RidgeRun Platform Security Manual/Introduction/General Overview
General Overview
Embedded systems often perform critical tasks in a wide range of industries, from medical devices to automotive applications. For this reason, security vulnerabilities can have serious consequences that can even endanger users if they are not addressed. This makes security a critical aspect of embedded system design.
A system's security must be implemented both in software and hardware. This is especially relevant in embedded systems, as resources are limited, and some security features can affect the device's performance. To ensure that functionality is not affected by security measures, hardware-based features are often implemented.
However, software that includes bugs or is outdated also represents vulnerabilities for embedded systems that can be used for exploits. Malicious unverified software also represents a risk.
For this, we can define the following security levels in embedded systems:
Hardware Level
Hardware-level security refers to security features that are implemented in the device hardware instead of being implemented in the device through software. This helps to reduce the use of resources when the device is performing its normal operation tasks. These features are meant to prevent the physical manipulation of the device and avoid unauthorized access.
Hardware-based security features often rely on cryptographic operations such as key checking to ensure that only authorized software can be executed on the device.
 | lleon: Try to name some of the examples we have in the section Platform Security and put the links. This will guide a target user interested in these topics (please remove this box when addressed) |
Kernel Level
With its task of managing communication, hardware, and software resources, the kernel is a critical component of system security. To mitigate the consequences of an attack, kernel-level security is mainly focused on resource isolation and privilege separation. By having boundaries, the kernel can protect a malicious party from taking over the whole system in the event of an attack and protect the memory from being read or written by processes that do not possess the correct authorization.
Another aspect of kernel-level security is integrity checking. The kernel's integrity needs to be verified by itself to ensure that modules, drivers, and configurations have not been modified without authorization. Techniques like digital signatures help ensure kernel integrity.
| | lleon: Try to name some of the examples we have in the section Platform Security and put the links. This will guide a target user interested in these topics (please remove this box when addressed) |
File System Level
File system-level security refers to techniques used to ensure the integrity and protect the accessibility of data stored in an embedded platform's file system. Similarly to kernel-level security, privilege management and integrity verification are key aspects of filesystem-level security.
Data encryption is another aspect of file system security that ensures that only users who possess the correct key can access data stored on the system's disk. Encryption can be implemented for the whole disk, meaning all of its contents will be accessible only if the user has access to the encryption key, or it can be implemented for specific files or directories.
| | lleon: Try to name some of the examples we have in the section Platform Security and put the links. This will guide a target user interested in these topics (please remove this box when addressed) |
