Tag Archives: Linux

Information Security Best Practices

What is more important – patient safety or hospital IT?

What is more important – patient safety or the health of the enterprise hospital Windows network?  What is more important – writing secure code or installing an anti-virus?

A threat analysis was performed on a medical device used in intensive care units.  The threat analysis used the PTA (Practical threat analysis) methodology.

Our analysis considered threats to three assets: medical device availability, the hospital enterprise network and patient confidentiality/HIPAA compliance. Following the threat analysis, a prioritized plan of security countermeasures was built and implemented including the issue of propagation of viruses and malware into the hospital network (See Section III below).

Installing anti-virus software on a medical device is less effective than implementing other security countermeasures that mitigate more severe threats – ePHI leakage, software defects and USB access.

A novel benefit of our approach is derived by providing the analytical results as a standard threat model database, which can be used by medical device vendors and customers to model changes in risk profile as technology and operating environment evolve. The threat modelling software can be downloaded here.

Continue reading

Tell your friends and colleagues about us. Thanks!
Share this

The top 10 mistakes made by Linux developers

My colleague, Dr. Joel Isaacson talks about the top 10 mistakes made by Linux developers. It’s a great article and great read from one of the top embedded Linux programmers in the world.

The Little Engine That Could

Copyright 2004 Joel Isaacson. This work is licensed under the Creative Commons Attribution License.

I  try to explain what are the top 10 mistakes made by Linux developers as I see it. I’m aware that one person’s mistake is another person’s best practice. My comments are therefore subjective.

I will use an embedded Linux device, the WRT54GS, a wireless router as an illustration of an embedded Linux device.An interesting article about this device can be found in: http://www.pbs.org/cringely/pulpit/pulpit20040527.html.

“The Little Engine That Could” How Linux is Inadvertently Poised to Remake the Telephone and Internet Markets – By Robert X. Cringely

So what are the top 10 mistakes made by Linux developers?

10 – Pick a vendor.
9 – Then pick a platform.
8 – We are not in Kansas anymore.

Support Issues

10 – Pick a Vendor

  • In my experience picking a large foreign company for support is not the best way to go for various reasons.
  • More about this later.

Continue reading

Tell your friends and colleagues about us. Thanks!
Share this

Medical device security in a hospital network

Medical devices are everywhere today.  In your doctors office measuring your blood pressure, at your cosmetician (for hip reduction…) and in the hospital for everything from patient monitoring to robot-assisted surgery.

The people that develop embedded medical devices based on Intel platforms know that Windows is vulnerable.

Lacking embedded Linux know-how, medical device developers often end up adopting Windows and Visual Studio as a default. Using Windows is a security-blanket for developers who grew up in the Microsoft Windows monoculture and are scared of the Linux command line.

But – make no mistake using Windows in networked embedded medical devices is a mistake.
This is big mistake #1.

The top 2 threats to a medical device are software defects and software updates.
Consider the implications of updating patient monitoring devices in a hospital with an infected USB stick or an infected Windows notebook.

In product development (and medical device are  no exception),  the support and version update process  is often something  left for the end of the project. At that point, when the product manager asks how are we going to update the software in the field – the hands raise in favor of  USB memory stick updates as an “interim” solution.

It is crucial to use threat analysis on systems of networked medical devices in order to arrive at the right, cost-effective countermeasures (apropos the management challenge of large number of VLANS…). Threat analysis must be an integral part of the SDLC (software development life cycle) – done early in the process and validated from time to time whenever there are significant design, configuration or environmental changes.

Threat analysis enables a medical device vendor and the hospital security team to have an objective discussion on balancing the need to protect the hospital network asset with protecting the availability of the medical device  itself and concomitantly – the safety of patients that are dependent on the device – patient monitoring is the first example that comes to mind.

Unfortunately many device vendors and their hospital customers use a system management model based on Microsoft Windows and business IT management practices. This is big mistake #2.

Medical device vendors need to assess their software security and not assume that an embedded medical device running Windows XP   is no different from any other Windows PC on the network running Office 2007.

To use an analogy from the world of real time embedded systems – consider avionics as key to safety of the pilot and success of the mission. Avionics are not managed like a network of Windows PCs and neither should medical devices on the hospital network.

A medical device in a hospital network – whether it monitors patients, assists in surgery or analyzes EEGs – is an embedded device in a extremely heterogeneous and hostile environment that should simply not be vulnerable to Microsoft Windows malware.

Embedded medical devices should be based in embedded Linux – and not a stock version of Red Hat – but rather built ground up from the latest Linux kernel, with the minimum set of services and software (Qtk etc…) needed to run the application.  The software update process should be part of the design – not something bolted on after the implementation.

Developing for embedded Linux is not copy and paste from Windows. It requires expertise to setup the basic infrastructure.  But – once that infrastructure is up, the medical device developer and it’s hospital customer can be confident that they are standing on a secure platform and not a house of glass built on a foundation of sand.

Tell your friends and colleagues about us. Thanks!
Share this

Imperfect knowledge security

A few months ago I wrote about The Black Swan of Security – how major data loss events have 3 common characteristics –

1) A major data loss event appears as a complete surprise to the company .

2) Data loss has a major impact to the point of maiming or destroying the institution (note the case of Card Systems)
3) Data loss is ‘explained’ after the fact by human hindsight (Hannaford Supermarkets, Bank of America…hackers, viruses, drive-by Wifi attacks…)

A colleague of mine, who is a mathematician by training and banking executive by vocation, saw one of my presentations on Black Swan Data Security and  told me I must read Imperfect Knowledge Economics by Professor Roman Frydman from NYU. I’ll take it out of the library, as soon as I can get over to the Hebrew U on Mount Scopus. Everything Roman Frydman and Michael D. Goldberg write about economic models surely holds true for information security today.

Why do our security threat models fail to account for what happens in in real-world and cyberspace? What drives the aggregate outcome of a multi-billion dollar security and compliance industry (1 percent of the US GDP) that fails to prevent the GFC and data leakage of over 250 million credit cards? Is “self-interest” really sufficient to understand security rationality? What is the role of history, the social context and common values in protecting digital assets and systems? How should threat models be used by policymakers and professional investors?

To paraphrase John Kay, writing about the book in The Financial Times,  “the quest for advanced security technology gets in the way of useful security countermeasures.”

Tell your friends and colleagues about us. Thanks!
Share this

Solaris and real-time Java for embedded systems?

It’s always interesting to see if industry analysis stands the test of time, like Dana Gardner (formerly with the Yankee Group, now with Interarbor Solutions)  who told Internetnews.com back in 2004 that  “Solaris may find fertile ground in the embedded space with a combination of real-time Java and the Solaris operating system”.

Hmm. Now there’s an idea.

After coming home from a trip to our Warsaw office and a babysitting stint with our grand-daughter Carmel,

I started cleaning up my Web site archives. I found this article I wrote back in November 2004.  I will let the readers be the judge of the relevance of Sun Solaris as an embedded operating system in 2008.

As usual, Sun is flip-flopping on strategy and looking in the wrong direction – this time towards the embedded market market. Despite the hoopla at this month’s announcement party to launch Solaris 10, the focus for the operating system is moving towards embedded appliances. No wonder – the embedded market in terms of unit shipments is almost 10 times the size of the PC market with over 1.1 Billion units shipping annually. But – even if you can shoehorn Solaris 10 into 64M Ram does it really make sense for Sun to go there?

ARM — including StrongARM and XScale architectures – are gaining on x86 as the most popular processor architecture for embedded development. Since the beginning of 2004, embedded developers are projecting that they’ll base more projects on ARM than x86 processors in their projects during the next two years.

Vendors that use Linux are finding it easier than ever to go straight to the Open Source community and roll their own embedded Linux platforms instead of locking themselves into Montavista for support. Vendors with strong developer expertise in Windows go to Windows CE for embedded applications and leverage their knowledge.

In other words – forget it. Solaris 10 isnt available on the hardware platforms of choice (ARM) and doesnt provide a convincing alternative for developers to switch from their familiar and proven environments whether Open or closed source.

To make things worse, looks like someone at Sun is directing analysts to say stupid things like this:

Scaling Solaris down for the embedded market is exactly what analysts have been suggesting for Sun. Dana Gardner, senior analyst with The Yankee Group, told internetnews.com one area that Solaris may find some fertile ground in the embedded space is with a combination of real-time Java and the Solaris operating system.

“Real time Java” – is this fertile ground or just marketing fluff for Sun?

What do you think ? Let me know!

Tell your friends and colleagues about us. Thanks!
Share this