Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > Embedded

Wind River, McAfee strengthen security for embedded designs

Posted: 26 Aug 2011 ?? ?Print Version ?Bookmark and Share

Keywords:embedded design? Internet security? RTOS?

Wind River Systems Inc., a real-time operating system (RTOS) specialist, is teaming up with cyber-space security expert McAfee Inc. to strengthen not only the performance and footprint, but also the security of the embedded system design.

The rise of Internet-enabled devices has given embedded system designers the challenge to incorporate security into their designs. Embedded design firms are now on the hunt for security specialists that can both architect and mentor on implementing best-practices to meet security requirements.

The collaboration between Wind River and McAfee, both owned by Intel Corp., aims to redefine design methodologies for embedded systems that are virtually immune to hacking.

"For over three decades, embedded systems designers only thought about performance and footprint," said Marc Brown, vice president of tools and marketing operations at Wind River. "Today, however, security has got to be considered from the very start of any embedded design process, and there are lots of security best-practices already established," he said.

Internet-enabled devices have already enabled some people to cause havoc with machine-to-machine interactions among industrial automation controllers, oil and gas process control computers and environmental sensor networks, all of which are accessible today using a range of devices including smartphones, smart meters, connected automobiles and even medical implants.

Four layers of security

Wind River recommends four layers of security, from application programmers interfaces to prevent bypassing security, to certified systems that detect corruption, to white-listed applications that won't execute malware, to encryption and user-authentication to protect data.

Many reported hacks of these devices have already accessed and damaged industrial control systems, including the Stuxnet worm, which was discovered last year at the Natanz nuclear site in Iran where it caused damage to centrifuges enriching uranium. Stuxnet gained access to the Supervisory Control and Data Acquisition (SCADA) system, which in Iran only affected its centrifuges. But SCADA systems similarly control public utilities worldwide and could cause untold destruction to power grids, for instance, if their security is not strengthened.

Stuxnet was written by professionals, according to McAfee. But even amateurs are gaining access to embedded systems, says Wind River. The company cited a teenager in Poland who recently modified a television remote to control railway exchanges, causing at least one derailment that injured a dozen people. Likewise, a disgruntled Texas Auto Center employee was reported to have hacked a web-based system to remotely disable the starting mechanisms and sound the horns on 100 connected vehicles. An infected laptop recently permitted entry into a water treatment plant in Harrisburg, Pennsylvania, allowing spyware to bypass security systems there.

Strengthening every element of a platform
In guarding against these and other new intrusions into embedded systems, every element of a platform needs to be assessed and hardened, according to Wind Riverfrom the underlying hardware to the operating system, middleware and the applications running on top.

1???2?Next Page?Last Page

Article Comments - Wind River, McAfee strengthen securi...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top