Securing Embedded Devices

RSS

Sitting at SFO waiting for a plane. Free WiFi means I can get a blog up before I head home. Design West 2013 is over and it turned out to be an interesting show. We shot a number of videos (see Design West 2013 on Engineering TV) and now have some slide shows up (see Design West 2013 Electronic Design slideshows).

Floor traffic was not dense but that was due more to the wide isles. Overall the tone was upbeat with a few things emerging from the fray.

In particular, real security is being addressed and vendors are starting to find traction. It could be the increasing number of attacks on embedded devices or the awareness that products being shipped today are vulnerable. Either way, products like Icon Labs' Floodgate Defender (Fig. 1) were getting a lot of lookers and a few takers.

 

The Floodgate Defender is a compact gateway with a pair of Ethernet ports. It also has a host of other interfaces including USB and flash storage but typically these are not needed. The gateway provides a firewall for devices like SCADA nodes that may not have any network protection. Protecting legacy devices becomes more critical as they are connected to the Internet.

The gateway supports stateful packet inspection (SPI) as well as rule-based filtering. Policies can be used with a batch of Defenders to easily manage large collections of devices. A secure web interface can also be used to configure communication policies.

Icon Labs is also working with Zilog that has put similar support on their own eZ80Acclaim microcontroller. This allows embedded developers to incorporate the same features as the Floodgate Defender into new devices without having to modify the host processor or software. The system can block packet flooding and other denial of service attacks as well as port scanning.

I also spoke with McAfee about their embedded security software. This software runs on the host and provides a range of prevention facilities including whitelist control of applications. Like Icon Labs' solutions, individual control or group management is possible. We will have a video on Engineering TV abou this soon. I'll add the link when it is up.

Finally, I talked with Lynuxworks this week. They did not have a booth at the show but we did talk about how they are using their hypervisor support to detect and prevent bootkit and rootkit viruses. The approach is similar to Green Hills Software that was showing off mobile devices with a split personality (see Reliable Safety-Critical Software At Design West 2013).

The plane is here so I better get this posted. More later.

Please or Register to post comments.

What's alt.embedded?

Blogs focusing on embedded, software and systems

Contributors

William Wong

Bill Wong covers Digital, Embedded, Systems and Software topics at Electronic Design. He writes a number of columns, including Lab Bench and alt.embedded, plus Bill's Workbench hands-on column....
Commentaries and Blogs
Guest Blogs
Aug 11, 2015
Commentary

Proof-of-Concept Prototypes versus Manufacturing Design Preparations 3

I have designed many early-stage proof-of-concept (POC) circuits, and observed many others do the same thing. It seems that there is often a huge disconnect between clients and engineers, though, when it comes to the goals of a POC design. In simple terms, an engineer worth his salt will overdesign an early POC circuit. This is because Murphy’s law always applies, and POCs are about overcoming unknowns. By overdesigning the circuit, one is able to prove the client’s product POC can be made to work, and quickly....More
Aug 4, 2015
blog

Inconspicuous Pitfalls in Datasheet Analysis

Identifying the limitations of a datasheet saves lots of time, and cost, in terms of troubleshooting and redesigning circuits....More
Jun 30, 2015
Commentary

Four-Wire Sensing Can Make or Break Your Measurements 7

Erroneously implementing four-wire sensing into a measurement instrument can be disastrous, so it becomes critical to have a firm grasp of how sense lines function....More

Sponsored Introduction Continue on to (or wait seconds) ×