Trusted Systems

Posted: October 24th, 2013

Trusted Systems

Name:

Institution:

Trusted Systems

Introduction

Embedded systems have specialized function within a bigger electrical machine that has a different function altogether. From its name, it is easy to decipher its function as a controlling device to part or whole of another larger system. In security systems, embedded systems are the most vulnerable areas that are normally attacked by hackers or intruders, as it is relatively easier to hack a system component rather than the whole system. This kind of threat forms the main point of discussion throughout the essay. The discussion also concentrates on developing trusted scheduling measures that have the purpose of running security checks on an infiltrated system. Lastly, several recommendations and areas that need to be improved are also discussed.

Analysis

            As modern embedded systems become widespread and incorporated into an organization’s network, they create an alluring introduction spot for remote intrusions on the network. Currently, most small-interlinked workstations are equipped with embedded operating systems. These are the computers used in power substations, factories, offices, grocery stores and hospitals. This is because they have lower power and limited functionality that can only perform basic computations. Therefore, little attention has been given towards protecting them from remote attacks. Furthermore, the connected embedded systems operate using single applications. Their main function is to carry out the single purposes for which they were designed with little or no changes in their configurations or settings. From this description of the structure and purpose, it is evident that they are easy targets for attackers since many of the security vulnerabilities have no been considered. The main method of attacking larger systems is through subversion of smaller elements of the system that have embedded systems for instance, printers, mobile phones and even UPS. This trusted scheduling system uses preemptive scheduling to predict the chances of any suspicious behavior materializing into a remote attack (Selvaraj & Jozwiak, 2005).

Anticipated Results

            Trusted scheduling has been identified as one of the best alternatives that can control the issues of remote attacks on embedded systems. The approach taken to realizing full trusted scheduling involves ensuring that certain preconditions are met satisfactorily. Trusted scheduling has been found to work effectively when the system has been fitted with a stable scheduler, the system applications and resources are defended. Any robust scheduler should be able to avoid any adjustments by the attackers on the schedules as well as the distribution of resources to the software. Typically, attacks target the code and application data within systems so any trusted schedule should have proper ways of safeguarding these two aspects (Kesidis, 2007). Therefore, in the future, it is expected that while attacks may still occur, their frequency and intensity will subside significantly. However, trusted scheduling has several advantages in that it has little interference with network activity, does not require any support and maintenance and provides real-time warnings of potential attacks before solving them. Trusted scheduling also offers logs that generate reports necessary for collection of information on the nature of threats to an embedded system (Nicolescu & Mosterman, 2010).

The next anticipated result in the study of system vulnerabilities is a reduction in the human resource handling embedded computer systems. The decision to reduce the amount of people who are exposed to the system uses the theory of least privilege as a systematic strategy to protecting the system. Using this idea, only the necessary privileges that will be used o achieve functionality is issued within the connected embedded systems. After the domains have been established, all the other unnecessary components are stripped of any privileges and restricted from accessing the embedded systems of the domain. In this way, full functionality will be maintained. However, this approach will mean increased investment in system infrastructure and resources that may result in increased cost of accessing services by the public. Trust scheduling is expected to work by reinforcing the system components and making them impenetrable. Conversely, reducing the privileges of actors in the networked embedded systems will also reduce the number of opportunities through which attacks could penetrate the system. However, between these two approaches, it is expected that the rate of system vulnerabilities will decrease sharply (Masti et al., 2012).

Impact of Research

The investigation into embedded systems and verification measures has greatly increased awareness and material into the different remote attacks, solving these attacks, and creating more secure embedded systems in the future. The development of the Trusted Computing technology is one of the impacts of the study into remote attacks and security vulnerabilities (Kesidis, 2007). Through trusted computing, embedded systems particularly those found in computers can be programmed to operate in a certain way. This predicted behavior is implemented using security hardware and software that introduces encryption measures that make the embedded system inaccessible by any foreign intruder or attacker (Kesidis, 2007). While this development was a breakthrough in addressing security vulnerabilities, trusted computing triggered a lot of controversy due to its difficulties that barred most users from making any significant modifications. While these cases might be perceived as isolated, collectively, they add up to create valuable information that is useful in the research on embedded system vulnerabilities.

Areas of Improvement

            One of the areas that are bound to realize significant improvements in the future is the digital rights sector. Digital Rights Management (DRM) refers to a category of technologies that are used to limit the distribution and usage of digital devices and content after it has been sold. Most of the companies that use DRM include gaming companies (EA Arts), software developers (Microsoft) and even entertainment devices companies (Sony). Using trusted computing technology, digital rights management systems can be improved to include complex security measures that would eliminate piracy and harmful use of media content. A common example is pirating music that refuses to play on a computer because the player is programmed with DRM technologies to verify any security irregularities in the media content. The enhanced DRM system has a large potential in the media sector where movies, music and shows are illegally downloaded and exploited for inappropriate use (Masti et al., 2012). The increased security can also be used to enforce rating policies that will be very popular among stakeholders interested in reducing adult content in the Internet and elsewhere (Vacca, 2004).

The market for embedded systems is increasingly becoming bigger as more and more electronic devices are adopting these systems to drive their functions. From GPS systems to network devices, the use of embedded systems has greatly expanded in a short period (Vacca, 2004). Currently, studies into embedded systems attempt to develop new functions such as retrieving data from unmanned machines, streamlining and tightening the security requirements in private and public sectors as well as guarding against malware that target hardware. These new functions have revolutionized the embedded system and transformed it into a safe and effective device.

References

Kesidis, G. (2007). An introduction to communication network analysis. Hoboken, N.J: Wiley-Interscience.

Masti, R. J., Marforio, C., Ranganathan, A., Capkun, S., Francillon, A. (2012). Enabling trusted scheduling in embedded systems. ACM International Conference Proceeding Series, 61-70.

Nicolescu, G., & Mosterman, P. J. (2010). Model-based design for embedded systems. Boca Raton, FL: CRC Press.

Selvaraj, H., & Jozwiak, L. (2005). Reconfigurable embedded systems: Synthesis, design and application. Elsevier.

Vacca, J. R. (2004). Public Key Infrastructure: Building Trusted Applications and Web Services. Boca Raton: Auerbach Publications.