[langsec-discuss] Isolating code for mechanical relay control ( request for ideas )
robert_david_graham at yahoo.com
Wed Dec 3 23:12:07 UTC 2014
FYI (for other people on this list), the "Edison" board isn't an MCU. It's a full-fledged Intel x86 processor. It's about 2.5 times faster than a Raspberry Pi using a tenth of the electrical power. While it comes with Yocto, you can in theory put Ubuntu on it. It's as full an x86 PC as you want it to be.
The answer to the question is "no, never". You can't isolate code absolutely on the computer. If that's your goal, then use two Edison boards. But of course, even that doesn't work because the two boards need to communicate. Ultimately, the question comes down to "how do all solve all the world's security problems on my homebrew project", which is in fact how several of these answers approached the problem.
Ultimately, the problem isn't even solvable, because while you say that you don't want hackers to be able to change the critical software, you'll want in the future to be able to update that software. It's the same trap industrial control systems are in: not being able to update the software is a worse problem than updating the software.
The practical answer is to run the part that communicates with the outside world within a VM, and to write all the code innything but C/C++. The part that communicates across the VM should assume hostile input, and refuse commands like to quickly toggle the relays.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the langsec-discuss