Bring your own filesystem (BYOF) attacks have become increasingly common. In a BYOF attack, an attacker delivers payloads to a target, as it minimizes their footprint and system-level interactions. From a practical perspective, how would (or could a system designer) defend against these attacks? Even more so, how can a system designer implement proper defenses to even prevent similar types of attacks in the future without just trying to plug all the possible holes retroactively.
Read MoreEmbedded device security is an overwhelming task. Either there are innumerable requirements, no requirements, or you are tasked with writing your own internal requirements.
At the end of the day, even if you’ve addressed all of these requirements, will that have been adequate to keep your device secure? Maybe not. That’s because your embedded device just might end up in the hands of an attacker...quite literally. Therefore, ensuring your software and data is safe when (not if) an attacker breaks in is essential. This is why, while it’s tempting to jump into identifying security solutions that “check the box” for your requirements, it’s often more helpful to start by first taking a step back.
Read MoreThe Crucible Embedded Hypervisor mitigates the recent rash of CPU-based information leakage / unauthorized disclosure vulnerabilities, including those made public in CVE 2018-3620 and CVE 2018-3646. The Xen project further classifies these vulnerabilities under XSA 273. Crucible inherently mitigates these speculative execution (and related Spectre / Meltdown) vulnerabilities as a result of its explicit hardware resource allocation strategy, and overall secure-by-design configuration.
Read MoreOne of the key operating principles of LURE – The Linux, Unprivileged Root Environment, is to make ‘root’ or privileged access to an IoT or industrial control device, a “don’t care”. This “don’t care” principal enables LURE to provide brickerbot defense and protect devices from malware attacks such as BrickerBot
Read More