OnBoard Security InSights

Four Simple Software Models To Built System Security

Posted by Lee Wilson on Aug 7, 2018 5:55:00 PM
Find me on:

Every day, thousands of new devices are given internet connectivity - called the Internet of Things (IoT).   Figure 1 displays IoT devices attacked worldwide in 2015. Most of the internet connected devices are inherently insecure and hackers realize this as an easy opportunity.  Even though home routers were the most targeted devices, others weren’t spared.

Figure 1download

Source: https://dzone.com/articles/fortiguard-labs-report-exponential-growth-of-iot-d

IoT device manufacturers are starting to realize they need to implement security software to defend their devices. There are 4 ways they can approach the development of this security.

1) Do it yourself

Like the name suggests, your code is created by your programmers or contractors.  Security is probably not their area of expertise and their efforts are likely not going to lead to increased customer demand.  Most companies prefer to use their developers on key differentiating code.

 

2) Closed Source Code (Non-standard API)

APIs are developed by its supplier and are not open standards.  The underlying implementation is not visible to the end user. A significant advantage of this type of software is that those providing this software, if successful, are generally well-funded and can provide good, long-term support and high product quality.

 

3) Closed Source Code (Standardized API)

The APIs  are developed by recognized technical consortiums or governmental groups and are considered to be open standards. If you have a good partner, they can give you economies of scale, do extensive testing, attend standards meetings and maintain the needed detailed expertise to maintain the code over its entire lifecycle.

 

4) Open Source Code 

Open source software is provided as source code which end users can see and compile. Some licenses are “toxic” in that you must also turn over as open source any code that you use or create to link to the open source code provided.  Most open source is provided with the caveat “No guarantees are made with this code. Use at your own risk. If you have problems, you are on your own.”

So how do you know which model is the best fit for you? To learn more the article “Setting and Achieving Security Design Goals”.

(http://blog.onboardsecurity.com/blog/setting-and-achieving-security-design-goals)

 

Topics: Internet of Things

Learn About the Latest in IoT Security from Our Team of Experts

 

OnBoard Security's security experts share insights on the latest security topics in:

  • Connected Cars
  • Autonomous Vehicles
  • Internet of Things
  • Quantum Computing

Subscribe to Email Updates

Recent Posts