Use a virtual platform to maintain security
October 19, 2016
Recent news shows that security is a key challenge to the wide scope and deployment of IoT, with varied consequences across many IoT markets. Imagine...
Recent news shows that security is a key challenge to the wide scope and deployment of IoT, with varied consequences across many IoT markets. Imagine automotive hijacking. Power grid failure. Financial security breaches. Health care hacking. The consequences are severe. While successful security measures in the IoT ecosystem will accelerate the explosion of its many markets, poorly implemented security will be a significant impediment to the growth of IoT.
Security presents a multi-level challenge incorporating both hardware and software. A pragmatic, cross-functional approach to security in embedded devices and systems is needed. Among the approaches being used for security, hypervisors show excellent initial results. Hypervisors are a layer of software that sits between the processor and the operating system (OS) and applications. A hypervisor allows guest virtual machines (VMs) to be configured on the hardware, with each VM isolated from the others (Figure 1). This isolation enables one or more guest VMs to run secure operating systems or secure applications.
Hypervisors have become increasingly common in mil-aero, factory automation, automotive, artificial intelligence, and the IoT. Embedded hypervisors face evolving demands for isolation, robustness, and security in the face of more diverse and complex hardware, while at the same time minimizing any power and performance overhead.
[FIGURE 1 | The Seltech FOXvisor hypervisor running on an Imperas virtual platform, with three guest VMs each with a separate instance of the Toppers OS.]
With hypervisors, secure applications, secure communications, or any approach to security, you not only have to develop the approach, but you have to test it. How can you assert that a system hasn’t been compromised by functionality that was not part of the intended design? How can the data in the system be secured?
While virtual platforms help with secure system development, verification and validation is where virtual-platform-based tools really come into their own. Virtual platforms are a key piece of the test solution, encompassing both hardware and software for a systems validation methodology, with comprehensive testing of interrelated hardware and software effects.
For developers, a virtual platform can accelerate the porting of security practices to various processor cores and devices. Virtual platforms include processor and peripheral models necessary to boot an operating system or run bare metal applications. Such platforms can be used to port and bring up a secure software stack on new virtual hardware, for secure embedded systems.
Virtual platforms in general deliver advantages over hardware-based testing, including controllability, observability, repeatability, and automation of simulations including both hardware and software. Imperas, for example, utilizes its SlipStreamer technology to build non-intrusive tools, tools that require no instrumentation or modification of the OS or application. These tools include hypervisor- and OS-aware tools, and other test tools such as code coverage and fault simulation.
Also of note regarding security issues, the prpl Foundation Security Working Group has brought together companies and individuals with expertise in various aspects of embedded systems and security to document current best practices and derive recommended new security practices for embedded systems.