Improving Embedded Operating System Security Part 6: Harden the System Against Attack
In the previous posts I’ve discussed various steps that need to be taken in order to improve security, but these are all preventative measures that require validation before a device is ready for market. Enabling the security features of your embedded OS is the first step, but it’s important to test the system continuously throughout development. The importance of security-focused testing can’t be over-emphasized. Testing for security is a different activity than functional testing since the aim is to find and exploit vulnerabilities, often outside the realm of normal operation. Test automation is essential in order to do efficient and thorough security testing. Take a look at a post on this from my colleague Ido Sarig.