Embedded Computing Design (ECD) recently sat down with Wind River’s Chief Security Architect Arlen Baker to discuss the latest trends in security.
ECD: What is security?
Baker: Unlike safety, which is when the system must not harm the world, security looks at how the world could harm the system. In some ways this is a much more complex engineering problem. We have many more aspects of how this might occur, who might try to do this, and the consequences of this happening. Security becomes more complex over time, because we cannot control the outside world. Just think of your computer systems that need constant attention and upgrades to security threats, and the impact of these threats if we do not take action.
For Wind River, security is protecting our customers’ digital assets.
ECD: What is Wind River's stance on security?
Baker: Security is embedded in everything that we do. It is part of our DNA and rich heritage of nearly 40 years in mission-critical systems across critical infrastructure sectors. It is built into all the technologies we provide to help our customers develop trusted and reliable solutions. It is the foremost thing we take into consideration in everything that we do at Wind River, especially when we develop and release our products. Even with product support, security is always top of mind, and we ensure our software solutions can work in a variety of different critical infrastructure environments, where security is more important than ever.
ECD: What does that mean for your customers' embedded devices and how do you protect those systems once they're in the field?
Baker: We’ve found that security means different things to different people, and everybody is at a different place on their journey for understanding security, and how it impacts their embedded design. So we’ve taken the industry standard Confidentiality, Integrity, and Availability (CIA Triad) model used to define security, which we've broken down into security related implementations. That does two things. First, it helps educate our customers so they can understand what it means to secure their device, given they're coming at security from different perspectives. Second, we want to make sure that we are the customers' trusted advisor and that we walk the journey with them from day one through design and develop through the time the device hits the field and is deployed. Using our Helix Security Framework, essentially the decomposition of the CIA Triad, becomes our systematic approach in working with customers to secure their devices.
ECD: Many vendors make the same claim that security is part of their DNA. If I'm a developer, why should I go with Wind River over a competitor?
Baker: Wind River takes a holistic approach to security that starts with product design, and includes product security incident response and patching behavior to deal with the inevitable threats. And we are differentiated in our deep expertise that spans critical infrastructure sectors from aerospace and defense to industrial and transportation. We offer customizations to help configure the wide range of security implementations our products and solutions provide. This customization enables the device to meet the specialized security needs across vertical markets.
While security concerns are industry-, and even company-specific, Wind River products contain fundamental security features that span vertical markets. These features include encryption/decryption, digital signature generation and verification, Diffie-Hellman key establishment, and cryptographic attestation.
How does Wind River protect a product throughout its lifetime, not just at the time of development?
Baker: We have a process in place where we monitor and triage the common vulnerabilities and exposures (CVEs) as they apply to the third-party components that are in our products. If we determine it applies to our products, we ensure that the applicable patches are integrated into our products, thoroughly tested, and released to our customers in the next iteration of our release cycle.
ECD: How do you handle over-the-air (OTA) updates?
Baker: Our approach is that we want to make sure that we support our customers from a continuous integration, continuous development approach. That's why when we make these updates available, we can seamlessly integrate them into the customers' development and release process. We understand that most customers approach the OTA process a little bit differently. Our goal is to enable the customer to release those patches to their deployed devices, using their infrastructure, as soon as possible. We also have OTA solutions for our customers that are customized to fit their workflow and functional requirements. This includes Edge Sync for automotive, as well as solutions for Wind River Linux and VxWorks.
ECD: The Internet of Things (IoT) makes security a more difficult challenge because there are so many more points of vulnerability. How does Wind River handle that?
Baker: With these different vulnerability issues, it comes down to how the device is fielded and how it’s used. With connected devices we need to make sure we have the appropriate security components in place, such as firewalls along with a secured initialization process. We also want the ability to attest our customers’ systems during operation to cryptographically prove that the software that's running at operation time is the same software that they started with when the device performed its secure initialization processing.
As we saw with the recent Urgent 11 vulnerability, what’s most important is having vendors like Wind River with a long track record of developing, delivering, and supporting secure development processes and products to ensure products are developed as securely as possible out of the gate and respond immediately when new vulnerabilities are discovered. We encourage and participate in responsible security research and disclosure as the best way to counter the threats to all types of devices, and to mitigate any threat to our customers when they are discovered.
ECD: How do the various Wind River products specifically enable security?
Baker: Across our portfolio, we provide a comprehensive set of security features to efficiently and effectively safeguard devices, data, and intellectual property in the connected world, securing it while it is at rest inside devices and when it travels across the network and into cloud environments. Our built-in security features and services security offerings, along with our development processes, meet rigorous security requirements across industries.
For example, VxWorks, our real-time operating system, operates in safety- and security-critical environments where real-time responses are needed to enable partitioning of applications on the same platform. It provides a hardened kernel, secure communication, and data protection, protecting connected devices at every stage from boot-up to shut-down.
Wind River Linux enhances the security of community Linux, adding high levels of security with monitoring, patches, and integration of key security features.
Our Titanium product line is the industry’s only fully integrated virtualization platform with carrier grade security, delivering high integrity (i.e., monitoring and recovery) and confidentiality (i.e., secure storage and encryption). Along with that, our Helix Virtualization Platform consolidates multi-OS and mixed-criticality applications onto a single-edge compute software platform, simplifying, securing, and future-proofing critical infrastructure applications.
Finally, Wind River Simics provides an efficient and effective means of researching, analyzing, and testing a wide variety of attack methods and security countermeasures in a flexible and scalable environment, and in ways that would simply not be feasible with physical systems.
We also have a long-term security services offering that lets customers running older versions of our products receive the same security-related patches that our more current products have.
ECD: With respect to applications areas, are there some that are more difficult to secure and are there application spaces that just don’t do a good job of security?
Baker: There is a significant amount of legacy software in use today. Unfortunately, much of this legacy software has lower cohesion. We enable customers to partition that legacy software by our security features of virtualization and real-time processes. This helps limit the attack surface of the device when major, externally facing functions are impacted. Partitioning is a great security implementation to mitigate your entire system from being attacked. So instead of a single all-in-one software component, we want to break it down into smaller partitions, have controlled messaging between those partitions, and then we can determine that those partitions or processes are executing the way that they're supposed to.
ECD: Are developers today doing everything that they should in terms of security?
Baker: Unfortunately, there just aren’t sufficient resources to verify that every facet of an architecture and platform is as bulletproof as it can be. That's where Wind River can help, not only with our products, but with our professional services offering where we can perform a security assessment on the customer's device and get an understanding of the operational environment that the device works in, the assets of the device, and the vulnerabilities to those assets. The assessment provides a detailed report along with the list of security implementations that can be used to protect those assets against those identified vulnerabilities.
ECD: How do you think the security landscape will be changing over the next 18 months?
Baker: The security landscape continues to evolve and change almost daily based on the different threats that are out there. Here are three that Wind River is monitoring closely. First, 5G is going to finally enable a massive proliferation of connected devices, which will generate/drive massive amounts of data (where the bad guys can hide), posing significant security risks. The only way to solve this problem of finding and preventing malicious activity hiding in massive data sets is to apply machine learning techniques.
Second, the shift from on-prem development to public cloud, and in many cases multi-cloud, based on things like spot pricing, is requiring the application of security policies and in some cases just basic governance controls across pre-deployment cloud workloads (i.e., kubernetes, containers, serverless compute). Maintaining consistent security and governance as workloads that move back and forth across different public cloud providers is an emerging area that we expect will continue to move up the stack in terms of priority for CISO’s and CIO’s.
And finally, we’re seeing changes in cryptography and quantum computing, which impact current cryptographic algorithms, both symmetric and asymmetric. We're closely watching quantum computing and the quantum resistant algorithms that NIST is working on because we want to make sure that our customers have a path to support those quantum-resistant algorithms as they become available.
About the AuthorFollow on Twitter Follow on Linkedin Visit Website More Content by Rich Nass