Security Emerges At The International CES

RSS

Get ready for the annual International CES in Las Vegas. The glitz and glitter will surround the latest 4K Ultra HD HDTVs, smart phones, tablets, cars, and intelligent household appliances. Connectivity is the name of the game with all of these products.

Download this article in .PDF format
This file type includes high resolution graphics and schematics when applicable.

Thanks to the Internet of Things (IoT), connectivity will enable devices to access other devices. Smart TVs can stream content from the Internet and, if they have a built-in camera like Samsung’s UN55F9000 3K Ultra HD, host video conferences (Fig. 1). Of course, connectivity also enables companies to sell more services. Companies can watch how consumers use these electronics too, whether the consumers know it or not.



Unfortunately, this type of connectivity exposes devices to third parties. Security is now on the minds of most developers. Many standards such as ZigBee incorporate encryption and authentication. These devices will be more difficult to compromise, but not impossible. If the device can load an app or receive a remote update, then it is susceptible to attack.

Securing Mobile Devices

A secured device is a good thing, and it security is easier if the functionality is locked down. Unfortunately for developers, many devices like smart phones, tablets, and HDTVs are user-programmable, as apps can be installed at the user’s discretion. I have almost a hundred apps on my smart phone and use at least a quarter of them on a regular basis.

Apps can be isolated by sandboxing them, but most implementations can be bypassed, often through bugs exploited by nefarious software. That’s one reason why enterprise devices like smart phones are often locked down so no new apps can be loaded. It isn’t just an issue of whether the device could be compromised. Rather, it may provide a vector of attack on the enterprise network through the linkage that the smart phone may have to that network, possibly through a virtual private network (VPN).

Operating systems like Android and iOS have security built into them, but not isolation on the order of what a hypervisor will provide. It is easier to verify that a separation-kernel hypervisor with hardware support can isolate two operating systems from each versus isolating apps running on the same operating system.  

A Smart Solution

Green Hills Software and ViaSat partnered to deliver military-grade security for Android smart phones and tablets (Fig. 2). ViaSat Secured is built on the Green Hills Integrity Multivisor separation-kernel hypervisor (see “Embedded Devices Gird Up Against Cyber Threats” on electronicdesign.com). It targets dual-use smart phones and tablets in the enterprise. It would turn my wife’s two smart phones into one device.

The enterprise manager has control of the hypervisor and one of the partitions that runs the enterprise version of Android populated with approved applications. The other partition runs Android as well. Switching is just a button-click away with the status LED color indicating which partition is active.

Green Hills also added a feature whereby an icon for an app that runs on the user’s Android partition can appear on the secured side. This status is noted via a red lock on part of the icon. Tapping the icon runs the application as expected, but it switches to the user’s partition to do so. There is not a matching mechanism for switching to apps on the secured side.

I would like a version of this where I could provide an enterprise partition that could be managed remotely. Bring-your-own-device (BYOD) will work likely work this way in the future. I will not have to worry if the enterprise wants to reconfigure or trash its partition since it will not affect mine. 

Newsletter Signup

Please or Register to post comments.

What's alt.embedded?

Blogs focusing on embedded, software and systems

Contributors

William Wong

Bill Wong covers Digital, Embedded, Systems and Software topics at Electronic Design. He writes a number of columns, including Lab Bench and alt.embedded, plus Bill's Workbench hands-on column....
Commentaries and Blogs
Guest Blogs
Nov 11, 2014
blog

How to Outsource Your Project to Failure 4

This article will address failure to carefully vet a potential manufacturing or “turnkey” partner and/or failure to transfer sufficient information and requirements to such a partner, a very common problem I have seen again and again with my clients over the years, and have been the shoulder cried upon by several relatives and clients in the past....More
Nov 11, 2014
blog

Transition from the Academe to the Industry Unraveled 1

There have been many arguments here and there about how short-comings of universities and colleges yield engineers with skill sets that do not cater to the demands of the industry. There have been many arguments here and there about an imminent shortage of engineers lacking knowledge in the sciences. There have been many arguments here and there about how the experience and know-how of engineers in the industry may vanish due to the fact that they can’t be passed on because the academic curriculum deviates from it....More
Nov 11, 2014
blog

Small Beginnings 5

About 10 years ago I received a phone call from an acquaintance. He had found a new opportunity selling some sort of investments and he wanted to share it with me in case I was interested. Ken had done fairly well for many years as a contract software developer primarily in the financial services sector. His specialty was writing RPG code. (RPG is often referred to as a write only language.) But he was seeing the handwriting on the wall as the industry moved on to other methods, and saw himself becoming a fossil....More

Sponsored Introduction Continue on to (or wait seconds) ×