Mandatory Access Control Method for Windows Embedded OS Security

The Windows Embedded operating system (OS) adopts a discretionary access control (DAC)-based policy, but underlying vulnerabilities exist because of external hacker attacks and other factors. In this study, we propose a system that improves the security of the Windows Embedded OS by applying a mandatory access control (MAC) policy in which the access rights of objects, such as files and folders, and subjects’ privileges, such as processes, are compared. We conducted access control tests to verify whether the proposed system could avoid the vulnerabilities of DAC-based systems. Our results indicate that the existing DAC-based security systems could be neutralized if a principal's security policy is removed. However, in the proposed MAC-based Windows Embedded OS, even if the clearance and category values of a subject’s files are given the highest rating, all accesses are automatically denied. Therefore, the execution of all files that were not previously registered on the whitelist was denied, proving that security was improved relative to DAC-based systems.

Application of a Fuzzy MCDM Method to Select the Best Operating System for an Efficient Security-Aware Design of Embedded Systems

In this work, the authors present their solution to select the best operating system for an efficient security-aware design of embedded systems. This problem is formulated as a MCDM problem and solved using a hybrid approach combining fuzzy AHP and fuzzy VIKOR. This combination enables the authors to take profit of both methods. From AHP, they exploited the hierarchy and the pairwise comparison between criteria that leads to finding the importance (weight) of each criteria more consistently. On the other hand, from the VIKOR method, they leverage its power to compromise between conflictual criteria. Since they are dealing with unprecise and subjective advises, they opt for the fuzzy versions of the AHP and VIKOR methods dealing with triangular fuzzy numbers. They used fuzzy AHP to calculate weights of criteria which are served later as inputs for the fuzzy VIKOR method. The outcome of this work is to assist embedded designers to select the most appropriate embedded OS for efficient design of secure embedded systems.

Embedded operating system and industrial applications: a review

The complexity of an embedded system is directly proportional to the requirements of industrial applications. Various embedded operating system (OS) approaches had been built to fulfil the requirements. This review aims to systematically address the similarities and differences of the embedded OS solutions and analyse the factors that will influence decision-making when choosing what solution to use in the applications. This paper reviews three standard solutions; super loop, cooperative, and real-time operating system (RTOS). These are commonly used in industrial applications. By grouping the tasks in the foreground and background execution region, the concept and working principle of each of them are reviewed. The unique feature of RTOS in the context of task switching was used to define the deterministic characteristic of meeting the deadlines. The importance and performance of this characteristic is addressed and compared among various solutions in this paper. Subsequently, this paper reviewed the internet of things (IoT) requirements, automotive, medical and consumer electronics industry. The influential factors on choosing the right embedded OS to be used are extracted based on the requirements. They are reviewed in the perspective of memory footprint, regulated standards, cost-effectiveness, time effectiveness, and scalability.

Dependability Aspects in Configurable Embedded Operating Systems

As all conceptual layers in the software stack depend on the operating system (OS) to reliably provide resource-management services and isolation, it can be considered the “reliable computing base” that must be hardened for correct operation under fault models such as transient hardware faults in the memory hierarchy. In this chapter, we approach the problem of system-software hardening in three complementary scenarios. (1) We address the following research question: Where do the general reliability limits of static system-software stacks lie, if designed from scratch with reliability as a first-class design goal? In order to reduce the proverbial “attack surface” as far as possible, we harness static application knowledge from an AUTOSAR-compliant task set, and protect the whole OS kernel with AN-encoding. This static approach yields an extremely reliable software system, but is constrained to specific application domains. (2) We investigate how reliable a dynamic COTS embedded OS can become if hardened with programming-language and compiler-based fault-tolerance techniques. We show that aspect-oriented programming is an appropriate means to encapsulate generic software-implemented hardware fault tolerance mechanisms that can be application-specifically applied to a selection of OS components. (3) We examine how system-software stacks can survive even more adverse fault models like whole-system outages, using emerging persistent memory (PM) technology as a vehicle for state conservation. Our findings include that software transactional memory facilitates maintaining consistent state within PM and allows fast recovery.

An Embedded Iris Image Acquisition Research

<p>In view of the limitation of traditional identification, it is easy to lose and copy keys, cards or ID cards, and it is easy to forget the password. Here, an embedded application system was designed based on the iris identification technology, the functions of gathering, inputing, and registering the iris information and identification can be realized. The system architecture was designed by using the embedded microprocessor of advanced RISC machines (ARM), which is used as the core. The iris sensor was used to gather the iris information, and the development of software was accomplished with the embedded OS Windows CE. The system can be used on the company entrance guard system, customs security of airport and criminal identification.</p>