Many software development teams are inclined to base industrial system designs on common Linux distributions, or even develop their own in-house. This is not always advisable from a security perspective, as implementing formal security development practices can be a costly, time-consuming endeavor that distracts from the goal of delivering value-added industrial products.
While the open-source Linux community has a solid history of bug fixes and security patches, this safety net can diminish for development teams over time and as in-house codebases evolve away from the community baseline. Throughout the deployment lifecycle of an industrial embedded device, software development teams will have to assume responsibility for securing not only their core Linux distribution, but also a growing amount and complexity of application code.
Organizations must determine whether the flexibility and agility of open-source Linux-based development environments provide enough value to offset maintaining a secure codebase over the life of their products.
The Value and Cost of Secure Software
Currently, more than 500 active vulnerabilities affect the Linux kernel, ranging from overflows and bypasses to memory and privacy bugs.
One of the main drawbacks to supporting a secure Linux distribution is that security is difficult to monetize and does not add much value in the eyes of customers. Security is now an expectation, noticed only when it doesn't work.
But from a secure software development lifecycle (SDLC) perspective, there are many high-profile considerations. These include implementing best practices across the assessment, architecture, design, implementation, and deployment phases of the SDLC, as well as provisions for monitoring and maintaining software long after it has been deployed in the field on an IoT device.
Beneath these practices lie strategies for addressing technology, operational, and lifecycle requirements (Figure 1). These include how the software stack interacts with underlying silicon, what development and test tools are used and how, the ways in which third-party services are integrated, encrypted network connectivity, and the device management and update process.
In addition, the nature of IoT devices means that mechanisms for monitoring threats like the common vulnerabilities and exposures (CVEs) listed in MITRE's security database must be in place to safeguard devices in the field as new threats emerge. This requires that development teams are agile enough to identify vulnerabilities quickly, notify clients, and deliver security patches and bug fixes over-the-air (OTA) before damage occurs.
Not only is this infrastructure costly to build and put into practice, it can take years to refine properly.
Bridging Open-Source Flexibility with Industrial-Grade Security
An alternative is to partner with a vendor that already has a secure SDLC and practices in place. Wind River Pulsar Linux, for example, is a containerized Linux distribution based on Yocto Project tools and processes that provides software engineers with the flexibility of an open-source environment alongside the backing of commercial-grade bug and vulnerability fixes (Figure 2).
The security and flexibility of Pulsar Linux begin with its container architecture, which isolates critical software components such as the Linux kernel and user space libraries from applications that would be deployed on an industrial device (Figure 3). Applications are also isolated from one another in these containers, effectively segregating vulnerabilities that may arise in one application from affecting other sensitive code or resources.
Not only does this architecture facilitate application integration from other popular Linux distributions like Red Hat or Ubuntu, it eases codebase updating and management by separating software components and reducing dependencies.
The core of the Pulsar operating system (OS) borrows select packages and middleware from traditional Wind River Linux, including market-specific profiles for security, virtualization, and carrier-grade functionality (Figure 3, above). The OS was developed using Wind River's security framework, which takes advantage of security features available on Intel® processors such as Intel® Trusted Execution Technology (Intel® TXT), secure boot, and hardware acceleration of encryption algorithms with Intel® Advanced Encryption Standard New Instructions (Intel® AES-NI).
But the primary benefit of Pulsar for industrial organizations and developers is as a turnkey software infrastructure platform. Rather than customers porting Pulsar to a hardware platform and creating and maintaining their own distribution, Pulsar is available as a certified binary image on select hardware targets and maintained by Wind River and the OEM.
As part of this maintenance, Wind River monitors security databases like MITRE for vulnerabilities that could impact Pulsar software components and also issues patches that can be downloaded directly from an online support system repository by the user. These patches can then be installed on any applicable OS containers.
Open-Source Flexibility, Commercial-Grade Security, or Both?
As the industrial IoT technology market continues to mature, the value of engineering is increasingly at the application layer and not in a system's underlying infrastructure.
Wind River Pulsar Linux takes this concept to the next level by packaging a commercial-grade, secure distribution with certified hardware platforms that allow engineering teams to focus on application development in a familiar open-source environment. The combined solutions are available as a single bill of materials (BOM) item with maintenance included.
According to a Wind River study, commercial Linux solutions can save industrial organizations up to 53 percent of the total cost of ownership (TCO) of developing, deploying, and maintaining a secure Linux distribution over the life of an IoT product – not to mention the potential ramifications of security exploits.
For more detail on how Wind River Pulsar Linux makes software engineering organizations more agile, watch the “Providing Secure IoT Platforms at the Edge” webinar.
About the Author
Brandon is responsible for Embedded Computing Design’s IoT Design, Automotive Embedded Systems, Security by Design, and Industrial Embedded Systems brands, where he drives content strategy, positioning, and community engagement. He is also Embedded Computing Design’s IoT Insider columnist, and enjoys covering topics that range from development kits and tools to cyber security and technology business models. Brandon received a BA in English Literature from Arizona State University, where he graduated cum laude.Follow on Twitter More Content by Brandon Lewis