervisor, and that hypervisor is the only software entity that has direct access to the physical hardware.
Kontron has published an initial whitepaper that details the ongoing research. The paper entitled “Standardized security principles for embedded computing industries” details the hardware structure of the researchers test system as well as the steps in a secure boot chain. The research has utilized a variety of Kontron ETX modules,.
Embedded design teams can apply the methodology described in the whitepaper with different combinations of hardware and software. Indeed the techniques could be applied to single-board computers that integrate TXT and TPM features.
If you want more background on the software side of the topic, there are a number of blogs on the topic including “Virtualization boosts security for Internet-connected devices” written by Felix McNulty.
Moreover a number of software companies support VT technology and offer hypervisors capable of securing partitions in a multi-OS system. Green Hills Software** for example offers Integrity Secure Virtualization for its Integrity real-time OS. Likewise Wind River*** offers the Wind River Hypervisor for applications including military & aerospace, industrial, medical, and other applications with a security requirement.
Have you used virtualization technology to implement a secure system? Please share you experience with other followers of the via comments. What would you like to know more about in the security area? And what design challenges are you facing? Community members may surprise you with the help that they can offer.
Roving Reporter (Intel Contractor)
Intel® Embedded Alliance
*Kontron is a Premier member of the Intel® Embedded Alliance
**Green Hills Software is an Affiliate member of the Alliance
***Wind River is an Associate member of the Alliance