Security Emerges At The International CES

RSS

Get ready for the annual International CES in Las Vegas. The glitz and glitter will surround the latest 4K Ultra HD HDTVs, smart phones, tablets, cars, and intelligent household appliances. Connectivity is the name of the game with all of these products.

Download this article in .PDF format
This file type includes high resolution graphics and schematics when applicable.

Thanks to the Internet of Things (IoT), connectivity will enable devices to access other devices. Smart TVs can stream content from the Internet and, if they have a built-in camera like Samsung’s UN55F9000 3K Ultra HD, host video conferences (Fig. 1). Of course, connectivity also enables companies to sell more services. Companies can watch how consumers use these electronics too, whether the consumers know it or not.



Unfortunately, this type of connectivity exposes devices to third parties. Security is now on the minds of most developers. Many standards such as ZigBee incorporate encryption and authentication. These devices will be more difficult to compromise, but not impossible. If the device can load an app or receive a remote update, then it is susceptible to attack.

Securing Mobile Devices

A secured device is a good thing, and it security is easier if the functionality is locked down. Unfortunately for developers, many devices like smart phones, tablets, and HDTVs are user-programmable, as apps can be installed at the user’s discretion. I have almost a hundred apps on my smart phone and use at least a quarter of them on a regular basis.

Apps can be isolated by sandboxing them, but most implementations can be bypassed, often through bugs exploited by nefarious software. That’s one reason why enterprise devices like smart phones are often locked down so no new apps can be loaded. It isn’t just an issue of whether the device could be compromised. Rather, it may provide a vector of attack on the enterprise network through the linkage that the smart phone may have to that network, possibly through a virtual private network (VPN).

Operating systems like Android and iOS have security built into them, but not isolation on the order of what a hypervisor will provide. It is easier to verify that a separation-kernel hypervisor with hardware support can isolate two operating systems from each versus isolating apps running on the same operating system.  

A Smart Solution

Green Hills Software and ViaSat partnered to deliver military-grade security for Android smart phones and tablets (Fig. 2). ViaSat Secured is built on the Green Hills Integrity Multivisor separation-kernel hypervisor (see “Embedded Devices Gird Up Against Cyber Threats” on electronicdesign.com). It targets dual-use smart phones and tablets in the enterprise. It would turn my wife’s two smart phones into one device.

The enterprise manager has control of the hypervisor and one of the partitions that runs the enterprise version of Android populated with approved applications. The other partition runs Android as well. Switching is just a button-click away with the status LED color indicating which partition is active.

Green Hills also added a feature whereby an icon for an app that runs on the user’s Android partition can appear on the secured side. This status is noted via a red lock on part of the icon. Tapping the icon runs the application as expected, but it switches to the user’s partition to do so. There is not a matching mechanism for switching to apps on the secured side.

I would like a version of this where I could provide an enterprise partition that could be managed remotely. Bring-your-own-device (BYOD) will work likely work this way in the future. I will not have to worry if the enterprise wants to reconfigure or trash its partition since it will not affect mine. 

Please or Register to post comments.

What's alt.embedded?

Blogs focusing on embedded, software and systems

Contributors

William Wong

Bill Wong covers Digital, Embedded, Systems and Software topics at Electronic Design. He writes a number of columns, including Lab Bench and alt.embedded, plus Bill's Workbench hands-on column....
Commentaries and Blogs
Guest Blogs
Jun 30, 2015
Commentary

Four-Wire Sensing Can Make or Break Your Measurements

Erroneously implementing four-wire sensing into a measurement instrument can be disastrous, so it becomes critical to have a firm grasp of how sense lines function....More
May 29, 2015
blog

Engineering Education: Fact and Fiction 4

I have taken a keen interest in the dialogue (that has been going on for many years) about the quality of engineering education in the U.S....More
May 1, 2015
blog

Transition from the Academe to the Industry Unraveled (Part 2) 4

Some few months ago, I wrote an article contrasting academe and work life as well as the adjustments and precautions that had to be made by a typical fresh graduate......More

Sponsored Introduction Continue on to (or wait seconds) ×