Security engineering has long been a relevant topic for embedded Linux-based products. With the Cyber Resilience Act (CRA) and the Radio Equipment Directive (RED), however, new compliance requirements are making it significantly more important. To meet essential regulations such as IEC 62443, BSI TR-03185-2 and EN 18031, manufacturers must adhere to mandatory standards for cybersecurity and maintenance.
A key requirement of these standards is that a security-by-design approach is pursued: security is considered and planned at the systems engineering level, rather than retrofitted afterwards on the basis of catalogues of measures.
Security engineering experience combined with embedded Linux expertise
Depending on our customers' wishes, we offer services at various levels of system design.
Typically, starting from an existing risk assessment, emlix can plan and implement software requirements and corresponding measures at the level of (but not only) the embedded Linux system. Our security and systems engineers can, however, also develop a security-by-design approach together with you at system level. Here, our focus naturally lies on the software.
As the project progresses, emlix then takes over the implementation of the planned measures at the embedded Linux system level, including the associated tests and documentation – in each case with reference to the relevant requirements. Besides common measures such as trusted boot or secure update, these also include key concepts for production, IP protection, signed logging and so on. We likewise support our customers in setting up a suitable toolchain and infrastructure that meets the requirements.
Following the main development activities, we offer security lifecycle management across the entire product lifecycle – again oriented towards the agreed security requirements.
By way of example, we offer our customers the following services:
■ Security-by-design concepts: support with risk assessment at system level (focus on software)
■ Developing software (security) requirements based on a risk assessment
■ Planning the measures based on the requirements
■ Implementation, testing and documentation of the security mitigations (towards a hardened embedded Linux system)
■ Setting up a hardened toolchain
■ Security lifecycle maintenance
Benefits for emlix customers
■ Engineering know-how, security experts and proven embedded Linux expertise spanning more than 25 years
■ Efficiency gains in all project phases through targeted security engineering specific to your product and its application context
■ No interface losses, thanks to the direct link between security-by-design concepts, implementation and lifecycle maintenance
■ 20 years of experience with relevant measures: trusted boot, secure update, role and permission concepts, IP protection, etc.
■ Extensive expertise in hardened toolchains and infrastructure (trustable build toolchain, automated testing)
■ Outstanding competence in process implementation (emlix is certified to IEC 62443-4-1) and open source compliance
■ Broad know-how of the security solutions available on the market from CPU manufacturers
Embedded Linux security across the entire product lifecycle
At a glance■ Risk Analysis Workshop – the starting point for security by design
■ CVE Security Management – monitoring and expert assessment
■ Security Update Management – plannable, tested releases across the entire lifecycle
BEST PRACTICE
Rademacher Geräte-Elektronik GmbH
Increased cyber security through maintainability
In the development of the HomePilots® emlix was responsible for the conception of an embedded Linux-based platform.
The focus of the project was on the high security demands, because the intelligent devices transmit personal data such as camera material to the control unit. Furthermore, emlix is supporting Rademacher in maintaining the IT security of the product throughout its entire life cycle.
|
