Use a virtual platform to maintain security

October 19, 2016 OpenSystems Media

Recent news shows that security is a key challenge to the wide scope and deployment of IoT, with varied consequences across many IoT markets. Imagine automotive hijacking. Power grid failure. Financial security breaches. Health care hacking. The consequences are severe. While successful security measures in the IoT ecosystem will accelerate the explosion of its many markets, poorly implemented security will be a significant impediment to the growth of IoT.

Security presents a multi-level challenge incorporating both hardware and software. A pragmatic, cross-functional approach to security in embedded devices and systems is needed. Among the approaches being used for security, hypervisors show excellent initial results. Hypervisors are a layer of software that sits between the processor and the operating system (OS) and applications. A hypervisor allows guest virtual machines (VMs) to be configured on the hardware, with each VM isolated from the others (Figure 1). This isolation enables one or more guest VMs to run secure operating systems or secure applications.

Hypervisors have become increasingly common in mil-aero, factory automation, automotive, artificial intelligence, and the IoT. Embedded hypervisors face evolving demands for isolation, robustness, and security in the face of more diverse and complex hardware, while at the same time minimizing any power and performance overhead.

[FIGURE 1 | The Seltech FOXvisor hypervisor running on an Imperas virtual platform, with three guest VMs each with a separate instance of the Toppers OS.]

With hypervisors, secure applications, secure communications, or any approach to security, you not only have to develop the approach, but you have to test it. How can you assert that a system hasn’t been compromised by functionality that was not part of the intended design? How can the data in the system be secured?

While virtual platforms help with secure system development, verification and validation is where virtual-platform-based tools really come into their own. Virtual platforms are a key piece of the test solution, encompassing both hardware and software for a systems validation methodology, with comprehensive testing of interrelated hardware and software effects.

For developers, a virtual platform can accelerate the porting of security practices to various processor cores and devices. Virtual platforms include processor and peripheral models necessary to boot an operating system or run bare metal applications. Such platforms can be used to port and bring up a secure software stack on new virtual hardware, for secure embedded systems.

Virtual platforms in general deliver advantages over hardware-based testing, including controllability, observability, repeatability, and automation of simulations including both hardware and software. Imperas, for example, utilizes its SlipStreamer technology to build non-intrusive tools, tools that require no instrumentation or modification of the OS or application. These tools include hypervisor- and OS-aware tools, and other test tools such as code coverage and fault simulation.

Also of note regarding security issues, the prpl Foundation Security Working Group has brought together companies and individuals with expertise in various aspects of embedded systems and security to document current best practices and derive recommended new security practices for embedded systems.

Larry Lapides is a Vice President at Imperas Software. Larry was an Entrepreneur-in-Residence at Clark University’s Graduate School of Management, where he developed and taught a course on Entrepreneurial Communication and Influence. Larry holds an MBA from Clark University in addition to his MS Applied & Engineering Physics from Cornell University and BA Physics from the University of California Berkeley.

Larry Lapides, Imperas
Previous Article
Securing legacy embedded systems in the IoT
Securing legacy embedded systems in the IoT

The rapid expansion of the Internet of Things (IoT) is transforming our national infrastructure and that of...

Next Article
Can government-funded innovation solve the cyber security threat?
Can government-funded innovation solve the cyber security threat?

If you couldn't post updates to Twitter or binge watch your favorite shows on Netflix last Friday, you were...

×

Stay updated on security-related design topics with the security edition of our Embedded Daily newsletter.

Subscribed! Look for 1st copy soon.
Error - something went wrong!