mentor.com/embedded Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. Colin Walls [email protected]IoT – It’s All About Security
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
mentor.com/embedded
Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions.Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.
Embedded hypervisors— High performance, e.g. runtime and boot
time— Strong isolation— Highly robust
Hypervisor Security— Strong isolation and containment of guests— Secure critical information and software — Based on hardware such as ARM TrustZone
Consolidation and Widespread use of open source software
— Embedded Linux gaining widespread adoption
— System robustness allowed by separation— IP protection provided through system
partitioning
Mem Dev
App
RTOS
Mem Dev
App
BME
vCPU vCPU
MemoryDevices
CPU
Hypervisor
Mem vDev
Apps
Linux
vCPU vCPU
CPU
14 mentor.com/embedded14
Additional Virtualization Benefits Security and Robustness
— Isolation of critical software from the rest of the code and reducing the burden of testing and re-certification
Licensing and IP Separation— Partitioning of the software with incompatible licensing terms and
protecting of proprietary IP from open source licensing terms Software Reuse
— Upgrade path from an RTOS based device to the one that incorporate Linux, allowing to leverage Linux software ecosystem while preserving legacy investment
Real Time Performance— Devices that take advantage of Linux ecosystem and wealth of
existing functionality could benefit from real time responsiveness of BM guest
Fast Startup— Starting VMs in a particular order would help with staged boot
process
15 mentor.com/embedded15
Securing Embedded Device Data Data at rest: device is off, how the data is protected?
— Anti-tampering, encrypted files and databases, trusted boot
Data in use: while generated or being processed is it secured?
— Obfuscation, chain of trust, attestation, ADRING, TrustZone, MMU based protection methods, user privileges and secure file systems
Data in transit: leaving the device, is it being hijacked?— Encryption, tunneling protocols, VPN, SSL, IKE/IPSEC, denial of
service, firewall
16 mentor.com/embedded16
When to address device security?Securing IoT device is not just a matter of selecting the right processor and software, one has to be concerned with many aspects of device lifecycle!
Data needs to be protected at rest, use and transit at all phases!
Cryptography ≠ Security!
Design
Production
DeploymentOperation & Maintenance
Destruction or disposal Vulnerability
Landscape
17 mentor.com/embedded17
mentor.com/embedded
Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions.Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.