Securing Embedded Devices


Sitting at SFO waiting for a plane. Free WiFi means I can get a blog up before I head home. Design West 2013 is over and it turned out to be an interesting show. We shot a number of videos (see Design West 2013 on Engineering TV) and now have some slide shows up (see Design West 2013 Electronic Design slideshows).

Floor traffic was not dense but that was due more to the wide isles. Overall the tone was upbeat with a few things emerging from the fray.

In particular, real security is being addressed and vendors are starting to find traction. It could be the increasing number of attacks on embedded devices or the awareness that products being shipped today are vulnerable. Either way, products like Icon Labs' Floodgate Defender (Fig. 1) were getting a lot of lookers and a few takers.


The Floodgate Defender is a compact gateway with a pair of Ethernet ports. It also has a host of other interfaces including USB and flash storage but typically these are not needed. The gateway provides a firewall for devices like SCADA nodes that may not have any network protection. Protecting legacy devices becomes more critical as they are connected to the Internet.

The gateway supports stateful packet inspection (SPI) as well as rule-based filtering. Policies can be used with a batch of Defenders to easily manage large collections of devices. A secure web interface can also be used to configure communication policies.

Icon Labs is also working with Zilog that has put similar support on their own eZ80Acclaim microcontroller. This allows embedded developers to incorporate the same features as the Floodgate Defender into new devices without having to modify the host processor or software. The system can block packet flooding and other denial of service attacks as well as port scanning.

I also spoke with McAfee about their embedded security software. This software runs on the host and provides a range of prevention facilities including whitelist control of applications. Like Icon Labs' solutions, individual control or group management is possible. We will have a video on Engineering TV abou this soon. I'll add the link when it is up.

Finally, I talked with Lynuxworks this week. They did not have a booth at the show but we did talk about how they are using their hypervisor support to detect and prevent bootkit and rootkit viruses. The approach is similar to Green Hills Software that was showing off mobile devices with a split personality (see Reliable Safety-Critical Software At Design West 2013).

The plane is here so I better get this posted. More later.

Please or Register to post comments.

What's alt.embedded?

Blogs focusing on embedded, software and systems


William Wong

Bill Wong covers Digital, Embedded, Systems and Software topics at Electronic Design. He writes a number of columns, including Lab Bench and alt.embedded, plus Bill's Workbench hands-on column....
Commentaries and Blogs
Guest Blogs
Jun 30, 2015

Four-Wire Sensing Can Make or Break Your Measurements 7

Erroneously implementing four-wire sensing into a measurement instrument can be disastrous, so it becomes critical to have a firm grasp of how sense lines function....More
May 29, 2015

Engineering Education: Fact and Fiction 4

I have taken a keen interest in the dialogue (that has been going on for many years) about the quality of engineering education in the U.S....More
May 1, 2015

Transition from the Academe to the Industry Unraveled (Part 2) 4

Some few months ago, I wrote an article contrasting academe and work life as well as the adjustments and precautions that had to be made by a typical fresh graduate......More

Sponsored Introduction Continue on to (or wait seconds) ×