Green Hills Software Announces Secure Device Management

Traditionally, embedded systems have been relatively immune to remote tampering: most devices simply lack a built-in capability for remote patching, upgrading, or modifying software. However, device management solutions preload the exact mechanism that hackers desire: a channel by which to infect, disable, and commandeer the system. Existing device management solutions are integrated with operating systems such as VxWorks and Linux that meet EAL4+ (Common Criteria) security levels or lower. This level of security is understood by experts to be inappropriate when protection is required against determined attempts by hostile and well funded attackers. Device management software, intended to improve serviceability, actually creates serious security vulnerabilities.

“The need for secure device management has become urgent in our industry,” said Dan O’Dowd, president and CEO, Green Hills Software. “For example, the prime minister and other dignitaries of Greece recently had their cell phones bugged. Extremely knowledgeable hackers used the device’s built-in remote upgrade feature to reprogram the system. Our secure device management solution would have thwarted this attack.”

Devices are increasingly networked, perform critical functions requiring in-field maintenance, and discharge an evolving role requiring in-service software upgrades. Designers require a device management solution that cannot be hacked.

Green Hills Software’s Secure Device Management Solution is built upon the INTEGRITY separation kernel, the first and only operating system to be accepted by a U.S. NIAP lab into a high assurance (EAL6+) security evaluation. This is the same level of security required by high value U.S. government computing and networking infrastructure. Communications are secured by a certifiable suite of cryptographic protocols - not the open source implementations frequently found to contain security flaws. Furthermore, attestation (using hardware-based mechanisms such as a Trusted Platform Module, if available) of device management software and any remotely loaded patches is enforced. Green Hills Software’s solution ensures that only authorized users and applications can access, control, and modify the device.

Green Hills Software’s Secure Device Management can be deployed in products that make use of any general purpose and/or real-time operating system. For example, VxWorks-based devices can use Green Hills Software’s Device Management Solution to provide bullet-proof remote upgrade and management services that do not, and must not, depend on the security of VxWorks itself.

Green Hills Software’s security and software optimization experts work with device makers to incorporate, validate, and deploy the appropriate combination of security, diagnostic, management, and connectivity components. The resulting Secure Device Management Solution provides customers with total confidence in their ability to debug, diagnose, upgrade, and manage their devices without the risk of having them commandeered. Products such as networking, telecommunications, and mobile connected devices which require in-field maintenance, diagnostics, and/or upgrades yet must be immune to subversion are ideally suited for this solution.