Security Emerges At The International CES

RSS

Get ready for the annual International CES in Las Vegas. The glitz and glitter will surround the latest 4K Ultra HD HDTVs, smart phones, tablets, cars, and intelligent household appliances. Connectivity is the name of the game with all of these products.

Download this article in .PDF format
This file type includes high resolution graphics and schematics when applicable.

Thanks to the Internet of Things (IoT), connectivity will enable devices to access other devices. Smart TVs can stream content from the Internet and, if they have a built-in camera like Samsung’s UN55F9000 3K Ultra HD, host video conferences (Fig. 1). Of course, connectivity also enables companies to sell more services. Companies can watch how consumers use these electronics too, whether the consumers know it or not.



Unfortunately, this type of connectivity exposes devices to third parties. Security is now on the minds of most developers. Many standards such as ZigBee incorporate encryption and authentication. These devices will be more difficult to compromise, but not impossible. If the device can load an app or receive a remote update, then it is susceptible to attack.

Securing Mobile Devices

A secured device is a good thing, and it security is easier if the functionality is locked down. Unfortunately for developers, many devices like smart phones, tablets, and HDTVs are user-programmable, as apps can be installed at the user’s discretion. I have almost a hundred apps on my smart phone and use at least a quarter of them on a regular basis.

Apps can be isolated by sandboxing them, but most implementations can be bypassed, often through bugs exploited by nefarious software. That’s one reason why enterprise devices like smart phones are often locked down so no new apps can be loaded. It isn’t just an issue of whether the device could be compromised. Rather, it may provide a vector of attack on the enterprise network through the linkage that the smart phone may have to that network, possibly through a virtual private network (VPN).

Operating systems like Android and iOS have security built into them, but not isolation on the order of what a hypervisor will provide. It is easier to verify that a separation-kernel hypervisor with hardware support can isolate two operating systems from each versus isolating apps running on the same operating system.  

A Smart Solution

Green Hills Software and ViaSat partnered to deliver military-grade security for Android smart phones and tablets (Fig. 2). ViaSat Secured is built on the Green Hills Integrity Multivisor separation-kernel hypervisor (see “Embedded Devices Gird Up Against Cyber Threats” on electronicdesign.com). It targets dual-use smart phones and tablets in the enterprise. It would turn my wife’s two smart phones into one device.

The enterprise manager has control of the hypervisor and one of the partitions that runs the enterprise version of Android populated with approved applications. The other partition runs Android as well. Switching is just a button-click away with the status LED color indicating which partition is active.

Green Hills also added a feature whereby an icon for an app that runs on the user’s Android partition can appear on the secured side. This status is noted via a red lock on part of the icon. Tapping the icon runs the application as expected, but it switches to the user’s partition to do so. There is not a matching mechanism for switching to apps on the secured side.

I would like a version of this where I could provide an enterprise partition that could be managed remotely. Bring-your-own-device (BYOD) will work likely work this way in the future. I will not have to worry if the enterprise wants to reconfigure or trash its partition since it will not affect mine. 

Please or Register to post comments.

What's alt.embedded?

Blogs focusing on embedded, software and systems

Contributors

William Wong

Bill Wong covers Digital, Embedded, Systems and Software topics at Electronic Design. He writes a number of columns, including Lab Bench and alt.embedded, plus Bill's Workbench hands-on column....
Commentaries and Blogs
Guest Blogs
Dec 15, 2014
blog

Who Are You? (I Really Want to Know!) 3

Borrowing a stanza from The Who’s hit song seemed like a good way to bring attention to a critical topic often ignored by engineers. When finding information on a company that has an interesting product, what do we do? Of course, we look at its Web page to learn more....More
Dec 15, 2014
blog

Bridging Technical Communication Barriers Between Cultures

Understanding technical concepts in different languages can sometimes prove to be difficult, particularly when you have to communicate it. In this article, I discuss the challenges and possible courses of action....More
Dec 1, 2014
blog

Programming Efficiency 7

When I started college, the Intel 4004 was being designed. The C programming language and UNIX operating system were being developed (unbeknownst to me). I did most of my programming in BASIC on an HP 2100 series mini-computer....More

Sponsored Introduction Continue on to (or wait seconds) ×