Why do we need Rich Operating Systems for IoT Security?
Internet of Things has changed the rules of the game; Security is now a Safety problem and security legislation forces manufacturers to have proven security in their devices.
Hardware Security is critical in an IoT device, but all hardware must be programmed correctly by Software; otherwise, the idle hardware security features do not help. Security also needs software level protection mechanism.
Herein, the software platform, called "Operating System", is critical because, and operating system(OS) is responsible for initialising the HW Security correctly and needs to protect the manufacturer's custom applications using operating system level protection mechanisms such as isolation.
IoT devices are resource constraint systems, and there has been lightweight operating systems for small and resource constraint electronic devices. These lightweight operating systems are called RTOS (Real-Time Operating System), and these RTOSes are general-purpose operating systems and the general requirement for the RTOSes was deterministic response time (Real-Time), and they are not designed for security needs because there was no security requirements and security legislation when these RTOSes were founded.
But; IoT changes the requirements for an operating system, and the most important requirement is security.
The most important security leak in a traditional RTOS is that there is no isolation mechanisms for a device. Any code execution can easily access all IoT device resources; it can be catastrophic for both security and safety because a malicious code in an IoT device can easily access all secrets in the device(security) and a malfunctioned code can break any functional operation(safety). Isolation issue is also about the small microcontroller which widely used in IoT Devices. Small microcontrollers usually do not have isolation hardware such as MMU(Memory Management Unit) which RTOS could use. In this space, limited resources limit security.
We could invent new technologies to protect resource-constraint IoT devices, but we can make use of proven well-known approaches. Herein, the classical Operating System(OS) Theory helps us.
Rich Operating Systems, such as Linux, Windows, are practical examples of classical OS Theory and security/safety mechanisms like Isolation are provided for the developers.
Rich Operating Systems offers a different level of isolations;
1- Isolation of the Operating System Itself; OS System is the most important part in a device for the device stability, if you somehow violate or break the Operating System, you can not guarantee any operation's stability and security. Therefore, the Operating System itself must be isolated from the manufacturer's custom application. The OS Theory divides resources into Kernel Space and User Space; Operating System runs in Kernel Space, and any execution in User Space cannot access Operating System resources runs in Kernel Space. In case of an attempt, the malfunctioned/malicious application is terminated, and the operating system continues its life and its tasks such as protection.
Isolation of Operating Systems is now a requirement by Security Certifications. In the Arm PSA Level 1 certification, Secure Process Environment, SPE,(in this context, Operating System) needs to be isolated from Non-Secure Processing Environment (NSPE) which means user applications. In the SESIP Certification, Isolation of Platform is a requirement too.
2- Isolation of User Executions; User requirements can be divided into different executables depends on their duties, and their sensitivity levels can be different. Herein, all these different executables need to be isolated to protect them from each other. The OS Theory calls this isolation as "Process Isolation" and a user module/execution must not violate or break any other user execution.
Isolation of User Executions is now a requirement by Security Certifications; it is a requirement in the SESIP Certification; Isolation of Application Parts.
The mentioned isolation mechanisms above are essential tools for device security; Manufacturers custom application runs in an isolated box and can violate neither sensitive OS/HW/Other Application resource nor even non-sensitive resources of other user executables. A malicious execution can break only itself; the rest of the system is always alive.
As a result, instead of general-purpose RTOSes, a Rich Operating System could get rid of some critical security limitations for the IoT Edges.
At ZAYA, as we are Computer Science Intellectuals, we build secure software solutions by bringing different Computer Science disciplines together; we improve proven Computer Science approaches for a specific domain and invent new ideas.
Fortunately, ZAYA Secure Operating System offers a Rich Operating System even for MMU-less Microcontroller based IoT Devices such as Arm Cortex M (e.g. Cortex M3, Cortex M7)
ZAYA Secure&Rich OS provides Isolation of Platform and Isolation of Application Parts to divide security ad safety into isolated and independent modules to meet security certification requirements; a malicious/malfunctioned application can violate neither Kernel&HW Resources nor other user applications in ZAYA.
If you would like to learn more about ZAYA Security Mechanism and demonstrations, please contact firstname.lastname@example.org