security technology analysis of embedded system (1)

Posted by santillano at 2020-02-27

Researchers at Kaspersky Lab analyze the popular security technologies in the network security market every time. This time, they decided to study what security technologies operating system developers provided for embedded systems (in other words, the Internet of things). Our main interest is how these operating systems solve problems related to network security.

Note that during the analysis, researchers will reclassify the current operating system for the purpose of analysis. Moreover, in the whole research process, researchers will compare the current popular operating system with kasperskyos to understand its advantages and disadvantages, and make improvements.

At present, it is almost impossible for the popular operating system to protect the embedded system

Researchers analyzed dozens of popular operating systems on the market, from the most popular (windows, IOS) to some geeks' systems. From the analysis results, most of the current operating systems mainly deal with the actual functional tasks, while the information security functions (if they are included in the system) only extend the existing functions in the form of plug-ins, components to implement encryption algorithms or add-on architecture. Although these measures can help the system improve the overall security characteristics, they can not guarantee the system from all modern attack modes. If in the initial system design, developers did not take the embedded system security into account, then with the continuous addition of protection mechanisms, the system will inevitably be attacked.

Classification of operating systems

At present, the popular operating systems in the market can be classified according to many standards. In this analysis, researchers classify the operating systems from the perspective of security architecture. Therefore, according to their kernel types, researchers classify the popular operating systems in the market into four categories.

·Monolithic system;

·Operating system based on monolithic kernel;

·Operating system based on micro kernel;

·Hybrid system;

Monolithic system

This is the most commonly used type of operating system architecture for embedded devices. Most of the operating systems analyzed by researchers are based on the operating environment of single chip system designed by microcontroller. In the microcontroller, all processes (including users and systems) can run unrestricted in an address space.

From the perspective of information security, this architecture is only applicable to very simple tasks. As the device functions become more and more complex, the risk of vulnerability will become very large. When vulnerabilities occur in such systems, whether in the implementation of system services or in auxiliary applications, the whole security environment will be disturbed.

The additional security measures of this kind of operating system are often to provide a library containing multiple groups of encryption algorithms. However, these measures are difficult to achieve a radical effect, because they do not take into account a comprehensive solution to many important problems, such as the generation and storage of keys and certificates, the security guarantee of trusted downloads, security updates, etc. In addition, because these libraries are created specifically for a specific operating system, they are often not sufficiently validated or tested. Therefore, these libraries may contain vulnerabilities. The final result is that the security of the overall solution will not be improved, but will also be reduced.

In addition to the library, other measures (such as stack protection, various types of additional checks, etc.) can also protect different types of faults and vulnerabilities to a certain extent, but if the attacker is specifically targeted at specific known vulnerabilities, these precautions are usually useless.

Even if the microkernel architecture is formally applied in the above solutions, it is impossible to ensure that the protection level of users can be improved qualitatively, because any user process may affect the operation of microkernel, unless the user process is isolated from the system process. In theory, it is difficult to isolate the user process from the system process in the microkernel operating system. According to the test of researchers, it is currently popular in the Rio t operating system (it is an open-source Internet of things operating system, which provides a powerful function, function, file, name search function, and is a pure C-language operating system) Zephyr operating system (it is an open source operating system for the Internet of things, supported by the Linux foundation. Zephyr's goal is very ambitious, that is, to unify the Internet of things operating system.) , unison RTOS, even the μ - velocity operating system of the commercial microcontroller core provided by green hills software company, and the basic operating system microsar developed by vector for automotive solutions, are all in this situation.

Although the single chip system has many security defects, this compact operating system is very suitable for the commonly used cheap microcontroller. They can be used in simple and compact equipment, in which the only task of single chip system is to measure single parameters, such as temperature, pressure, volume, etc. In the eyes of researchers, monolithic systems are not the best choice when faced with more complex tasks.

Operating system based on single chip kernel

Operating system based on single core is another type of operating system architecture, which is probably the most widely used and popular type of operating system architecture for embedded systems and general-purpose systems (i.e. servers, workstations and mobile devices).

Different from the single chip system solution, the user process in the single chip kernel system is isolated from the kernel, and the kernel can only access the functions of the user process through limited system calls. From the perspective of information security, this can form a great security advantage, because a large number of services run in the kernel environment, such as protocol implementation, file system, device driver, etc. At present, the popular monolithic kernel operating system in the market includes Linux kernel (and its derivatives), windows, FreeBSD, etc. FreeBSD is a kind of UNIX operating system. It is an important branch of UNIX developed from BSD, 386bsd and 4.4BSD. RTEMS is an open-source royalty free real-time embedded operating system, which was first used in the US defense system. Its early name was real time executive for mission systems, later renamed real time military systems Executive for military systems), now the oar company is responsible for the upgrade and maintenance of the version. At present, RTEMS is widely used in aerospace, military and civil fields. Like most embedded operating systems, RTEMS adopts the micro kernel design idea, integrates the main functions of the kernel into a small executive body, and the additional functions are implemented in the outer layer of the kernel layer. The application can tailor and link the corresponding resources according to the actual system configuration.

However, the kernel services of these operating systems still have many attack surfaces, and the code base running in the kernel environment is 100% safe. So don't expect kernel services to be free of vulnerabilities. In fact, researchers often detect vulnerabilities on a regular basis.

Any attack on kernel service will inevitably lead to the whole system being attacked, no matter what tools are used to protect it, it will not help. In addition, when the kernel model is updated, the device needs to be restarted, which has a great impact on the security of the embedded system. In fact, when the kernel model is updated, it is not always necessary to restart the device, but if it is not necessary to restart, exceptions often occur.

In the case of a small number of context switches, the main advantage of the single core architecture over the microkernel operating system is that it has better performance. Context switching refers to the CPU switching from one process to another. If the context switching is too high, it will cause the CPU to be like a porter, running directly in registers and running queues frequently, and spending more time on thread switching instead of the real working thread.

The comparison of different versions of Linux system popular on the market at present

The reason why Linux kernel based operating systems are so popular is that they have a very good user experience: they not only provide open source code, but also provide excellent hardware support, and have a large number of supporting applications and system software. Therefore, for the developers of embedded system, the characteristics of Linux system can meet the implementation of various functions of embedded system.

Note: Linux is only the kernel of the operating system, and the mature operating system is based on various versions of Linux.

It is worth noting that Linux is developed as the kernel of a multi-user operating system, and contains a set of built-in security mechanisms. However, from the perspective of the latest security, no matter in architecture and implementation, it hides many security issues.

The traditional view is that as long as the Linux based system is configured correctly, the security of the embedded system can be fully guaranteed. However, this is only theoretical speculation, and the actual configuration process is often quite complex, and most security restrictions can be bypassed. In addition, Linux also has vulnerabilities related to the implementation of security boot mechanism, update of operating system components and many other problems.

In view of this, many new Linux based systems have been developed to improve the security of embedded systems. Many of them are extensions developed to solve information security problems, including apparmour, grsecurity, PAX (Pax is a fixed version of the Linux kernel, which limits the memory pages of the Linux kernel to the minimum permission principle), SELinux, etc. Although these extensions can not guarantee the security of 100% embedded system, they are still helpful to improve the overall security situation. Because the code of Linux kernel is very large, there is no way to make the kernel all reliable at present.

According to the official data of, 453 vulnerabilities were detected in the Linux kernel in 2017, 159 of which allow for arbitrary code execution in the context of the attacker's kernel. Moreover, any protection mechanism can be bypassed by exploiting the vulnerability in Linux kernel, even the most complex and carefully configured protection mechanism can not play a protective role. Unfortunately, there seems to be no solution to this problem.

This paper mainly introduces the single-chip system and the operating system based on the single-chip kernel. Next, I will introduce the security analysis of the operating system and the hybrid system based on the micro kernel to you. Please continue to pay attention.