Wind River Studio Addresses Cybersecurity at the Edge with Titanium Strength

In 2020, IoT devices were responsible for 32.72% of infections observed in wireless networks, more than twice that in 2019, according to the Nokia Threat Intelligence Report 2020.

At the same time, we are witnessing the rapid rise of automated systems, including those that support mission-critical applications as part of the evolution of Industry 4.0 and the increased investment in cyber-physical infrastructure.

As billions of new devices become connected, every node represents an expansion of the attack surface, offering cyber attackers exponentially more points of entry that can be exploited.

Whether one calls deployments Industrial IoT, control systems, intelligent or automated systems, more attention than ever is being paid to securing data at rest and in motion. Whether ransom attacks like recently witnessed with the Colonial Pipeline incident or the potentially catastrophic destruction of the electrical grid and other critical platforms, organizations, and utilities with higher dependency on software and intelligence-based systems are demanding that security be addressed at every step in an intelligent system’s lifecycle.

Wind River (News - Alert), a global developer of software for intelligent systems, recently announced security enhancements to Wind River Studio, a cloud-native platform for the development, deployment, operations, and servicing of mission-critical intelligent systems. Wind River Studio enables companies to meet rigorous cybersecurity and anti-tamper requirements, further helping secure devices and systems through development, deployment, and operations.

 “In an intelligent systems world where devices are expected to connect and compute together in near real-time, cybersecurity is a design necessity and no longer a ‘nice to have,’” said Cyra Richardson (News - Alert), chief product officer, Wind River. “This is even more true for mission-critical systems, such as those in the energy, aerospace, and defense, and industrial sectors. Security must be taken seriously – the only way to do that is to be proactive. With billions of new devices constantly connecting locations around the world, the attack surface is staggering. It will be important for solution builders, both hardware and software, to be thoughtful stewards and strong advocates for cybersecurity in order to deliver trustworthy compute infrastructure.”

The latest version of Wind River Titanium Linux, developed by the Wind River technology protection and cybersecurity group Star Lab, offers a robust Linux system-hardening and security capability and is available on the market for operationally deployed Linux systems through Wind River Studio.

Key features for Titanium Linux include secure boot, anti-tamper protection, and the ability to simplify mandatory access control (MAC) policy creation. To further address security problems across multiple industries and geographies, Titanium Linux security controls also map to key IoT security guidelines, such as NIST IoT cybersecurity-related initiatives; OWASP IoT security projects; IoT Security Foundation protocols; and guidance from the European Union Agency for Cybersecurity, ETSI, GSMA (News - Alert), and several others.

Titanium Linux maintains the integrity and confidentiality of critical applications, data, and configurations while assuring operations, even while being attacked. Titanium Linux hardens the kernel against attack while enforcing MAC on customers’ applications and data. Even if an attacker exploits the system and gains administrative access, they still cannot extract or maliciously modify sensitive data and code.

Titanium also enables OS hardening and attack surface reduction, preventing unsigned module loading re-enforcing keychain controls, limiting an attacker’s ability to debug or subvert protected applications and their libraries, and removing kernel functionality and features.

In short, Titanium Linux removes unnecessary OS functionality, which could help an attacker analyze a system for ways to alter execution flow and bypass security.

Titanium Linux is compatible with Wind River Linux, RedHat, CentOS, Ubuntu (News - Alert), RedHawk, and other embedded Linux distributions. It is designed to simplify mandatory access control, deny by default access protected entities even from root-level users, controls and restrict the direct access to system hardware resources, such as peripherals and storage devices, and enable secure software updates.

In addition to Titanium Linux, additional key security capabilities that Wind River Studio enables include:

• Support in preventing the accidental release of vulnerable code using industry-leading code scanning and analysis tools. Capabilities include code coverage analysis, static analysis, both quick and deep code scan, and secure container management.
• Cloud and device attestation based on x.509 certificates and secure secret storage to mitigate person-in-the-middle attacks that would leak customer, device, and mission-sensitive data.
• Hardened Linux kernel to prevent tampering and reverse-engineering attacks on the Wind River Linux kernel, sensitive applications, and data. This includes prevention of stack overflows and heap overflows, information disclosure (zeroing freed memory), and kernel overwrite. The hardened kernel uses two additional techniques to thwart exploits: kernel address space layout randomization (KASLR) to limit injection attacks and hardware segregation to limit modification of kernel memory.