Researchers from Kaspersky Lab periodically analyze the popular security technologies in the cybersecurity market. This time, they decided to study what security technologies operating system developers provide for embedded systems (in other words, the Internet of Things). Our main interest lies in how these operating systems address issues related to cybersecurity.
Note that during the analysis, researchers will reclassify the current operating systems for analytical purposes. Moreover, throughout the research process, researchers will also compare the currently popular operating systems with KasperskyOS to understand their strengths and weaknesses, and to suggest improvements.
Current popular operating systems provide almost no protection for embedded systems
The researchers analyzed dozens of popular operating systems currently on the market, ranging from the most common (Windows, iOS) to systems used by enthusiasts. According to the analysis results, the vast majority of operating systems mainly handle practical functional tasks, while information security features (if included in the system) are merely extensions of existing functionalities in the form of plugins, components implementing encryption algorithms, or external program architectures. Although these measures can help improve the overall security characteristics of the system, they cannot guarantee that the system is immune to all modern attack patterns. If security issues for embedded systems were not considered in the initial system design, then with the continuous addition of protective mechanisms, the system will inevitably be attacked.
Classification of Operating Systems
The currently popular operating systems can be classified according to many criteria, and in this analysis, the researchers classified operating systems from the perspective of security architecture. Therefore, based on their kernel types, researchers divided the currently popular operating systems into four main categories.
· Monolithic Systems;
· Operating Systems based on Monolithic Kernels;
· Operating Systems based on Microkernels;
· Hybrid Systems;
Monolithic Systems
This is the most commonly used architecture type for embedded devices. Most of the operating systems analyzed by the researchers are running environments based on microcontroller-designed monolithic systems, where all processes (including user and system) can run unrestricted in a single address space.
From an information security perspective, this architecture is only suitable for very simple tasks. As the functionality of devices becomes increasingly complex, the risk of vulnerabilities also grows significantly. When vulnerabilities occur in such systems, whether in the implementation of system services or in auxiliary applications, the entire security environment can be compromised.
Additional security measures for such operating systems often involve providing libraries containing multiple sets of encryption algorithms; however, these measures rarely provide comprehensive solutions to many important issues, such as key and certificate generation and storage, secure trusted downloads, and secure updates. Furthermore, since these libraries are created specifically for certain operating systems, they often do not undergo sufficient validation or testing. Therefore, these libraries themselves may contain vulnerabilities, ultimately resulting in a decrease in the overall security of the solution.
Besides libraries, other measures (such as stack protection, various types of additional checks, etc.) can provide some protection against different types of failures and vulnerabilities. However, if an attacker specifically targets known vulnerabilities, these preventive measures are usually ineffective.
Even if these solutions formally implement a microkernel architecture, it cannot be ensured that the level of user protection will qualitatively improve because any user process can affect the operation of the microkernel unless user processes are isolated from system processes. Theoretically, it is difficult to isolate user processes from system processes in microkernel operating systems. According to the researchers’ tests, this is the case in currently popular operating systems like RIOT (an open-source IoT operating system that provides powerful functionality, function, file, and name lookup capabilities, and is written entirely in C), Zephyr (an open-source operating system for IoT supported by the Linux Foundation, aiming to unify IoT operating systems), Unison RTOS, and even the commercial microcontroller kernel μ-velOSity provided by Green Hills Software, as well as the basic operating system Microsar developed by Vector for automotive solutions.
Despite the many security flaws in monolithic systems, this compact operating system is very suitable for commonly used low-cost microcontrollers. They can be used in simple, compact devices where the only task of the monolithic system is to measure a single parameter, such as temperature, pressure, volume, etc. In the researchers’ view, monolithic systems are not the best choice when faced with more complex tasks.
Operating Systems Based on Monolithic Kernels
Operating systems based on monolithic kernels represent another type of operating system architecture, which may be the most widely used and popular operating system architecture type for embedded systems and general systems (i.e., servers, workstations, and mobile devices).
Unlike pure monolithic system solutions, user processes in monolithic kernel systems are isolated from the kernel, and the kernel can only access user process functions through limited system calls. From an information security perspective, this creates a significant security advantage because many services run in the kernel environment, such as protocol implementations, file systems, device drivers, etc. Popular monolithic kernel operating systems currently on the market include those based on the Linux kernel (and its derivatives), as well as Windows, FreeBSD, etc. FreeBSD is a Unix-like operating system that is an important branch of Unix developed from BSD, 386BSD, and 4.4BSD. RTEMS is an open-source real-time embedded operating system (RTOS) originally used in U.S. defense systems, initially named Real-Time Executive for Missile Systems, later renamed Real-Time Executive for Military Systems, and is now maintained by OAR Company. RTEMS has extremely wide applications in aerospace, military, and civilian fields. Like most embedded operating systems, RTEMS adopts a microkernel design philosophy, integrating the main functions of the kernel into a small execution entity, with additional functionalities implemented in layers wrapping the kernel, allowing applications to trim and link corresponding resources based on actual system configurations.
However, these operating systems’ kernel services still leave many attack surfaces, and code libraries running in the kernel environment are not 100% secure. Therefore, do not expect kernel services to be free of vulnerabilities; in practice, researchers frequently detect vulnerabilities within them.
Any attack on kernel services inevitably leads to attacks on the entire system, regardless of what tools are used to protect it. Additionally, kernel model updates require device restarts, which significantly impact the security of embedded systems. In fact, kernel model updates do not always require device restarts; however, if restarts are not required, exceptions often occur.
In cases with fewer context switches, the main advantage of a monolithic kernel architecture over microkernel operating systems lies in its better performance. Context switching refers to the CPU switching from one process to another. If context switching is too high, the CPU behaves like a mover, frequently rushing between registers and run queues, spending more time on thread switching rather than on the actual work of the threads.
Comparison of Different Versions of Linux Systems Currently on the Market
The reason why operating systems based on the Linux kernel are so popular is that they offer a very good user experience: they not only provide open source code but also excellent hardware support, along with a plethora of supporting applications and system software. Therefore, the features of Linux systems can meet the various functional implementations of embedded systems for developers.
Note: Linux serves only as the kernel of the operating system; mature operating systems are based on various versions of Linux.
It is worth noting that Linux was developed as a multi-user operating system kernel and includes a set of built-in security mechanisms. However, from the latest security perspective, it hides many security issues in both architecture and implementation.
Traditionally, it has been believed that as long as Linux-based systems are correctly configured, the security of embedded systems can be fully guaranteed. However, this is merely a theoretical assumption, and the actual configuration process is often quite complex, with many security restrictions being bypassed. In addition, Linux also has vulnerabilities related to the implementation of secure boot mechanisms, updating operating system components, and many other issues.
In light of this, many new Linux-based systems have been developed to improve the security of embedded systems. Many of these are extensions developed to address information security issues, including AppArmour, the kernel hardening patch set project Grsecurity, PAX (a hardened version of the Linux kernel patch that restricts Linux kernel memory pages to the principle of least privilege), SELinux, etc. Although these extensions cannot guarantee 100% security for embedded systems, they still help improve the overall security situation because the Linux kernel code is vast, and there is currently no way to make the entire kernel trustworthy.
According to official data from www.cvedetails.com, 453 vulnerabilities were detected in the Linux kernel in 2017, of which 159 allowed arbitrary code execution in the context of the attacker’s kernel. Moreover, exploiting vulnerabilities in the Linux kernel can bypass any protective mechanisms, even the most complex and carefully configured ones. Unfortunately, this issue seems to have no solutions at present.
This article mainly introduces monolithic systems and operating systems based on monolithic kernels. In the next part, I will continue to introduce the security analysis of microkernel-based operating systems and hybrid systems. Stay tuned.
