Wind River Blog Network

Simics 4.8 is Here

2013-05-20T06:58:59-07:00

By Jakob Engblom

Simics 4.8 is now generally available for old and new users to enjoy. I will be doing a series of blog posts going into the details on what is new and improved in this release. Simics 4.8 represents a significant improvement in the Simics user interface and collaboration features, as well as tweaks to the simulator performance, debugger, and modeling workflow, so there is quite a bit to talk about. We start off with an overview of the news.

The most visible new functions in Simics 4.8 are found in the Eclipse user interface. We have added several new views and features to help users gain insight into their simulations, debug more efficiently, ease device modeling, and communicate within and between teams. We have also added some significant new performance technologies and more collaboration features to Simics checkpoints.

Northrop Grumman X-47B UCAS-D Running on Wind River VxWorks Catapults from Aircraft Carrier

2013-05-14T10:16:21-07:00

By Chip Downing

Today, the Northrop Grumman X-47B unmanned aircraft achieved a successful catapult launch from the deck of the USS George H.W. Bush carrier, the first of its kind in aviation history. This marks a very proud day for Wind River knowing that our VxWorks real-time operating system is a key technology for this aircraft, developed as part of the Navy’s Unmanned Combat Air System Carrier Demonstration (UCAS-D) program.

Northrop Grumman's X-47B is a tailless, strike fighter-sized unmanned aircraft currently under development for carrier operations. VxWorks serves as the foundation for the Common Core System, the backbone of UCAS-D computers, networks, and interfacing electronics on the X-47B. Built on VxWorks, Northrop Grumman engineers were able to rapidly create, deploy and maintain the safety-critical control system.

Wind River Expertise Recognized with GENIVI Award

2013-05-14T06:07:22-07:00

By Franz Walkembach

The Automotive group at Wind River is quite an impressive team…Consider this: hundreds of engineers and decades of successfully completed projects have helped Wind River carefully foster the development in this industry. We not only created trusted connections with customers and partners, but we’ve also stayed ahead of key trends, riding a wave of open source innovation right as it started to build momentum. Fast forward to today…our ongoing efforts to advance the automotive industry has reached another great achievement – Wind River has received the Most Valuable Contributor Award from the GENIVI Alliance.

Securing Critical Infrastructure with MILS

2013-04-23T09:26:01-07:00

By Paul Chen

On February 12, the White House released the Presidential Policy Directive 21 (PPD-21), Critical Infrastructure Security and Resilience. The DHS website describes PPD-21 as “advancing a national policy to strengthen and maintain secure, functioning, and resilient critical infrastructure.” Sixteen different critical infrastructure sectors are identified, including: Chemical, Communications, Energy, Financial Services, Healthcare and Public Health, Food and Agriculture, Nuclear Reactors, Transportation, and Water and Wastewater Systems.

On the same day PPD-21 was released, President Obama also signed Executive Order 13636 for “Improving Critical Infrastructure Cybersecurity.” The Executive Order directs NIST (National Institute of Standards and Technology) to develop a framework for “reducing cyber risks to critical infrastructure,” for which they have issued an RFI and plan a workshop in late May.

And on March 26, the BSI (Bundesamt für Sicherheit in der Informationstechnik, the German Federal Office for Information Security) published the Protection Profile for the Gateway of a Smart Metering System. Such devices will securely collect, process, and store information from smart meters, adding security to smart electricity distribution grids. The protection profile notes that the threat from a remote cyberattack is much higher than that from a local physical attack, since the attacker in network has the potential to compromise not just one, but many components of the infrastructure, or even the corresponding grid.

These developments highlight the focus on improving critical infrastructure security as attacks from cyber-terrorism have increased over the last decade and, alarmingly, in the past year on power, water, and nuclear systems. A recent report states that, indeed, most cyber-attacks now target critical infrastructure, moving “away from hacking and financially motivated crime” to attacks to “deny, disrupt, and destroy” service. For most of us, even the most destructive cyber-attacks like Stuxnet are fairly remote and don’t impact us; but if critical infrastructure services are denied, disrupted, or destroyed, cyber-attacks could become devastatingly personal.

Serving Windows Files from a Simics Quick-Start Platform

2013-04-22T16:51:29-07:00

By Jakob Engblom

Windows file sharing has always felt a bit magical to me. I use it all the time, certainly, but I never quite understood how it worked; it was just this big chunk of Microsoft protocol that felt like it really did not want to talk to other types of operating systems. Sure, I have used the open-source "samba" server for a long time with great success… but it always seemed to suffer from issues with access rights (probably the fault of me and server setup and mixing Unix and Windows accounts, not a fault in the server itself).

With this background, I was really delighted and surprised when I managed to almost effortlessly get a Simics target to share and serve files to my Windows host. A big-endian Power Architecture QSP target at that, running VxWorks, how cool isn’t that? The key to the puzzle was the Visuality NQ Server from Visuality Systems Ltd. in Israel. It just worked, and let me try some interesting and educational setups.

A Better way to Connect: TCF and Simics

2013-03-25T06:18:46-07:00

By Jakob Engblom

How do you actually connect an integrated development environment or a debugger to a target system? This question is more complicated than it might seem to the uninitiated outsider. Traditionally, a range of protocols have been used to connect the development host to a target, most of them vendor-proprietary, and often specialized for a particular purpose (such as debug, downloading code, or uploading profile data). However, there is a better alternative available today, the open-source TCF, Target Connection Framework. The TCF is much more than a debugger connection. Based on decades of industry experience as to what you actually need to do with a target, TCF combines everything on a single connection: analysis, testing, configuration, control, provisioning, inspection, tracing, debugging, and anything else you might think of. Simics is making good use of TCF to simplify the connection between the Simics runtime engine and the Simics Eclipse-based GUI. In this blog post, I will go into how TCF is used with Simics and what it has enabled us to do that would have been very difficult without the TCF.

First, we need a little background on TCF itself. The TCF is a project in Eclipse, with contributions from Wind River, Xilinx, and others. The TCF protocol is service-based, and each target exposes the services that it supports to the host. The host can then activate the appropriate functionality, based on what the target reports. In this way, there is no need for the host to know very much about the target a priori, as all its capabilites are reported dynamically after a connection has been setup.

Anyway, on to Simics and TCF. Given what TCF is, how did we use it with Simics?

Let’s Talk About Securing the Device

2013-03-19T05:00:00-07:00

By AJ Shipley

In my previous blog post, I touched on the key variables influencing how we approach device security. In this blog post, I’ll focus the discussion on securing the device. Before I do, I want to touch briefly on what was a key take away for me from last month’s RSA conference in San Francisco. This year, the focus was more on big data, the collection of data from connected devices, and analysis of that data to identify malicious or unusual activity. This is absolutely the correct approach to pro-actively and pre-emptively identify security threats, but it is important to remember that if the device that is providing the data is not secure, you cannot trust the data the device is providing, and most importantly, you cannot trust the device to carry out the actions that the data analysis indicates is required.

At a very high level, I approach security, and security decisions, from two different points of view. You can either secure the network infrastructure, or you can secure the devices that attach to that infrastructure and communicate with each other. While nobody would argue that great security requires securing both the infrastructure and the devices, there are different considerations that come with both approaches.

The CWE/SANS Top 25 Most Dangerous Software Errors: What it means for embedded developers

2013-03-05T06:00:00-08:00

By Bill Graham

The CWE/Sans Top 25 is fairly well known among security experts but might be overlooked by embedded developers since the list covers all types of systems and programming languages. Developers are fully aware of the quality impacts of many of these errors however they may be less knowledgeable of the security implications. The classic example is the buffer overflow error – all programmers know this is a bad thing and can cause a program to crash or become unresponsive. However, many developers fail to realize that an attacker can trigger these errors to execute code, reveal data or cause a denial of service attack.

The Top 25 list is a “who’s who” of dangerous errors that are the most commonly reported security vulnerabilities. This year’s RSA conference theme was ‘Security in Knowledge,’ and Wind River couldn’t agree more -- mitigating the risk of these errors is the first step to improving your device’s security. In this post I will point out what the 10 most important errors are from the top 25 list that embedded developers need to be aware of. In a subsequent post I’ll discuss the mitigation strategies and the role of automated tools in detecting and removing these errors.

The Big 10 Coding Errors and Impact for Embedded Developers

Some of the Top 25 are more applicable to embedded developers than others and arguably have a different priority. Also, some of the errors are from coding errors while others are configuration errors (or a combination of both.) In this case we’ve identified Wind River’s choice for the vulnerabilities that are most likely to impact embedded developers from this list. The “Big 10” errors that embedded developers are likely to encounter are as follows.

Avionics Europe 2013 Conference

2013-03-01T00:00:00-08:00

By Paul Parkinson

Last week I attended the Avionics Europe 2013 conference, which was held in Munich for the last time perhaps (as it is moving to Abu Dhabi in 2014).

The theme of this year's conference was 'Tackling the Challenges in Avionics: Single Sky Many Platforms,' which continued to focus on the growth in air traffic across Europe and challenges arising for air traffic management and navigation. However, rather than continuing to focus on the regulatory challenges as in 2012 (which I have discussed previously), there was a shift in emphasis towards the implementation of technologies such as SESAR.

One of the keynote speakers, Captain Sascha Unterbarnscheidt, A320 Captain and Director Operations Support, Lufthansa Germany made some very interesting observations in his address 'Single European Sky - Delivery to Daily Operations.' In particular, how the fragmented European air space (compared to the United States), led to ATM inefficiencies in 2011 resulting in 17.9m minutes of ATM delays, 8.1m tonnes of wasted CO2, and increased costs of around 5billion Euros (with the effect on passengers of delayed flights, longer flight times, wasted fuel and increased noise). He then went on to explain how the increased levels of automation and productivity through SESAR would result in increased capacity, reduced costs and lower accident rates.

Top Five Variables Influencing the Approach to Device Security

2013-02-25T06:00:00-08:00

By AJ Shipley

In my previous blog post, I covered the importance of having security built in and not bolted on. In this blog post, I’ll outline the top five key variables that are influencing how we approach device security -- a topic particularly top of mind as I spend this week at the RSA Conference.

1. Connectivity to the enterprise and cloud. Historically, embedded devices, while network connected, operated on proprietary protocols and dedicated networks. A “great wall” so to speak, existed between the networks that powered our critical infrastructure, for example, and the networks that powered our enterprises. However, due to the pervasive nature of Ethernet there is a desire now to leverage all of the security expertise that we have gained over the past 20 years deploying commercial grade enterprise networks and apply it to our embedded systems -- and then extend this when connecting to the cloud. Herein lays the potential for huge productivity gains by leveraging the same infrastructure to collect data, analyze it, manage and update our devices, etc. Along with the potential productivity gains comes the reality that we are now exposing our embedded devices to threats that they have never had to deal with before and probably aren’t suited to handle in the same manner that our enterprise infrastructure is.