News

  • Home > News

        Software offers secure change control to devices

        Doug | Date: May 16, 2006 | Comments: 1


        Solidcore Systems has released software that offers configuration and change control and security for devices running "mainstream" operating systems such as Windows, Windows XP Embedded, and Linux. S3 control is a small-footprint, low-overhead tool that can be easily deployed on devices such as storage servers, handhelds, medical equipment, and ATMs, according to the company.



        Solidcore notes that embedded devices running OSes such as Windows XP Embedded or Linux face "unique challenges" in terms of providing security in an environment with intermittent or no connectivity, and meeting end-customers' security policy and compliance requirements. Often, there is also a need to allow distributors and end users to customize a product within a controlled environment, without increasing the manufacturer's support costs.

        According to Solidcore, S3 Control maintains an inventory of "as-built" code on the device. Only this "authorized" code is allowed to run; everything else is, by definition, unauthorized and will not run. The company calls this a "deploy and forget" strategy, in contrast to anti-virus software, which must be continually updated to maintain its effectiveness. Additionally, S3 Control's run-time overhead is lower, because there is no need to continually analyze incoming data streams for virus signatures.


        S3 Control Modules

        According to Solidcore, S3 Control consists of one core module and four optional modules:
        • Real-time change tracking -- the base module provides real-time visibility into changes happening across all systems in the form of detailed tracking information

        • On-demand root cause analysis -- provides "rich forensic capability" to analyze "what changed" in the system

        • Accurate reconciliation -- correlates actual changes with intended changes

        • Selective change policy enforcement -- disallow changes attempted outside of policy guidelines, and enforce the use of update windows across multiple sources of change

        • Deploy and forget runtime control -- determines what code is allowed to run on a system and prevents unauthorized code from executing
        S3 Control also implements mechanisms that enforce change control policy, ensuring that changes only take place through authorized channels, the company adds. The software enhances accountability and compliance tracking by reconciling actual changes with intended changes.

        "As more and more equipment manufacturers move to a mainstream Windows-based software platform, problems related to unauthorized change, security, and support costs are on the rise," said Solidcore president Rosen Sharma. "Solidcore's S3 Control provides the means to gain the development and interoperability benefits from developing on Windows and Linux, while deploying in a controlled state that solves these problems."

        S3 Control currently supports Windows, Windows XP Embedded, and Linux. Solidcore says it will support Windows CE as soon as it identifies a suitable need.


        Related stories: