Whitelisting as a key weapon in the battle for embedded device security

Whitelisting as a key weapon in the battle for embedded device security


If you are an embedded software developer involved IoT projects , you’ve no doubt read the recent warning issued by the Federal Trade Commission  about cybersecurity risks associated with the hyper growth of smart devices being connected to the internet.

Indeed, you have to be living on another planet if you have not heard about the security flaws in door-locking software that enabled hackers to break in and unlock the doors of certain BMW and Rolls-Royce models, or the ‘developer mode’ hack that enabled presenters at the 2014 Black Hat conference  to take over and reprogram a Nest thermostat.

The FTC didn’t just issue their warning, they made several recommendations for companies who want to take full advantage of the opportunities offered by the Internet of Things, without compromising security. The first of these recommendations was “Build security into devices at the beginning of the design process, not as an “afterthought” of that process.” That is exactly the approach we at Wind River have been recommending for several years, and have been writing about in white papers such as “Five Steps to Improving Security in Embedded Systems”. The FTC further recommends establishing processes and procedures that would limit physical access to devices, limit access to the data on the devices on a “need to know” basis etc.. But even with the industry’s best practices in security implemented, there’s always the possibility that an intruder will find some way to circumvent your defenses, and get their malware onto you intelligent device. That where whitelisting comes in, as one final gatekeeper.

The idea behind whitelisting is simple: maintain a list of the applications and processes allowed to run on a device. Compare the digital signature of every process that wants to run against the one authorized on the whitelist – and block any process which is either not on the list or whose signature does not match. Whitelisting is particularly useful in the context of embedded devices, since they are usually single-purpose or limited-purpose devices, with a fixed set of processed whose identity is known well in advance. Because of its suitability to the task, Wind River’s Intelligent Device Platform (IDP) has incorporated whitelisting solutions such as these available through Integrity Measurement (IMA) and GRsecurity from day one. With the Intel IoT Gateway, we have taken this one step further and incorporated McAfee Embedded Control to dynamically manage whitelists .

This is all well and good, but eventually , the software stack on your intelligent device or gateway needs to be updated – a new version of your application, an update to the operating system , or a firmware patch to fix a security vulnerability – how do you keep you whitelist updated and synchronized with the new version of the software? Well, if you are a user of Wind River’s recently announced Edge management System (EMS) – you need not worry – that is all taken care of, automatically. Wind River’s EMS has been tightly integrated with the security features of the Intel IoT gateway and the EMS agent will automatically receive a new, authenticated (via digital signatures) version of the software, perform the software update, and then update the whitelist  once the new version has been successfully installed.

And you…? You can take the rest of the day off, no one needs to know how simple that update was!