Jump to content

RidgeRun Platform Security Manual/Introduction/General Overview: Difference between revisions

RidgeRun Platform Security Manual/Introduction/General Overview (view source)

Revision as of 21:35, 24 January 2025

55 bytes added ,  24 January
no edit summary
VisualWikitext
No edit summary
No edit summary
Line 13: Line 13:
<br>
<br>


A system's security must be implemented both in software and hardware. This is especially relevant in embedded systems, as resources are limited, and some security features can affect the device's performance. To ensure that functionality is not affected by security measures, hardware-based features are often implemented.  
A system's security must be implemented both in software and hardware. This is especially relevant in embedded systems, as resources are limited, and some security features can affect the device's performance. Hardware-based features are often implemented to ensure that functionality is not affected by security measures.  


<br>
<br>
Line 25: Line 25:
==== Hardware Level ====
==== Hardware Level ====


Hardware-level security refers to security features that are implemented in the device hardware instead of being implemented in the device through software. This helps to reduce the use of resources when the device is performing its normal operation tasks. These features are meant to prevent the physical manipulation of the device and avoid unauthorized access.  
Hardware-level security refers to security features implemented in the device hardware instead of in the device through software. This helps to reduce the use of resources when the device is performing its normal operation tasks. These features are meant to prevent the '''physical manipulation''' of the device and avoid unauthorized access.  


Hardware-based security features often rely on cryptographic operations such as key checking to ensure that only authorized software can be executed on the device.  
Hardware-based security features often rely on '''cryptographic''' operations such as '''key checking''' to ensure that only authorized software can be executed on the device.  


Some examples of hardware-level security features are '''[https://developer.ridgerun.com/wiki/index.php/RidgeRun_Platform_Security_Manual/Platform_Security#Secure%20Boot Secure Boot]''' and '''[https://developer.ridgerun.com/wiki/index.php/RidgeRun_Platform_Security_Manual/Platform_Security#Trusted%20Execution%20Environment%20(TEE) TEE]'''.
Some examples of hardware-level security features are '''[https://developer.ridgerun.com/wiki/index.php/RidgeRun_Platform_Security_Manual/Platform_Security#Secure%20Boot Secure Boot]''' and '''[https://developer.ridgerun.com/wiki/index.php/RidgeRun_Platform_Security_Manual/Platform_Security#Trusted%20Execution%20Environment%20(TEE) TEE]'''.
Line 33: Line 33:
==== Kernel Level ====
==== Kernel Level ====


With its task of managing communication, hardware, and software resources, the kernel is a critical component of system security. To mitigate the consequences of an attack, kernel-level security is mainly focused on resource isolation and privilege separation. By having boundaries, the kernel can protect a malicious party from taking over the whole system in the event of an attack and protect the memory from being read or written by processes that do not possess the correct authorization.
With its task of managing communication, hardware, and software resources, the '''kernel is a critical component of system security'''. To mitigate the consequences of an attack, kernel-level security is mainly focused on '''resource isolation and privilege separation'''. By having boundaries, the kernel can protect a malicious party from taking over the whole system in the event of an attack and protect the memory from being read or written by processes that do not possess the correct authorization.


Another aspect of kernel-level security is integrity checking. The kernel's integrity needs to be verified by itself to ensure that modules, drivers, and configurations have not been modified without authorization. Techniques like digital signatures help ensure kernel integrity.
Another aspect of kernel-level security is '''integrity checking'''. The kernel's integrity needs to be verified by itself to ensure that modules, drivers, and configurations '''have not been modified without authorization'''. Techniques like '''digital signatures''' help ensure kernel integrity.


Examples of kernel-level security features are '''[https://developer.ridgerun.com/wiki/index.php/RidgeRun_Platform_Security_Manual/Platform_Security#Trusted%20Platform%20Module%20(TPM TPM]''' or '''[https://developer.ridgerun.com/wiki/index.php/RidgeRun_Platform_Security_Manual/Platform_Security#Key%20Management%20Systems%20(Keyring) Keyring]'''.  
Examples of kernel-level security features are '''[https://developer.ridgerun.com/wiki/index.php/RidgeRun_Platform_Security_Manual/Platform_Security#Trusted%20Platform%20Module%20(TPM TPM]''' or '''[https://developer.ridgerun.com/wiki/index.php/RidgeRun_Platform_Security_Manual/Platform_Security#Key%20Management%20Systems%20(Keyring) Keyring]'''.  
Line 41: Line 41:
==== File System Level ====
==== File System Level ====


File system-level security refers to techniques used to ensure the integrity and protect the accessibility of data stored in an embedded platform's file system. Similarly to kernel-level security, privilege management and integrity verification are key aspects of filesystem-level security.
File system-level security refers to techniques used to ensure the '''integrity and protect the accessibility of data stored''' in an embedded platform's file system. Similarly to kernel-level security, '''privilege management and integrity verification''' are key aspects of filesystem-level security.
'''
Data encryption''' is another aspect of file system security that ensures that only users who possess the '''correct key can access''' data stored on the system's disk. Encryption can be implemented for the '''whole disk''', meaning all of its contents will be accessible only if the user has access to the encryption key, or it can be implemented for '''specific files or directories'''.  


Data encryption is another aspect of file system security that ensures that only users who possess the correct key can access data stored on the system's disk. Encryption can be implemented for the whole disk, meaning all of its contents will be accessible only if the user has access to the encryption key, or it can be implemented for specific files or directories.
For examples of filesystem-level security measures you can look at '''[https://developer.ridgerun.com/wiki/index.php/RidgeRun_Platform_Security_Manual/Platform_Security#Disk%20Encryption Disk Encryption]''' and '''[https://developer.ridgerun.com/wiki/index.php/RidgeRun_Platform_Security_Manual/Platform_Security#Over-the-Air%20updates%20(OTA) OTA]'''.
 
For examples of file system-level security measures you can look at '''[https://developer.ridgerun.com/wiki/index.php/RidgeRun_Platform_Security_Manual/Platform_Security#Disk%20Encryption Disk Encryption]''' and '''[https://developer.ridgerun.com/wiki/index.php/RidgeRun_Platform_Security_Manual/Platform_Security#Over-the-Air%20updates%20(OTA) OTA]'''.


<noinclude>
<noinclude>
Lleon
1,937

edits

Retrieved from "https://developer.ridgerun.com/wiki/index.php/Special:MobileDiff/64024"
Cookies help us deliver our services. By using our services, you agree to our use of cookies.