industry news
Subscribe to EE Journal Daily Newsletter

Wind River’s Helix Security Framework services offering to prepare and protect systems, devices and communications from cyberattacks

Security is the number one issue facing IoT deployments and must be properly addressed before broad adoption can begin. Cybersecurity has become a high priority for IT systems, yet there continue to be major security breaches, such as the hacks of major organizations including Anthem, Home Depot, the U.S. Office of Personnel Management, Sony, Target, and the French naval contractor DCNS. The threat of cyberattacks is very real; every day there are nearly 1 million new malware threats identified and millions of actual cyberattacks.

To minimize these risks and fully realize the opportunities of the IoT, a strict and reliable approach to security is essential. Different devices, systems, and industries have varying security requirements and often require a custom lens.

To complement Wind River’s product portfolio, we have introduced Wind River Helix Security Framework, a consultative services offering designed to help customers meet their IoT security needs. The offering is part of Wind River’s Professional Services business.

The Helix Security Framework provides an innovative services offering for both discovering and representing the security needs of IoT devices, as well as the entire IoT system comprised of those devices. The components of the model are based around the CIA Triad, the industry standard model to represent security, which is built around principles of confidentiality, integrity, and availability. Specifically, it offers the following services to help companies integrate security from step one and for every stage of the process:

•       Security Assessment: Identification of the device assets, vulnerabilities to those assets, risks, and regulatory requirements (i.e., NIST standards and special publications, Avionics DO-355/356, Medical Device Security Disclosure, and NERC CIP-007-3a). Determination of which security implementations are to be used based on cost, performance and operational environment factors.  The Security Assessment documents the security policy of the device.  The Security Policy defines the security implementations used to protect the assets and defines the security audit log messages and their responses for the system.
•       Information Assurance Foundation: A fully documented and complete source code solution offering that enables hardware-based security implementations that are ported to and tested on the customer’s hardware platform.
•       FIPS 140-2 Certification: Integrating and testing the cryptographic module(s) and taking the customer’s configuration through a Level 1 or Level 2 FIPS 140-2 Certification.

Wind River Helix Security Framework is equipping companies with proven strategies and technologies to secure their hardware and software, protect communication between devices and across systems, safeguard them over time, and respond quickly as new threats emerge.

For example, Elbit Systems of America, an advanced technology company, partnered with Wind River to perform a proactive security assessment on one of Elbit Systems of America’s next generation platforms for a defense customer.  By applying the Helix Security Framework, Wind River identified several opportunities to further enhance the overall robust security of Elbit Systems of America’s platform for current and future requirements.

Security is embedded in Wind River’s DNA. It is part of our rich technology heritage of more than 30 years powering mission-critical systems in markets such as aerospace, defense, industrial, and medical. Security is part of our services/consultative expertise and is built into the software we provide to help companies develop trusted and reliable solutions. Our security capabilities, along with our development processes, meet rigorous security requirements across many critical infrastructure segments.

For more information on how Wind River is addressing IoT security, visit https://goo.gl/vXAZG6.

Image 1 caption – Wind River Helix Security Framework based on CIA

Image 2 caption – Information Assurance Foundation hardware-enabled security implementations

Leave a Reply

featured blogs
Oct 16, 2017
Like with any new product in market everyone is anxious about knowing all the features and then trying it out. The display piece in the showroom and the purveyor are no less than an emancipator. Display piece helps us know how the product, test the areas of interest and gives...
Oct 13, 2017
With our last web update, we brought you several new additions to our on-site search, a new Microelectronics web experience, and our new 2017 product overview guide. In September, the updates to search came to a close (for now), we’ve added a few new content pages, and ...
Sep 12, 2017
Torrents of packets will cascade into the data center: endless streams of data from the Internet of Things (IoT), massive flows of cellular network traffic into virtualized network functions, bursts of input to Web applications. And hidden in the cascades, far darker bits try...
Sep 29, 2017
Our existing customers ask us some pretty big questions: “How can this technology implement a step-change in my specific process? How can Speedcore IP be integrated in my SoC? How can you increase the performance of my ASIC?” We revel in answering such questions. Ho...