10 Properties of Secure Embedded Systems

It's not fair.

When attacking an embedded system, it takes only one vulnerability to lead to an exploit.

This means, when tasked with securing an embedded system, the defender must think through and be prepared to protect against every possible vulnerability. Overlook just one opening and the attacker may find it, take control, steal your secrets, and create an exploit for others to use anytime, anywhere.

Worse yet, that same attacker may use an initial compromised device to pivot from one exploited subsystem to another, causing further damage to your network, mission, and reputation.

In this blog post, we present the Top 10 properties of highly-secure embedded systems – insight that is based upon decades of experience engineering security solutions across a number of high-value military and commercial platforms.

Linux Security Modules (LSMs) vs Secure Computing Mode (seccomp)

You are a security conscious systems-engineer using a Linux-based operating system for your project. You’ve already taken a tour of Linux Security Modules (LSMs) and know how you might use them to increase the security of your system.

However, you may have also heard about Linux’s Secure Computing (seccomp) facilities. You may wonder how LSMs and seccomp compare to one another, why you cannot implement the features of seccomp as an LSM, and when you should use each. This post aims to provide some answers.

Seccomp and LSMs both result in the kernel constraining how a process interacts with the system, but with important differences. Namely, Secure Computing Mode, or seccomp, is about limiting the system calls a process can make. LSMs, in contrast, are about controlling access to objects in the kernel.