23 03, 2017

Consolidating and Securing Automotive Software Environments

2017-03-23T10:18:05-07:00 March 23rd, 2017|

The complexity of today’s automobiles is increasing with every new model on the market. A modern car can contain up to 100 electronic control units and with connectivity and autonomy becoming growing trends, this is set to increase dramatically in the coming years. Many of these systems up until a few years ago have safely run on microcontrollers on an unsecured vehicle network, and this has been fine; the networks were ‘air-gapped’ from the rest of the world, and the risk of a malicious attacker causing any kind of danger to a car’s occupants by directly plugging in a new device was as likely as someone cutting the brake lines. The automotive industry on the whole were happy with this risk.

Today, however, we […]

2 10, 2015

Built-In Security for the Internet of Things

2016-01-13T13:20:03-07:00 October 2nd, 2015|

With the number of devices being connected to the Internet increasing daily, bringing the vision of the Internet of Things (IoT) or Internet of Everything (IoE) to reality, we hear about securing the IoT with almost the same frequency.

The reality is that securing the disparate ‘things’ is going to be a real problem; one certainly can’t use traditional enterprise and network security methods like anti-virus, as the things are not all running the same operating system (if an operating system is used at all), and the likely types of cyber threats will be very targeted to the specific system being attacked, which really nullifies any AV like approaches. Network protection is not any easier, as most of the networks that things are connected […]

17 09, 2015

How avionics software technology can help prevent train accidents

2015-12-29T10:31:10-07:00 September 17th, 2015|

In the wake of the May 2015 Philadelphia train accident many discussions have ensued as to whether automatic safety technology could have prevented the accident and saved lives and injuries. The crash was caused by a train travelling at over twice the speed limit for a section of track, and although the emergency brake was applied by the engineer, the train still derailed. It is strongly suggested that if both the train and section of track had a PTC system installed and active, then the train would have been automatically slowed and the derailment averted.

The intent of Positive Train Control, or PTC, is to increase the safety of railroad transportation of passengers and hazardous materials, as well as increase […]

7 07, 2015

You Don’t Know What You Don’t Know, Because You Can’t See What You Can’t See (part 1 of 3)

2016-01-13T13:16:49-07:00 July 7th, 2015|

Threat detection is reaching a negative inflection point.

In this blog post we’ll present a few bold (and quite disturbing) figures about the current state of affairs of malware and its detection. We’ll assert that given the unbearably and unacceptably long time it takes to detect malware (IF at all detected), and the growing cost and complexity of its detection, it’s time to admit that current malware detection technologies have more than exhausted themselves and that it’s time for new detection paradigms to emerge.

Our next blog will focus on these new paradigms and suggest new types of solutions.

The perplexity

Reading the threat and malware reports frequently published by security vendors and security-research labs leaves the reader perplexed. Not one report resemble the others in terms […]

20 05, 2015

Safety and security critical software. Chalk and cheese? Or peas in a pod?

2016-01-13T13:21:56-07:00 May 20th, 2015|

Safety critical and security critical software have long been regarded as two different genres, with their own standards and their own requirements.

In some circumstances, that is entirely reasonable. For example, in most safety critical applications such as a steer-by-wire system in a car, it is imperative that a level of functionality is retained even when things are failing.

Conversely, if a hacker is found to be accessing a bank’s databases then the preferred immediate response is likely to completely deny all access. The inconvenience of other bank users can wait if the integrity of the data is at stake.

Any system providing an interface to the outside world has the potential to contain security vulnerabilities. In particular, any accessibility via the Internet requires a strategy to deal […]

27 10, 2014

Retrofitting Unmanned Air Vehicles and Ground Control Stations for Increased Functionality and Security

2016-01-13T13:23:22-07:00 October 27th, 2014|

The use of unmanned air vehicles (UAVs) has increased considerably over the past few years in everything from military operations to border surveillance. UAVs utilized in military and law enforcement operations carry and transmit sensitive data such as troop movements and data from strategic operations. Ground control stations (GCSs) are utilized to communicate, pilot, and relay data from the UAVs, and most recently are being deployed as laptops and smart devices such as tablets. With the increased deployment of these technologies, the nature of the function of these endpoints puts them at great risk for cyber security attacks and exfiltration. According to the “Unmanned Systems Integrated Roadmap FY2013 – 2038”, the US military is expected to decrease the procurement of UAVs. […]

8 08, 2014

Open Standards for Embedded Software

2015-11-19T12:07:18-07:00 August 8th, 2014|

Open Standards in the technology industry refer to publicly available specifications that can allow disparate technologies to communicate and interoperate with each other. Open Standards also allow innovation in implementation within proprietary products, while preventing vendor lock-in. The “Standards” in Open Standards ensure that there are clear specifications that define the interoperability of the technology element. The “Open”-ness in Open Standards ensures that key industry vendors can collaborate in a neutral consortium to define the specifications that allow for interoperability.

Specifically, the embedded industry is now characterized by multiple industry players, highly specialized technology and unique systems that are purpose-built for specific applications, utilizing embedded operating system & virtualization technologies. Over the last several decades the embedded industry has been active in the development […]

28 07, 2014

“Now You See Me Now You Don’t”: Making Threat Detection Persistently Undetectable by Malware (part 2 of 3)

2016-01-13T13:24:42-07:00 July 28th, 2014|

In our previous post we explained why evasion and persistence are the 2 main “malware virtues” challenging existing detection methods.

We assert that a twofold new approach must be introduced to augment existing solutions, in order to successfully thwart advanced malware:

  1. Separation of the detection layer from the attack surface (this blog)
  2. Placement of high-interaction honeypots closer to the attacked users (next blog)

First things first: Why is it so hard to detect advanced malware?

Well, the short answer is: Because malware has become so sophisticated and fast-changing, while operating systems have become unbearably large and complex. Malware detection is uncomfortably situated between the rock and the hard place: It needs to […]

16 06, 2014

Protecting the Intelligent Car

2016-01-13T13:25:47-07:00 June 16th, 2014|

The dawn of the “intelligent” car is here. Vehicle manufacturers can now provide on-demand entertainment, smart sensor safety applications, and autonomous driving. Intelligent vehicles are filled with a variety of sensors, processors, software, and displays that are increasingly being connected to the internet. Increased computation complexity and connectivity will demand greater computing power, application support, and heightened security that pose significant cost and design challenges for manufacturers.

Convenience is the new basis of competition in the automobile industry. Cars are starting to offer customized “infotainment” experiences to users, similar to smart phones. The possibility of banking, paying bills, and shopping right from your vehicle will soon become a reality. In addition, the United States Department of Transportation’s (DOT) National Highway Traffic Safety Administration has […]

16 05, 2014

Safety & Security for the Connected World

2015-11-19T12:22:00-07:00 May 16th, 2014|

LynuxWorks is now Lynx Software Technologies! I believe the new name offers the best representation of the company’s forward direction as the LynxOS RTOS family of products and the LynxSecure hypervisor continue to gain increased traction both with our current customers and markets, and now within the new Internet connected embedded world.

With the advent of Internet of Things and the desire to have everything connected, there is now a real security strain on how we use the embedded devices of today and tomorrow. The constant media stories of major security breaches in our connected world are really starting to show quite how exposed we really are to the advanced cyber threats and attackers of today, and how close it is to our seemingly […]