Built-in RTOS Security for Connected Embedded Devices

May 1, 2018

Built-in RTOS security features were originally introduced to secure deployed military systems. However, today they are widely used in all industries that must secure the functionality of connected devices. The widespread use of built-in secure RTOSs is attributed to increasing cyber-attacks, especially among industries connected to human life. These industries include smart homes, connected medical devices, critical industrial/infrastructure control systems, and connected vehicles among others.

Due to the nature of software and real-time operating systems (RTOSs) used to run embedded devices, they are less prone to cyber-attacks compared to mainstream computer systems. Also, most embedded devices are connected via proprietary networks as opposed to the internet, making them less accessible to cyber-attackers.

However, as the Stuxnet worm discovered in 2010 proves, embedded systems are not entirely safe from attacks. The Stuxnet attack entailed the attack of an Iranian microcontroller that was connected to a proprietary network in a locked-down facility. The system was subverted and control was taken over by a virus that was targeted at the microcontroller’s specific application.It relied on traditional malware techniques like a USB stick and phishing emails to reach its target.

So, what can be done to prevent cyberterrorism against connected embedded systems?

The use of built-in Security Systems

The utilization of a military-grade secure RTOS is a great starting point because it supports built-in security features from the lowest application level to prevent cyber-attacks at the point of entry. A military secure RTOS offers core security concepts that provide OS protection against malicious attacks regardless of their mode of entry into the system. An RTOS with built-in security features is the ideal protection for embedded connected devices because it offers real-time features, supports required network functionality, and has smaller footprint compared to general-purpose operating systems like Linux.

In addition, a real-time operating system provides advanced security protection like file system objects, discretionary access control, identification and authentication control of users, fine-grained user access control, device and system quotas that thwart DDoS attacks, protection of residual information that prevents attacks through viewing and reusing used memory, and trusted path mechanisms for guaranteed communication links.

Protection Against Malicious Attacks

Authentication and identification is a security process that entails recognition of valid user identities and authentication of the identities by a network device. If users are identified and authenticated properly, embedded devices are at less risk of being accessed by unauthorized users. The basic user authentication industry standard is known as OpenPAM (Pluggable Authentication Modules); it offers a generalized application programming interface that allows applications to utilize different dynamically invoked authentication modules. A strong authorization and identification mechanism reduces the risk of unauthorized users accessing embedded devices.

Another strategy, discretionary access controls (DAC),is a way of limiting access to objects like directories, files, applications and devices based on the recognized user identity and the user group they belong to. DAC offers top-notch control over who can access different objects if implemented with (ACL) access control lists. It offers networked devices the ability to control the users who can access and execute data and files on the devices.

Roles and capability rules offer fine-grained privilege levels among different user classifications. In UNIX and similar systems, the privilege to conduct administrative tasks is a duty designated for the root user who can view or modify the entire system. Regular users have no administrative privileges. This all-encompassing administrative privilege makes UNIX highly susceptible to abuse, be it malevolent or unintended. With DAC, roles and capabilities are transformed from an all-powerful root user to one that can develop multiple administrative roles that contain privileges subsets known as capabilities that are particular to the task at hand. Embedded devices that adopt distinct roles with limited capabilities tend to be more secure against attacks designed to compromise specific user accounts within the system.

As embedded devices become more connected to the internet, cyber-attacks have become more sophisticated as well. This necessitates the need forbuilt-in security features at the OS level, like a secure RTOS, because most cyber threats get into devices via OS vulnerabilities.