Tuesday 30 April 2013

Security for embedded devices

New features added to the LynxSecure separation kernel help protect embedded systems from advanced cyber threats

LynuxWorks are adding new security features to the LynxSecure embedded hypervisor to offer real-time detection, alert and protection against new cyber threats - including zero-day rootkits and bootkits. As more embedded devices are connected to the outside world, as well as being connected to each other (machine-to-machine), the more they are vulnerable to malicious cyber threats seeking to threaten critical infrastructure, financial infrastructure and corporate domains.
LynxSecure is based on separation kernel technology and was designed from the ground up with security as a key design goal. Adding virtualisation to the separation kernel allows for multiple different guest operating systems (OS), both real-time and general purpose, to run in secure domains on a single embedded system. LynxSecure 5.2 is the latest version of this established product and adds a new feature that offers real-time detection of stealthy advanced persistent threats such as rootkits.

Rootkits are the most sophisticated and lethal type of malware--stealthy and extremely potent. A device is often infected a long time before the actual cyber attack happens, with the cyber payload being secretly injected and remaining dormant until the attack is finally triggered. When the LynxSecure 5.2 product is used on embedded devices, it can help detect these malicious infections as they inject their payload, long before the start of the actual cyber attack.

“Connected embedded devices are now becoming vulnerable to the same types of cyber attacks that we commonly see in corporate computer networks,” said Robert Day, vice president of marketing at LynuxWorks. “By using LynxSecure, with its new cyber protection mechanisms as a secure foundation between the hardware and the OS, we can help identify and protect against these attacks before the real damage is done.”

A common trend in the embedded market is that developers are starting to use more general purpose OSes, such as Windows, Android and Linux for connected devices. These general purpose OSes offer familiar user interfaces, and benefit from the wide range of applications and devices that they support. Unfortunately, this trend also adds the potential for cyber threats that have been common in the desktop, laptop and mobile arena to now attack connected embedded devices.

These most advanced variants of these cyber threats, such as rootkits, work at the lowest levels of the OS they intend to attack. The approach to combating these insidious threats needs a mechanism that offers a completely different security posture: It must execute with a higher privilege than the attacked OS; provide complete control of the platform hardware; and monitor all activities of the OS and its applications. Also, this mechanism must be self-protecting, non-bypassable and tamper-proof.

The LynxSecure product, by the nature of its virtualisation, resides beneath the OS, and allows any nefarious activity from advanced cyber threats to be observed, examined and prevented. This security architecture allows embedded developers to use general purpose OSes for their connected devices, often alongside traditional embedded RTOSes on the same hardware, with the extra protection against today’s and tomorrow’s advanced cyber threats.

• See also our ICS & SCADA Security Page for lots of links on cybersecurity in automation.

No comments:

Post a Comment