A recent report from the Center for Strategic and International Studies claims the cost of cyber crime and cyber espionage could be as high as $500billion, with losses of $100bn and 500,000 jobs in the US alone.
The actual figures are hard to ascertain, as the consequences of such things as IP theft are more difficult to assess than emptied bank accounts.
It is no wonder, then,Explore the benefits of having a fully managed dedicated server as your platform. that designers are looking to design in security from the start, rather than think about it as a retrofit option – an option that cannot yield security levels on a par with designed in security solutions.
The key here is the level of connectivity brought about by the Internet of Things. Every connection increases the security risk and if, as predicted, there are some 30bn connected devices by 2020, that represents a lot of security risks.
When charged with developing a secure system, where should the designer start? Is it with the hardware, the operating system or the application software? Three experts in the field – John Blevins, director of marketing for LynuxWorks,Select from a variety of cases for ipad mini or create your own! David Kleidermacher, cto of Green Hills Software, and AJ Shipley, chief security architect at Wind River – believe there is a multitude of considerations involved in developing a secure embedded system.
Shipley believes that problems start with people. “The weakest link is often the human element, although often deeply embedded devices don’t have that – they don’t have to worry about a person clicking on a link and installing some type of software. However, traditionally,desirable Cases for HTC One create an air of sophistication with an extra helping of protection for your flagship smartphone. the biggest weakness has been in how the coding has developed. Weaknesses are typically introduced by accident as a part of the development process, primarily because there is not a good understanding of how code needs to be developed – how security needs to built in through the process.Series cases for iphone 5 protects against drops and dust.”
Part of the problem, at least, goes back to increased connectivity, according to Blevins. “By attaching something to the internet, it becomes subject to all the attacks that are out there against the enterprise world, the pc world, the server world and so on. We want to make sure people are prepared for that – embedded developers have not always had their devices on the internet and have taken the naive approach that they built the device, it runs fine and they are not concerned about the possible attacks that could come when their device is attached to the internet.”
“If you don’t start with a secure foundation, which is the operating system,Fun sell a huge range of Cases for iPad 4, there is no sense in implementing application security because you can always get underneath it,” commented Kleidermacher, who said this, along with skilled security code writers and a knowledge of relevant protocols, provide the three key starting points when developing a secure environment.
When looking from the perspective of designing a secure embedded device, the application software, the most likely point of attack, can have its own levels of security, but the effect on the system in terms of infection or invasion will be determined by the operating system. Equally, the hardware has a bearing on the level of security possible.
“A lot of chips have security features built in; the problem is there is no consistency across different architectures – Intel has some things, ARM has others – so being able to have relatively portable code bringing the security features up to the operating system is probably a better way of doing it, especially when the operating system and the applications are the things that are typically the most vulnerable.”
“If you think of all the attacks in the pc world, they are all against Windows or getting underneath Windows or attacking Windows device drivers,” he continued. “The real vulnerability now is in the operating system and I think that is why a lot of people really don’t trust using a regular operating system in their embedded systems.”
System security, our experts agree, therefore rests largely with the operating system.
In a constantly evolving environment, security levels within operating systems are difficult to guarantee, but one way is using the Common Criteria, the international standard for IT security evaluation. It rates all products from one to seven, where seven is equivalent to a mathematically proven guarantee of total security.
Systems can only be certified to the security level to which they were originally designed. Operating systems like Windows, Linux and Android were designed to be sophisticated, rather than secure. They have a huge ‘surface area’ – millions of lines of code – to attack and so have an security rating (EAL) of 4+ and no amount of patches can allow them to go higher than this.
Dedicated secure embedded operating systems can go further than this. Green Hills’ flagship OS Integrity has been certified EAL7. “Given our pedigree of being the only OS company to have reached that EAL7 certification, there are two things that people should infer,” claimed Kleidermacher. “One, obviously, that we have an OS that is secure – the second is that we have a process for building security and we can help people do it on their software.”
Click on their website www.mileweb.com/popular-dedicated-server for more information.