Embedded Systems Design Europe - June/July 2008 - (Page 32)

open source cleaner running amok is annoying rather than worrying, the same principle applies to more potentially dangerous devices such as cookers, cars and alarm systems. Without transparency and access to the software details there is no way to tell if these devices are safe or secure – the only people to know will be the manufacturers. The big question is why is this software kept secret? Well the easy answer is that nearly all software is kept secret as a matter of course. Rather surprisingly, in both Europe and the USA, you can keep software secret and copyright it at the same time - surprising because the fundamental idea of copyright is to protect published works. Companies naturally gravitate to maximum secrecy for their products. The arguments for protecting proprietary investment and “intellectual property rights” seem convincing. The trouble is that the secrecy which results all too often hides shoddy design and serious errors that render the software prone to attack. Can we afford such secrecy? I would argue that in this day and age, the answer must be no. First of all, there is no such thing as a secret, there are only things that are known by a few people. If the only people with access to the knowledge are a small number of people at the company producing the software, and some bad guys are willing to spend whatever it takes to discover these secrets, do we feel secure? So what is the alternative? In recent years, a signiﬁcant trend has been far greater production and use of Open Source software. Let’s look at exactly what we mean by open source. It is indeed a somewhat general term, with several different components. First, there is the important fundamental quality that the source code can be examined by anyone. Second, there is the issue of avoiding normal proprietary restrictions that prevent redistribution and modiﬁcation of the code. Richard Stallman of the Free Software Foundation coined the term “Free Software” to refer to the rights of redistribution 32 and modiﬁcation. Here “free” is used in the sense of “Live Free or Die”, not free as in free lunch, and to Stallman, this is indeed a fundamental freedom that should apply to all software. In the case of safety-critical code that controls some device, it is important that if ﬂaws are found, they can be ﬁxed without the manufacturer standing in the way. . . . the secrecy which results all too often hides shoddy design and serious errors that render the software prone to attack. Finally, open source refers to a free environment in which code is created by an open community cooperating in software development. Such an open community exists, for example, around the GNU/Linux system, a complete operating system designed and built not by one company and kept secret, like Microsoft Windows, but instead by a global community of programmers working together. What we need is to establish is the tradition that the use of Open Source is at least desirable, and perhaps even mandatory for all critical software. Sure, this makes things a little easier for the bad guys, but they were willing to do whatever it takes to break the secrecy anyway. Importantly what this does is to make it possible to focus a world wide community of good guys to help assure that the software is solid from a security point of view. At the very least, we can assure ourselves that the software is produced in an appropriate best-available-technology manner. If we opened up a television set and saw a huge tangle of improperly insulated wires, we would deem the manufacturing defective. The same goes for a pile of ill-organized uncommented code written in C++ using all the tricks of that complex language – however the embedded software is hidden from view. There are two aspects involved in the use of Open Source in connection with security-critical software. First we gain considerably by the use of open source tools in the building and construction of such software. One way that software can be subverted is for example to use a compiler that has been corrupted in a nefarious manner. It is far easier to subvert proprietary software in this manner than Open Source – in the open source world thousands of committed developers are potentially examining software on a daily basis,. Secondly we can make the application code itself open source, allowing the wider community to examine it. Now anyone could look at the code within a vacuum cleaner, and reject devices with unsafe software. The arguments above seem easily convincing from the point of view of the public, so what’s the objection? There are two main ones – ﬁrst off people still associate open source with hobby developers and secondly many companies are dedicated to protecting their proprietary development. THE CATHEDRAL & THE BAZAAR Open Source to some brings up an image of uncontrolled projects where anyone can change anything, and where project management is minimal. Such a development environment may be helpful from an innovation point of view, but does indeed raise safety and security concerns. In an essay about the development of the GNU Linux kernel, Eric Raymond introduced the notion of the “cathedral” versus the “bazaar”, where the cathedral is a metaphor for a carefully controlled environment in which contributions are carefully monitored, and the bazaar is a metaphor for a disorganised and noisy environment where anyone can contribute anything. This is a useful image, but it would be incorrect to conclude that the “bazaar” JUNE – JULY 2008 | embedded systems design europe | www.embedded.com/europe http://www.embedded.com/europe

Table of Contents Feed for the Digital Edition of Embedded Systems Design Europe - June/July 2008

Embedded Systems Design Europe - June 2008 Contents Work in Progress to Define Compact PCI Plus Power.org Demonstrates New Tools Project Supports Multi-core System Programming Altium Links Electronic to Mechanical Design PLDs Look to Cut Power Budget and Costs Project to Provide Coverage Analysis Tool Microsoft Details Windows Embedded Update Cover Feature: Leveraging Virtual Hardware Platforms for Software Allocating Memory in MATLAB-to-C Code MDD & IDEs: Making the Twain Meet in Embedded System Designs Debugging Mixed Signal Designs for Infrequent & Random Events Why Open Source is the Natural Choice for High-security Systems Bringing the Benefits of Low Power CPUs to Modular Design New Products Advertising Contacts

Embedded Systems Design Europe - June/July 2008

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.