In order to establish a security posture for our systems and ensure we’re enabling the right security protections, we need to clearly define what our threat model is. A threat model guides us in selecting appropriate system configurations and options, to determine if we have enough security in place, and to determine if that security protects from actors with the given level of access.
Read MoreMost security mechanisms in Linux are focused on protecting users while the system is powered on. This makes sense, since most computing happens while the computer is powered on, but there is an entire class of attacks that can occur while the system is off. Imagine an attacker removes the hard drive, makes changes to it, and replaces it. How can we detect and defend the operating system’s code against such an attack? The answer is by using a of file system integrity scheme. (The more general problem of preventing an attacker from changing user data or extracting secrets is a discussion for another time.)
Read MoreSomewhere in the early days of computing, it was decided that a minimum of two classes of privileges were required on a system – a normal user and an operator or administrator. Ever since, there has been a never-ending cat-and-mouse game of elevating a user to operator or administrative access. It should be no surprise then, that recent CVEs such as CVE-2021-4034, colloquially called POLKIT, provide yet another tool in attacker’s toolbox for achieving root-level access (operator or administrator level privileges).
Read MoreLet’s begin with a simple question: How are files accessed, and what steps are involved?
We can all agree data access has become ingrained in daily life. However, we don’t give much thought to where that data lives or the process that occurs before we see it. This is an intentional abstraction meant to limit the basic knowledge necessary to perform most data-related tasks. The Linux variant of this is called the Virtual Filesystem, or VFS for short. The VFS acts as the interface between the user and the file’s backing filesystem, masking any implementation details behind generic calls such as `open()`, `read()`, `write()`, etc.
Read MoreEmbedded device security is an overwhelming task. Either there are innumerable requirements, no requirements, or you are tasked with writing your own internal requirements.
At the end of the day, even if you’ve addressed all of these requirements, will that have been adequate to keep your device secure? Maybe not. That’s because your embedded device just might end up in the hands of an attacker...quite literally. Therefore, ensuring your software and data is safe when (not if) an attacker breaks in is essential. This is why, while it’s tempting to jump into identifying security solutions that “check the box” for your requirements, it’s often more helpful to start by first taking a step back.
Read MoreIt's almost always a bad idea to write more than a few lines of code, assume they work as intended, and move on to a separate task. Even after the change compiles successfully, and even after code reviews, there's always the chance that some underlying assumption turns out to be wrong, yielding unexpected results in edge cases. Once such a bug is introduced, it might linger for long periods of time if that section of code isn't in frequent use.
Read MoreWe worked with Curtiss Wright by pre-integrating these two technologies. Integration of the CHAMP XD1 and Titanium Security Hypervisor followed a number of steps leading us to the final solution; steps that can be followed by anyone for the same results. The integration was straightforward. Here's how we did it:
Read MoreIn an FCW research report, 72% of respondents were comfortable running mission-critical systems on virtual machines, and that was in 2013. At the time of this writing (2021), that number is even higher, and programs are considering the size, weight, and power (SWaP), development, and security costs of virtualization for their next-generation programs. When you consider the benefits of virtualization on defense platforms, it's easy to understand why. Consider the following benefits:
Read MoreIn the infancy of computing, passwords relied heavily on trust. These early passwords were relatively short and simple. As the trust eroded and the threat model changed, we started to enforce restrictions around passwords such as minimum length and using encrypted passwords for system access. As computing continued to evolve, it became even easier to guess or manipulate passwords thereby driving more artificial complexity and, ultimately, user hate and non-compliance.
Let’s take a step back, evaluate some password threats, review their protections, and challenge evolving complexity requirements.
Read MoreThere is no silver bullet to security, and even more importantly, there is no single source of truth for what security options are available, what they do, and what impacts they have, or even how they all work together.
In this post, we will enumerate the many security mechanisms that can be operationally deployed in an embedded system running Linux in order to secure that system from common software attacks. While the traditional approach to security relies on the CIA triad of confidentiality, integrity, and availability, the majority of this post is primarily focused on the principles and enforcement of integrity.
Read More
