RELATED ARTICLES Read similar RTC Magazine articles Securing the Future by Confining the Code The Guts That Make It Go: Processor Control Modules Get Smaller, More Connected RTC Interview with Inder Singh, CEO of LynuxWorks Real-Time Java Pushing Deeper Into Embedded Systems Secure Software and Systems: Follow Five Principles and Prove It

ADVERTISEMENT

INDUSTRY NEWS A Compilation of News from Industry Feeds Commentary: A Skeptic's View Of The Microchip/atmel Merger Samsung Investing Heavily Despite Economic Climate Molded Light Guide Technology – Mar. 21 Semi Acquires Surplus Equipment Consortium To Address Secondary Equipment Market

We read daily about security breaches of our corporate computers, our home computers, as well as many government computers. Even though these systems may have varying levels of security, they still experience unauthorized access on a routine basis. This problem will assuredly become a real threat for embedded systems as they become a more integral part of our network-centric infrastructure.

As we move more and more into the net-centric world, embedded devices will become a key portal into our Information Technology infrastructure. The embedded systems of tomorrow will need to have an operating system that will assure security. This will prove true for our military infrastructure as well as our commercial systems.

We secure our systems today in the form of login passwords and data encryption, but that is not enough. Clearly, the security available today is not robust enough. The main reason for the current level of security breaches is that there is a lack of “security-in-depth.”

We protect access at the upper levels, but not much below the application layer. Let’s face it. If the operating system itself can be hacked into, then the application above it can only be as secure as the operating system it is running on. For embedded systems, there is a real need to deploy systems that are indeed secure.

The Department of Defense (DoD) is taking embedded system security seriously. The U.S. military is moving rapidly to the “Net-Centric” warfare model. From the soldier in the battlefield to the General back at headquarters, everything and everyone will be connected together in a worldwide network. These systems will track troop movements, provide targeting information, issue battle orders, transmit top-secret information and even order meals for the troops. Given the vast range of information that these systems will be handling, they will need the capability to carry multiple levels of secure transmissions, from unclassified to top secret.

The Department of Defense and the NSA are driving the adoption of secure embedded systems. DoD Directive 8500.1 establishes a policy to achieve information assurance (IA) through the “defense-in-depth” approach that integrates the capabilities of personnel, operations and technology, and supports the evolution to network-centric warfare.

Due to this and other mandates, the DoD is pushing very rapidly to get the latest major military programs to move to embedded operating systems that meet certain levels of security as defined by the Common Criteria. Common Criteria defines seven different security levels called Evaluated Assurance Levels (EAL), ranging from one to seven, with one being the lowest level and seven being the highest level. While Common Criteria does not require the use of EALs, it is generally accepted as the best means for defining the security level of OSs. EAL-7 is equivalent to security Level A in the DoD Orange Book, the highest level of security for government systems.

Embedded software products used in these secure products have their entire systems evaluated for security. This system evaluation, however, is extremely costly. As a result, in many instances the OS is allowed to run and work in concert with other systems in what is referred to as “system high mode,” where security and information assurance responsibility is offloaded across several OSs to create a high security environment (Figure 1). This usually requires multiple sets of hardware in order to keep security separation. Designers are driving toward the goal of achieving Multiple Independent Levels of Security (MILS) on one set of hardware and a single operating system (Figure 2).

This movement is prevalent in the DoD, and companies in the private sector are starting to be held to the same security standards as U.S. Government agencies. For example, ISPs, financial institutions and power companies are being forced to evaluate their OSs and products that are part of the country’s critical security infrastructure. Recent virus attacks have demonstrated that there is a significant need for secure OSs that cannot be hacked or compromised. Security breaches costs hundreds of millions, if not billions of dollars.

continue to next page >>