Sunday, September 28, 2014

Embedded Zombies

I have decided to coin a new term: embedded zombies. The security field has largely concentrated on IT devices: laptops, servers, phones.  But we have recently seen several examples of ways to hijack devices with embedded processors. These embedded zombies can then be used to attack IT systems, cyber-physical systems, IoT systems, you name it.

The shellshock bug is the latest example---see Bruce Schneier's blog post. Shellshock is a bug in the bash *nix shell.  It endangers *nix-based IT systems, such as Apple machines.  But since many embedded devices, ranging from the networking equipment that runs the Web to consumer devices, also run *nix and bash, those systems are in danger as well. A few months ago, researchers Karsten Noll and Jacob Lehl showed how to hijack the processors on USB devices. Once again, the zombie USB device can be used to attach IT, cyber-physical, or embedded systems.

A system is only as secure, private, and trustworthy as the lest secure/private/trustworthy component. Given the complexity of even simple, cheap systems, we have to limit our trust in  just about every system.

Saturday, August 16, 2014

RPiSoC Webinar

element14.com has announced a webinar on the RPiSoC platform. RPiSoC is a board with a PSoC system-on-chip that connects to the Raspberry Pi and allows it to make use of the PSoC I/O analog and digital configurable I/O. You can find more information on the webinar here.

Monday, August 11, 2014

NIST CPS Public Working Group Meeting

NIST is having its first face-to-face meeting of its Cyber-Physical Systems Public Working Group today and tomorrow.  The agenda is here.  The plenary meetings will be available online and a live webcast.

Thursday, July 31, 2014

USB Trojan attack

Extremetech.com reports on a recently discovered gaping security hole in USB---see this link. Bugs carried on USB sticks have been implicated in many attacks, including Stuxnet, but this attack relies on modifying the USB controller's software, which is extremely difficult to detect.

Thursday, June 19, 2014

NIST CPS Public Working Group

NIST has announced the first webinar meeting of its Cyber-Physical Systems Public Working Group (CPS PWG).  More details can be found here.

Saturday, May 3, 2014

Second Edition of High Performance Embedded Computing

The second edition of my book High Performance Embedded Computing has just been published by Morgan Kaufman.  This book takes a more advanced view of embedded system design than does my other book Computers as Components. HPEC goes into detail on system architectures, design algorithms, performance analysis, energy and power.  A new chapter concentrates on cyber-physical systems. This new edition also covers thermal-aware design of embedded systems.

You can find the book's overheads and other supplements at my Web site. And you can order it from a variety of sources, including Amazon.

Thursday, April 10, 2014

More on Stuxnet

I just ran across this excellent article on Stuxnet in, of all places, Foreign Policy magazine. It contains the best technical overview of Stuxnet that I've seen so far.