Cybersecurity on NVIDIA: Why Embedded Lags Enterprise Linux
Embedded Linux systems, even on popular platforms like NVIDIA Jetson, can sometimes lag behind enterprise Linux distributions in terms of cybersecurity practices and promptness of security updates. Here’s why:
Customization and Divergence
Embedded Linux systems often involve significant customization and the use of specialized components (including NVIDIA hardware), which can diverge from the more homogenous use cases served by the enterprise Linux vendors that have one-size-fits-all distributions.
Resource Constraints
Embedded devices typically operate with limited resources (power, memory, processing power). These constraints can hinder the adoption of certain advanced security features available in enterprise Linux environments.
Update Cycles
Embedded systems, especially in critical infrastructure or applications, often have longer lifecycle requirements (lasting 10 years or more) compared to enterprise systems (typically 3-5 years). Constraints on cost and available bandwidth for metered data service (such as an LTE modem) can be a consideration as well. This can result in slower security patching and updates, leaving devices vulnerable to known exploits.
Threat Models
Embedded systems often face a different threat model compared to enterprise systems, including the possibility of physical access by attackers. This requires a tailored approach to security that may not be fully addressed by enterprise-focused solutions.
Less Stringent Security Measures
Traditionally, embedded devices sometimes lack robust mechanisms for detecting tampered files or unauthorized data access, making them attractive targets for offline attacks.
Making Embedded Systems Secure
Konsulko Group has always worked with our customers to help them build secure embedded products, including new “AI on the Edge” devices on NVIDIA platforms.
Building a Chain of Trust
Konsulko engineers use their expertise to establish a secure boot process, ensuring the integrity of the system and core software from boot-time to end-of-life. This involves encrypting, verifying, and measuring the integrity of the system and core software at each stage.
Integration with Yocto Project and Key Management
We integrate security technologies within the Yocto Project framework for embedded Linux development, and manage cryptographic keys, which are crucial for secure communication and data protection.
On-Going Support and Maintenance
We offer services to support the long-term security and maintenance of these systems, helping to bridge the gap between enterprise and embedded security practices over the device’s lifecycle.
Security, Secure Boot and Chain-of-Trust Experts on NVIDIA platforms
Konsulko Group has extensive expertise in commercial device security, with proven expertise in security-critical and production-ready systems. We have an embedded-first mindset with a focus on long-term maintainability, and have been a trusted partner in embedded Linux and NVIDIA ecosystem development.
Our engineers have had over two decades working with the open source technologies necessary to help you effectively manage and support the security of your project. We have real customer success across medical, industrial, transportation and defense sectors.
Please contact us to learn how our engineering team can accelerate your next embedded product.
© 2019. Konsulko Group
Leave a Reply
Want to join the discussion?Feel free to contribute!