Wind River Blog Network

Detecting security problems – using static analysis to catch them early and less expensively

2012-01-26T08:24:30-08:00

By Bill Graham

In my previous post I discussed the potential benefits in quality and costs that static analysis brings to software development. In addition to common coding errors, many of the bugs found by static analysis are potential security defects as well. Buffer overflow, OS command injection, unrestricted string format and integer overflows are among the top 25 most dangerous security coding defects (according to the Common Weakness Enumeration (CWS) from the MITRE organization). These types of defects are common in C and C++ and are dangerous to correct operation in general but also pose significant security threats – often because the right exploit can lead to arbitrary code execution on the target. Once an attacker can execute code on your device, they can gain complete control, which might include reflashing the firmware, installing malware or rewriting the command and control software.

Using Static Analysis to Improve Product Quality, Earlier and Cheaper

2012-01-24T08:04:33-08:00

By Bill Graham

Fixing bugs is expensive. Fixing bugs is more expensive the later you leave them, in fact, its been shown to cost a magnitude higher with each major phase of development. The famous defect cost chart from Capers Jones shows the cost of a bug going from $25 at the coding phase to $16,000 in development. Not only that, but most of the bugs are introduced into the system at this stage yet very little of them are found. Logic says we should fix them earlier to save money.

Making a Faulty Serial Port

2012-01-23T08:31:06-08:00

By Jakob Engblom

As noted before, one common use case for Simics is doing fault injection. Fault injection is typically added to an existing system without changing it, since the goal is to maintain a fundamentally fast simulator when not injecting faults. There are a range of mechanisms available in Simics to implement fault injection. This blog post will take a look at two such mechanisms and how they are used in the context of injecting faults on a serial port.

Android Security – making sense of all the choices

2012-01-19T15:44:14-08:00

By Chris Buerger

Last week’s public release of the Security Enhanced (SE) Android project and associated source code is hailed by many as an important foundational step to add a new set of options to create secure Android devices. While the recent release of the code base by the National Security Agency (NSA) is familiar territory for Android experts such as Wind River who have been designing and implementing comprehensive security layers to a wide spectrum of Android devices for a few years now, the portrayal of this development in the media as an all-encompassing security solution grossly oversimplifies the complex subject matter that Android security represents.

Simply speaking, compiling and flashing the SE Android code base on to your Nexus S will not make it completely 'secure.'

Wind River has been enabling Android devices for close to five years now. Based on that experience and over a decade of pioneering mobile Linux-based devices, four key security-related points stand out.

VxWorks Cert Now Supports ARM!

2012-01-16T00:00:00-08:00

By Alex Wilson

Aerospace and defense has relied on rugged embedded vehicle mounted computers for many years, but as devices become more mobile, and with increased demand to reduce SWaP (Size, Weight, and Power), ARM-based computers become an interesting alternative. Added to that is the wealth of functionality available in ARM devices that make it a good choice, not only to reduce SWaP in the core CPU, but to reduce overall chipset sizes to a single SoC.

If we look at an example of an ARM-based device, such as the TI OMAP3530, this is a perfect device with which to build a software defined radio for example. It has a high performance, low powered Cortex A8 Core, with numerous IO devices to help connectivity and display. Designed as a mobile device, for example, it supports Android -- and the OMAP3530 is also well suited to other areas of A&D such as soldier mounted systems, or remote sensors.

VxWorks Cert: Supporting Low Power Devices in Safety Critical Systems

2012-01-11T06:00:00-08:00

By Bill Graham

Embedded microprocessors are steadily progressing towards more performance while maintaining or decreasing power requirements (more succinctly, the performance per watt is getting better and better). High performance processors that decrease system power requirements are desired in safety critical systems just as they are in the general embedded marketplace. Our recent release of VxWorks Cert Platform adds support for ARM processors to our safety critical VxWorks platform which compliments our current support for Intel Atom processors, both of which are important platforms for high capable but low power consumption devices. Adding ARM to the supported list of architectures expands the application of the safety critical real-time operating system (RTOS) platform to new possibilities such as mobile, handheld and graphics-oriented devices.

Wind River Discusses Security and Safety Offerings with ICC Media

2012-01-10T08:53:41-08:00

By Amanda Lowe

At IPC/SPS/Drives in November, Alexander Damisch, Wind River's Director, Industrial Solutions, sat down for an interview with ICC Media to discuss our recent collaborations with Wurldtech and ISaGRAF.

Click on the video link below to learn more about the latest offerings.

Wind River Linux: The Thrills Just Keep Coming

2011-12-20T06:00:00-08:00

By Paul Anderson

When I joined Wind River over ten years ago, there were many in the company and in the embedded industry that saw open source software with extreme skepticism: too big, too slow, too risky, too expensive to maintain, and so forth. Over the years, the industry at large has figured out that open source software, particularly Linux, has an essential role in the embedded ecosystem, just as real time operating systems, software development tools, test frameworks, and many other things play a critical role in developing and deploying embedded device. But, the role of Linux embedded development represents something else, a fundamental change in the way people think and act as it relates to how software is developed, deployed and maintained in the embedded space. Linux is different.

Introducing Performance Studio

2011-12-19T06:01:00-08:00

By Emeka Nwafor

What is Performance Studio? Is it:

1. Some kind of hair product

2. A new "clinic" for MLB players

3. Full name: : Wind River Linux Performance Studio for Intel® Architecture; a new add-on product for Wind River Linux that helps you get the most performance out of your embedded Linux device software running on Intel hardware

If you correctly answered "3", give yourself a round of applause.

Our portfolio of development solutions have long addressed a broad set of embedded device development concerns in the areas of system definition, bring-up, software construction, integration & test, and maintaining and retro-fitting embedded device software and hardware. Now, with the introduction of Performance Studio, we not only have the broad development solutions portfolio but also further extend it with capabilities that enable us to go deeper into the platform and obtain the best performance out of embedded Linux software running on Intel® Core™, Xeon™, and Atom™ processors.

A Gathering of Automotive Minds from GENIVI

2011-12-16T11:07:09-08:00

By Franz Walkembach

Recently, Wind River hosted an industry meeting with the GENIVI System Infrastructure and the Automotive Expert group. These groups include a diverse range of executives representing the major automotive Tier 1 suppliers and OEMs such as e.g. BMW, Volvo, Magneti Marelli, Harman, Continental, Collabora andor XSE. It was a great opportunity to round up automotive leaders to discuss the latest industry developments, challenges and insights. The group makes an effort to meet on a regular basis in order to stay on top of hot issues and breakthroughs.