Embedded Systems Design Europe - October 2007 - (Page 24)

Linux In recent years, developers are increasingly adopting Linux for use in various environments. The accelerated pace of this adoption is partially due to the Linux kernel’s modular architecture, functionality, and maturity, resulting in a lower cost of ownership. One must note, however, that this growth is accompanied by complex and elaborate software solutions built atop embedded Linux devices to address the market’s increasing demands, and hence the complex security requirements of such devices. This makes implementing a holistic security strategy for Linux more challenging, especially when one considers the variety of embedded devices adopting, or planning to adopt Linux. The potential environments possess a unique set of security characteristics and requirements, and therefore, present different challenges. Figure 1 shows a typical Linuxbased architecture for a mobile phone; although basic, the complexity of this design conveys the level of challenge in providing a cohesive security for such an environment. Memory footprint and performance trade-offs are the most commonly considered constraints when designing and developing software components for an embedded device. Memory footprint is important because most embedded devices have limited memory available at run time. The performance trade-off is important because the computing power available in an embedded device is typically low, due to hardware architecture characteristics, as well as issues pertaining to power management in battery-operated devices. Low power consumption is the main reason why the ARM architecture is so popular for such devices. A set of guidelines should be followed to execute embedded design, keeping in mind the simplicity and modularity that’s desired. The reasons behind choosing these principles are ease of use and adoption of the architecture by embedded solutions where varying levels of security are to be achieved. We’ve attempted to make the approach as simple as possible to ensure that no unnecessary complexity is introduced into the system and the overall security-analysis of the system is easier to perform. The modularity of the proposed architecture ensures that the approach could also be implemented on hardware architectures that lack the security capabilities introduced, and also environments where the types of attacks (or the security assets of the system) would not require the high degree of protection provided by this approach. Secure Boot (also known as High Assurance Boot) is a technique for verifying and asserting the integrity of an 24 OCTOBER 2007 | embedded systems design europe | www.embedded.com/europe 022-023-024-025-026-027_ESDE.ind24 24 9/10/07 16:55:22 http://www.embedded.com/europe

Table of Contents Feed for the Digital Edition of Embedded Systems Design Europe - October 2007

Embedded Systems Design Europe - October 2007 Contents Linux Set to Dominate Torvalds Updates Linux Kernel ARM Establishes Smart Card Foundry Program Emerson Buys Motorola's Embedded Comms Group LynuxWroks and TTTech to Cooperate on Avionics MontaVista CEO Looks for Acquisitions in Europe Ready: Multiprocessing Technology Provides Opportunity Automotive to Drive MCU Market New Supporters Join COM Express Group Analyst Weighs TI Versus Xilinx Versus PicoChip Cover Feature: Embedded Systems Security Has Moved to the Forefront Trace Exposes the Toughest Real-Time Bugs Employ a Secure Flavor of Linux Use an MCU's Low-Power Modes in Foreground/Background Systems Transporting Video Over Wireless Networks New Products Advertising Contacts

Embedded Systems Design Europe - October 2007

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.