SoylentNews

This Linux Tool Could Improve the Security of IoT Devices

posted by martyb on Friday August 25 2017, @07:44AM   
from the I-need-a-new-IoT...-and-make-it-Snappy! dept.

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

Snappy, a software deployment and management system designed by Canonical for the Ubuntu operating system, could be a shortcut to building trusted IoT applications.

The first rule of building a secure and feature-rich ecosystem is software management — push and pull software updates and software discovery through an app store mechanism from a trusted source.

In the go-to-market IoT race, though, that often doesn't happen. Many Internet of Things (IoT) product developers have ignored the traumatic early history of Microsoft Windows, Android and web platforms, and expoits of IoT devices — because software updates have not been designed in — are regularly reported.

Those earlier platforms have been hardened, updates have been automated, and the app discovery and installation have been made trustworthy. IoT developers need to follow their lead. 

Snappy, a software deployment and package management system designed and built by Canonical for the Ubuntu operating system, could be a shortcut to building a trusted IoT application.

The Ubuntu-Core required to integrate Snappy software management system uses 612MB, and snapd, the endpoint software management service needed to interact with Snappy, uses 15MB. The IoT device would need 627MB-plus memory for the IoT app called a snap. Because of memory and computational constraints, it is not a solution for ultra-low-power, small memory microcontroller devices but would work with 32-bit devices like the Raspberry Pi. Nevertheless, a review of Snappy is worth the time because it clearly explains a fairly complete approach to the problem of trusted software management and distribution.

Source: https://www.networkworld.com/article/3219725/internet-of-things/this-linux-tool-could-improve-the-security-of-iot-devices.html

---

Original Submission

• WTF is he talking about? (Score: 2, Insightful) by Kawumpa on Friday August 25 2017, @08:50AM

  by Kawumpa (1187) on Friday August 25 2017, @08:50AM (#558779)

  From the article:

  Snaps can communicate with one another, automatically or with manually set privileges, to prevent exploits using a consumer and provider architecture. Most interfaces are designed for strong application isolation and user control such that auto-connected interfaces are considered safe, and product design and development teams choose what applications to trust and to what extent by manually connected interfaces.

  What is "a consumer and provider architecture?" They are considered safe, not actually safe?

  The Snappy store concept could be expanded to increase the general trust of IoT apps. It would be like the Windows, Google Play and browser extension stores in which trust in these stores and the update mechanisms have replaced the trustworthiness of individual application developers, creating a higher level of trust in apps acquired from these stores.

  Because those stores are a good idea? And btw, why would I want an application store, or additional software for IoT devices? Aren't they supposed to be appliances? And who out there thinks IoT is a good idea anyway?

  Linux requires more computational resources than a designer constrained by the limited power supplied by battery or small solar cells and the inexpensive component cost budget they might be able to afford. It is a valuable review, though, because all designers of IoT devices face the same design and security issues — even the low-cost, low-power microcontroller designs.

  What?

  Starting Score:	1		point
  Moderation		+1
  Insightful=1, Total=1
  Extra 'Insightful' Modifier		0
  Total Score:		2