The Internet of Things is a central to many business plans; securing it is central to the consumers who use it.
The Internet of Things (IoT) has been all over the press lately. Cisco has made it a central point of their advertising, the recent U.S. government-sponsored security summit has made grave pronouncements about how important the security of it will be, and in general people are talking about it knowingly, just as they did about the Internet about the time that people figured out what ‘WWW’ meant. The difference is that there is fresh pain in the public consciousness about the importance of security on the Internet, so there is also much more awareness of the potential security implications of the IoT.
This complicates the life of the engineers who are creating these new devices who are, generally, not security experts. The ideal situation from their point of view would be to have a piece of hardware or software that they could simply add to their device that would make it secure. There are a number of such items already available, in fact, but I tend to be skeptical that they will be the silver bullets that they say they are.
For many years Microsoft Windows was the primary security weakness on PCs. When they finally took security seriously and fixed their problems the black hat guys turned their guns on the popular applications. Adobe products have been popular targets for them for a while now. PDF readers and Java have both left open gateways for unwelcome intrusion. What is the lesson in this for embedded folk? Your system is only as strong as its weakest link.
This lesson is being played out for the IoT expansion of the Internet in fast-forward. Several new operating systems are targeting the space, and most of them are concentrating on minimal size or new networking layers. One interesting entrant that has not seen much exposure has introduced some innovations in terms of security that could give IoT devices a real leg up in terms of being more secure. That entrant is Snappy, which is a specialized version of Ubuntu Linux.
Snappy was born out of the Ubuntu Phone project, which created a slimmed-down version of Linux which is referred to as Ubuntu Core. This compression is a necessary step for participating in this embedded space, but they then took a serious look at what they could do next. That next step included two additions: transactional updates and enforced application isolation. Diagram 1 shows the structure of the result.
Transactional updates are old news to databases, but relatively new to embedded operating systems. All that it means is that if there is any problem the update can be rolled back. Anyone who has ever had a device bricked by an interrupted update can appreciate that feature. These updates are also incremental, so there is little need to completely rewrite the flash memory.
As nice as this update capability is, the real item of interest in terms of security is the enforced application isolation. Memory space protection is nothing new, but the fact that the entire filesystem outside of the playground provided to each application is kept as readonly helps a lot in terms of hardening the system. This is very different from the way that many embedded applications are built, where they have unfettered access to all of the resources on the device. The result should be a hardened set of core functionality which can be made much more secure.
Unfortunately, this still does not ‘solve’ the security problem. There are still a number of attack scenarios that can compromise the hardware, and the application itself must be written robustly to avoid it becoming the weak link in the chain. If Snappy can provide a secure operating system, though, that would be a good step forward. I look forward to trying it out.