Network Systems DesignLine | Tip of the Week: Change control--ensure uptime of embedded devices and slash security costs

Get the latest news, products and how-to information on network systems. Sign up for the Network Systems DesignLine newsletter, a weekly e-mail guide dedicated to the needs of engineers developing networking equipment and components. Here is our RSS feed.








 
 HOW-TO

Tip of the Week: Change control--ensure uptime of embedded devices and slash security costs

Commercial operating systems on embedded devices compromise device availability and security. Build embedded systems from the ground up with change control to prevent device outages and eliminate the need for 'performance-draining' anti-virus apps
By Monica Chauhan, Solidcore Systems Print This Story Send As Email Discuss This Story Reprints



Network Systems Designline
(04/23/2007 10:34 AM EDT)

Rate this article
WORSE | BETTER
1 2 3 4 5
For decades, embedded devices consisted of specialized hardware running proprietary software. In recent times, there has been a shift towards standardizations that enable devices to become increasingly interconnected and has allowed for the use of off-the-shelf software on commoditized hardware running commercial or open operating systems such as Windows XP Embedded, WEPOS, and Linux. While standards and general purpose operating systems have provided greater flexibility for software selection, faster time to market, and mid-cycle adoption of new technologies, these factors have also created a costly downside.

Similar to a PC in a networked environment, today's embedded devices such as self-checkout terminals, point-of-care medical modalities, ATM machines, and thin client computers are susceptible to security risks, constant patching and the use of performance-draining anti-virus software applications. Embedded systems have also become vulnerable to unauthorized and inappropriate changes as they flow through a typical multi-party distribution channel, which often results in field breakage. These factors lead to non-compliant devices as they operate in the field. And until recently, device manufacturers have not had control over what software is installed and by whom after the device leaves the manufacturing process, leaving no way to ensure the device will continue to work in the field as shipped.

Lockdown and control the 'production image'
Change control software, installed as a foundation of an embedded system, is a solution to controlling what is installed, uninstalled, upgraded, or modified to the base software image of a networked device in production. Change control software is a low footprint, low overhead piece of software that runs transparently on an embedded device. It can generally be installed and setup quickly with low initial and ongoing operational overhead, and is designed to lock-down or harden a device's gold base image that is approved and certified by the device manufacturer. When installed on an embedded system or networked device, change control allows device builders and manufacturers to dictate the degree of flexibility given to the distribution channel, which translates into greater control over what software can be installed on embedded systems once in production.

Change control technology offers the capability to enforce what can be installed and what changes can be made to a device in two distinct workflows. First, the software provides control as a device flows through its multi-stage manufacturing lifecycle and as various channel vendors attempt to install their own software. Second, it controls the state of a device once in production to ensure operational maintenance and support is conducted in accordance with the device manufacturer's policies.

Anti-virus no longer required
From a security perspective, change control also helps provide protection against existing and any unknown zero-day polymorphic threats, as well as malware such as worms, viruses, trojans and buffer-overflow threats. By acting as a "wrapper" around the gold base image of an embedded device, the software can ensure that the device in production is secure and cannot be compromised. And because any changes attempted by malicious code or unauthorized users are prevented, the need for processor-intensive anti-virus and other security software packages are eliminated.

Patch yearly
This lock-down mode helps eliminate emergency patching, reduces the number and frequency of patching cycles, and enables more time for testing before patches are deployed to in-production systems. It also can reduce any security risks for difficult-to-patch devices that are in remote and distributed areas with little or no local support. Runtime control capabilities are typically part of change control software packages, and can help reduce the cost of operations by reducing both planned patching and unplanned recovery downtime, thereby increasing device availability. This turns out to be an ideal solution especially for lower-end devices as it reduces the support costs by reducing number of touch-points needed.

For example, NEC Infrontia, one of the largest manufacturers of POS devices, wanted to provide an enhanced and richer customer experience with its devices by building Windows Embedded Point of Service (WEPOS) and XP Embedded-based POS terminals. However, because these devices became more highly networked and dependent on the general-purpose operating systems, the devices also became more vulnerable to unauthorized changes and susceptible to constant patching. NEC-i also faced a significant performance drain on its POS devices due to anti-virus software running on the systems. To solve this, NEC built its devices with change control as the foundation, which has enabled NEC-i to transparently control the devices as they pass through multiple dealers. With change control installed at the heart of these systems, NEC-i has prevented unauthorized code from breaking unpatched systems and has removed the anti-virus software that was impacting the performance of its devices.

Change control could quickly become a new standard to ensuring the uptime of embedded devices and reducing the support costs for embedded device manufacturers. It is an essential tool for any device manufacturer by providing complete control over what is allowed to change on the device.

About the Author
Monica Chauhan is a director of embedded solutions for Solidcore. She can be reached at: monica@solidcore.com

Print This Story Send As Email Discuss This Story Reprints


 
eSearch  

 Top 5 Most Read
 How-To Stories
1. 2. 3. 4. 5.

 Top 5 Most Read
 News Stories
1. 2. 3. 4. 5.

  • Introduction to Optical Transmission Systems

    		•
  • Optimizing Embedded Systems for Broadband 10 Gigabit Ethernet Connectivity

    		•
  • Interfacing a DS3231 with an 8051-Type Microcontroller

    		•
    The entire library >>  

    		 
     Top 5 Most Read
     Product Stories
    1. 2. 3. 4. 5.

     Sponsor

    EE Times TechCareers
    Search Jobs

    Enter Keyword(s):


    Function:


    State:
      

    Post Your Resume
    -----------------
    Employers Area
    Most Recent Posts More career-related news, resources and job postings for technology professionals

     Tech Library
    ¤ Looking for the appropriate Industry Association? This comprehensive, up-to-date list will take you to the right Web site for the help you need.

    ¤ Got a question about a standard? Here are direct links to resources detailing the industry's most important communications standards.

    ¤ Freshen up on technology, new and old, with these links to interesting and informative tutorials.

    More from TechLibrary
    Welcome to our DesignLine network of web communities. On these sites, we provide practical how-to technical information for engineers and engineering managers involved in Automotive,audio, DSP, DTV, EDA, Industrial Control, Mobile Handset, Power Management, Programmable Logic,RF,Video, and Wireless networking design. Check out the sites and let us know your thoughts.
    		 



    HOME  |  ABOUT  |  FEEDBACK  |  CONTACT
    Career Center | CommsDesign.com | Embedded.com | EE Times | TechOnline
    Planet Analog | DeepChip | eeProductCenter | Electronic Supply & Manufacturing | Webinars


    All material on this site Copyright © 2006 CMP Media LLC. All rights reserved
    Privacy Statement | Your California Privacy Rights | Terms of Service