comment on this article

Wind River delivers cybersecurity and anti-tamper protection

Wind River has unveiled security enhancements to Wind River Studio, a cloud-native platform for the development, deployment, operations, and servicing of mission-critical intelligent systems.

Studio enables companies to meet cybersecurity and anti-tamper requirements, helping to secure devices and systems throughout their development, deployment, and operation.

As security threats mount each new connected device represents a point of entry that can be exploited by a cyberattack. In 2020, IoT devices were responsible for 32.72% of infections observed in wireless networks, more than twice that in 2019. Industries with higher dependency on software and intelligence-based systems are starting to demand that security be addressed at every step in an intelligent system’s lifecycle.

“In an intelligent systems world where devices are expected to connect and compute together in near real time, cyber security is a design necessity and no longer a “nice to have.” This is even more true for mission-critical systems, such as those in the energy, aerospace and defense, and industrial sectors. Recent research with executive leaders in these sectors have shown us that companies on a successful path with their intelligent systems were twice as likely to have built-in deep cyber protections for their systems than any other group,” said Cyra Richardson, chief product officer, Wind River. “Security must be taken seriously – the only way to do that is to be proactive. It will be important for solution builders, both hardware and software, to be thoughtful stewards and strong advocates for cybersecurity in order to deliver trustworthy compute infrastructure.”

In response, the latest version of Wind River Titanium Linux, developed by the Wind River technology protection and cybersecurity group Star Lab, is offering a Linux system-hardening and security capability and is available on the market for operationally deployed Linux systems.

Key features for Titanium Linux include secure boot, anti-tamper protections, and the ability to simplify mandatory access control (MAC) policy creation.

To address security problems across multiple industries and geographies, Titanium Linux security controls also map to key IoT security guidelines, such as NIST IoT cybersecurity-related initiatives; OWASP IoT security projects; IoT Security Foundation protocols; and guidance from the European Union Agency for Cybersecurity, ETSI, GSMA, and several others.

Designed using a threat model presuming an attacker will gain root (admin) access to a system, Titanium Linux maintains the integrity and confidentiality of critical applications, data, and configurations while assuring operations. Titanium Linux hardens the kernel against attack while enforcing MAC on customers’ applications and data. Even if an attacker exploits the system and gains administrative access, they still cannot extract or maliciously modify sensitive data and code.

Additional key security capabilities that Wind River Studio enables include:

  • Support in preventing the accidental release of vulnerable code using industry-leading code scanning and analysis tools. Capabilities include code coverage analysis, static analysis, both quick and deep code scan, and secure container management.
  • Cloud and device attestation based on x.509 certificates and secure secret storage to mitigate person-in-the-middle attacks that would leak customer, device, and mission-sensitive data.
  • Hardened Linux kernel to prevent tampering and reverse-engineering attacks on the Wind River Linux kernel, sensitive applications, and data. This includes prevention of stack overflows, heap overflows, information disclosure (zeroing freed memory), and kernel overwrite. The hardened kernel uses two additional techniques to thwart exploits: kernel address space layout randomization (KASLR) to limit injection attacks and hardware segregation to limit modification of kernel memory.

Neil Tyler

Comment on this article

This material is protected by MA Business copyright See Terms and Conditions. One-off usage is permitted but bulk copying is not. For multiple copies contact the sales team.

What you think about this article:

Add your comments


Your comments/feedback may be edited prior to publishing. Not all entries will be published.
Please view our Terms and Conditions before leaving a comment.

Related Articles

ADAS deep learning

Renesas has unveiled the R-Car Software Development Kit (SDK), a software ...

Get to market faster

A quick look at using Vicor's PFM and AIM in VIA packaging for your AC to Point ...

World IoT Day

ByteSnap Design, a specialist in embedded systems design and development, has ...

Semiconductor boom

Compared to an ailing steel industry, just a few years ago, the semiconductor ...

New possibilities

With the recent investment in the business by DBAG congatec is poised for ...