White Papers

10 Properties of Secure Embedded Systems

Issue link: https://resources.windriver.com/i/1294222

Contents of this Issue


Page 1 of 12

1 When tasked with securing an intelligent edge system, you (the defender) must be prepared to protect against every possible vulnerability. Overlook a single opening and the attacker may find it, take control, steal your secrets, and create an exploit for others to use anytime, anywhere. Worse yet, that same attacker may use an initial compro- mised device to pivot from one exploited subsystem to another, causing further damage to your network, mission, and reputation. This white paper covers the most important security design principles that, if adhered to, give you a fighting chance against any attacker who seeks to gain unauthorized access, reverse engineer, steal sensitive information, or otherwise tamper with your embedded system. It's Not a Fair Fight DESIGN PRINCIPLE BRIEF EXPLANATION IMPLEMENTATION EXAMPLES 1. Data-at-Rest Protection Software, data, and configuration files are protected when stored in nonvolatile memory, typically through means of encryption. Keys stored in security hardware. Full-disk encryption File encryption TPM / HSM 2. Authenticated and/or Secure Boot Software (including firmware and configuration data) will be authenticated and/or decrypted before use. TXT, BootGuard UEFI SecureBoot Application whitelisting 3. Hardware Resource Partitioning Hardware computing resources (processor cores, cache, memory, devices, net- works) will be segregated to provide independent functions to the maximum degree possible. Memory management unit / Paging Multi-core / Multi-socket Cache allocation technology Resource director technology Total memory encryption (TME / MKTME) 4. Software Containerization & Isolation Software applications will be well defined, self-contained, containerized, and isolated. Process address spaces / Virtual memory Docker / Containers Virtualization / Separation kernel / Hypervisor 5. Attack Surface Reduction Minimize dependencies / Trusted computing base Minimize codebase Limited and well-defined interfaces Code removal Network and application firewalls Software Guard Extensions (SGX) 6. Least Privilege & Mandatory Access Control Users and applications will be provided only the minimal set of privileges/access necessary to function using non-bypassable mandatory access control (MAC). SELinux / AppArmor / SMACK SECCOMP / chroot XSM / FLASK (Hypervisor) 7. Implicit Distrust & Secure Communications Communications with external sources will be expressly denied until the remote source can be authenticated. Data in transit will be encrypted. SSL / TLS Identity and certificate management 8. Data Input Validation Any and all data received from untrusted sources (network, file, IPC) should be validated before being passed into software applications. Data format filters Cross-domain guards 9. Secure Software Development, Build Options, & OS Configuration Software applications and OS kernel shall be compiled and configured with all available security options enabled and enforced. Type and memory-safe languages (e.g., Rust) Build parameters (FORTIFY_SOURCE, NX) Kernel configuration (e.g., signed drivers, ASLR) 10. Integrity Monitoring & Auditing The system will perform ongoing integrity monitoring and audit logging of security-relevant events. Continous memory hash verification Audited When attacking an intelligent edge system, it takes only one vulnerability to lead to an exploit. The beauty of these 10 principles is that they can be layered together into a cohesive set of countermeasures that achieve a multiplicative effect, making device exploitation significantly more difficult and costly for the attacker.

Articles in this issue

view archives of White Papers - 10 Properties of Secure Embedded Systems