LynuxWorks adds rootkit/bootkit protection to its hypervisor - Embedded.com

LynuxWorks adds rootkit/bootkit protection to its hypervisor

With ever embedded devices are connected to the outside world, as well as being connected to each other (machine-to-machine), and thus vulnerable to malicious cyber threats seeking to threaten critical infrastructure, financial infrastructure and corporate domains, LynuxWorks  has taken steps to significantly improve their security.

To achieve this aim it has added new protection features to its newest Version 5.2 LynuxSecure hypervisor separation kernel that offers real time detection of persistent and hard to detect intrusion threats such as rootkits and bootkits.

While the LynuxWorks virtualized sepration kernel allows for multiple different guest operating systems (OS), both real-time and general purpose, to run in secure domains on a single embedded system, such threats require that OS and hypervisor vendors add even more layers of protection, according to Robert Day, vice president of marketing at LynuxWorks

He said rootkits are the most sophisticated and lethal type of malware–stealthy and extremely potent. A device is often infected a long time before the actual cyber attack happens, with the cyber payload being secretly injected and remaining dormant until the attack is finally triggered.

When the LynxSecure 5.2 product is used on embedded devices, it can help detect these malicious infections as they inject their payload, long before the start of the actual cyber attack.

“Connected embedded devices are now becoming vulnerable to the same types of cyber attacks that we commonly see in corporate computer networks,” he said. “A common trend in the embedded market is that developers are starting to use more general purpose OSes, such as Windows, Android and Linux for connected devices. These general purpose OSes offer familiar user interfaces, and benefit from the wide range of applications and devices that they support.”

The downside to this, said Day, is that this trend only exacerbates the potential for cyber threats that have been common in the desktop, laptop and mobile arena to now attack connected embedded devices. Rootkits, for example, work at the lowest levels of the OS they intend to attack and require a mechanism that offers a completely different security posture:

It must execute with a higher privilege than the attacked OS; provide complete control of the platform hardware; and monitor all activities of the OS and its applications. Also, he said, this mechanism must be self-protecting, non-bypassable and tamper-proof.

LynxSecure, as a “Type-0” hypervisor featuring with a least privilege architecture that differentiates from type 1 hypervisors by removing the un-needed functionality from the “security sensitive” hypervisor mode can resides beneath the OS, and make it possible for cyber threats to be observed, examined and prevented.

This security architecture, said Day, allows embedded developers to use general purpose OSes for their connected devices, often alongside traditional embedded RTOSes on the same hardware, with the extra protection against today’s and tomorrow’s advanced cyber threats.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.