Securing Embedded Devices


Sitting at SFO waiting for a plane. Free WiFi means I can get a blog up before I head home. Design West 2013 is over and it turned out to be an interesting show. We shot a number of videos (see Design West 2013 on Engineering TV) and now have some slide shows up (see Design West 2013 Electronic Design slideshows).

Floor traffic was not dense but that was due more to the wide isles. Overall the tone was upbeat with a few things emerging from the fray.

In particular, real security is being addressed and vendors are starting to find traction. It could be the increasing number of attacks on embedded devices or the awareness that products being shipped today are vulnerable. Either way, products like Icon Labs' Floodgate Defender (Fig. 1) were getting a lot of lookers and a few takers.


The Floodgate Defender is a compact gateway with a pair of Ethernet ports. It also has a host of other interfaces including USB and flash storage but typically these are not needed. The gateway provides a firewall for devices like SCADA nodes that may not have any network protection. Protecting legacy devices becomes more critical as they are connected to the Internet.

The gateway supports stateful packet inspection (SPI) as well as rule-based filtering. Policies can be used with a batch of Defenders to easily manage large collections of devices. A secure web interface can also be used to configure communication policies.

Icon Labs is also working with Zilog that has put similar support on their own eZ80Acclaim microcontroller. This allows embedded developers to incorporate the same features as the Floodgate Defender into new devices without having to modify the host processor or software. The system can block packet flooding and other denial of service attacks as well as port scanning.

I also spoke with McAfee about their embedded security software. This software runs on the host and provides a range of prevention facilities including whitelist control of applications. Like Icon Labs' solutions, individual control or group management is possible. We will have a video on Engineering TV abou this soon. I'll add the link when it is up.

Finally, I talked with Lynuxworks this week. They did not have a booth at the show but we did talk about how they are using their hypervisor support to detect and prevent bootkit and rootkit viruses. The approach is similar to Green Hills Software that was showing off mobile devices with a split personality (see Reliable Safety-Critical Software At Design West 2013).

The plane is here so I better get this posted. More later.

Please or Register to post comments.

What's alt.embedded?

Blogs focusing on embedded, software and systems


William Wong

Bill Wong covers Digital, Embedded, Systems and Software topics at Electronic Design. He writes a number of columns, including Lab Bench and alt.embedded, plus Bill's Workbench hands-on column....
Commentaries and Blogs
Guest Blogs
May 1, 2015

Transition from the Academe to the Industry Unraveled (Part 2) 2

Some few months ago, I wrote an article contrasting academe and work life as well as the adjustments and precautions that had to be made by a typical fresh graduate......More
Mar 6, 2015

Programming Efficiency: Part 2 2

A number of years ago I did some work on a PABX. The device was electromechanical and far from state of the art, but the owner had been talked into spending a bunch of money expanding it and couldn’t justify scrapping it....More
Jan 21, 2015

How To Dumb Down Smart Electronics 9

In our generation of microcontroller-enhanced everything, it has been frustrating at best to see how often the capability of smart hardware has been foiled by the design of poorly purposed software....More

Sponsored Introduction Continue on to (or wait seconds) ×