Software offers secure change control to devices
May 17, 2006 — by LinuxDevices Staff — from the LinuxDevices Archive — 1 viewsSolidcore Systems has released software that offers configuration and change control and security for devices running “mainstream” operating systems such as Linux, Windows, and Windows XP Embedded. S3 control is a small-footprint, low-overhead tool that can be easily deployed on devices such as storage servers, handhelds, medical equipment, and ATMs, according to the company.
Solidcore notes that embedded devices running OSes such as Linux or Windows XP Embedded face “unique challenges” in terms of providing security in an environment with intermittent or no connectivity, and meeting end-customers' security policy and compliance requirements. Often, there is also a need to allow distributors and end users to customize a product within a controlled environment, without increasing the manufacturer's support costs.
According to Solidcore, S3 Control maintains an inventory of “as-built” code on the device. Only this “authorized” code is allowed to run; everything else is, by definition, unauthorized and will not run. The company calls this a “deploy and forget” strategy, in contrast to anti-virus software, which must be continually updated to maintain its effectiveness. Additionally, S3 Control's run-time overhead is lower, because there is no need to continually analyze incoming data streams for virus signatures.
S3 Control Modules
According to Solidcore, S3 Control consists of one core module and four optional modules:
- Real-time change tracking — the base module provides real-time visibility into changes happening across all systems in the form of detailed tracking information
- On-demand root cause analysis — provides “rich forensic capability” to analyze “what changed” in the system
- Accurate reconciliation — correlates actual changes with intended changes
- Selective change policy enforcement — disallow changes attempted outside of policy guidelines, and enforce the use of update windows across multiple sources of change
- Deploy and forget runtime control — determines what code is allowed to run on a system and prevents unauthorized code from executing
S3 Control also implements mechanisms that enforce change control policy, ensuring that changes only take place through authorized channels, the company adds. The software enhances accountability and compliance tracking by reconciling actual changes with intended changes.
“As more and more equipment manufacturers move to a mainstream software platform, problems related to unauthorized change, security, and support costs are on the rise,” said Solidcore president Rosen Sharma. “Solidcore's S3 Control provides the means to gain the development and interoperability benefits from developing on Windows and Linux, while deploying in a controlled state that solves these problems.”
S3 Control currently supports Linux, Windows, Windows XP Embedded. Solidcore says it will support Windows CE as soon as it identifies a suitable need.
The GPLv3, if adopted by Linux in its current draft form, could have implications for OS image authentication schemes such as S3 Control.
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.