Software Updates for Connected Linux Devices: Key Considerations

Session information has not yet been published for this event.

*
60 Minute BoF session
Scheduled: Thursday, November 3, 2016 from 5:00 – 6:00pm in Sweeney AB

One Line Summary

In this presentation, we will cover the nuances and security considerations one must be mindful of when deploying software updates to connected Linux devices to ensure the security and integrity of devices deployed in the wild.

Abstract

A key requirement for connected devices/IoT is the ability to deploy software updates. Data breaches are occurring on a regular basis and extending devices outside the firewall perimeter increases the attack surface. There are on average 1-25 bugs/defects per 1,000 lines of code.

The good news is that security breaches are largely preventable. The Center of Internet Security estimates that 80-90% can be prevented through swift software updates and patching, which are necessary in order to:

1. Deploy bug fixes
2. Patch security vulnerabilities
3. Deliver new features

In this presentation, we will cover all the nuances and security considerations one must be mindful of when deploying software updates to connected Linux devices to ensure the security and integrity of devices deployed in the wild. The presentation will drill down on four primary areas with the following subtopics:

● Basic functionality

○ Artifact and device compatibility
○ Rollback
○ Resilient updates
○ Device grouping
○ image/package/file/container-based updates
○ Atomic

● Security requirements

○ Artifact integrity and authenticity
○ Encrypted traffic
○ Access controls
○ Secure and simple bootstrapping

● Operational functionality

○ Logging and compliance
○ Monitoring
○ Rollout management
○ Notifications
○ Device inventory

● Extensibility

○ Messaging protocols support
○ 3rd party tooling integration

The key takeaway is for Linux device owners and their teams to have actionable requirements to ensure the integrity of their update process for connected Linux device/IoT projects.

Tags

embedded Linux, IoT, software updates, connected devices

Speaker

  • Eystein Stenberg

    Mender.io

    Biography

    Eystein Stenberg has over 7 years of experience in security and systems management as a developer, a support engineer, a technical account manager, and now as a product manager. He has been in the front line of some of the largest production environments in various roles and has in-depth knowledge of the challenges in systems security in a real-world context.

    Eystein has presented at various technical conferences, including Embedded Linux Conference, Embedded Systems Conference, and Internet of Things World. He holds a Masters degree in cryptography and his writing credits include “Distributing a Private Key Generator in Ad Hoc Networks."