Posts tagged SELinux
The Linux Security Hardening Checklist for Embedded Systems

There is no silver bullet to security, and even more importantly, there is no single source of truth for what security options are available, what they do, and what impacts they have, or even how they all work together.

In this post, we will enumerate the many security mechanisms that can be operationally deployed in an embedded system running Linux in order to secure that system from common software attacks. While the traditional approach to security relies on the CIA triad of confidentiality, integrity, and availability, the majority of this post is primarily focused on the principles and enforcement of integrity.

Read More
The Most Secure Linux for Embedded Systems – Hint, It’s Not Enterprise Linux

Don’t get upset.

We fully acknowledge that the hard-working people who make enterprise type Linux distributions want to help their customers achieve secure systems and they strive to improve the security posture of their distributions all the time.

However, there are two major areas where these developers run up against a nearly insurmountable wall.

First, they use a different threat model. An enterprise distribution of Linux is designed with a threat model suited to datacenter/cloud deployments, but embedded and cyber-physical systems face a wider array of threats including situations where the attacker may have physical access to the system.

Second…

Read More