Security is a big worry for the Internet of Things (IoT). A major part of the problem lies with the operating system (OS) running on these devices, which by its nature is reconfigurable and open for both internal as well as external communications.
According to Per Buer, CEO and co-founder, IncludeOS, the growing use of Linux as an embedded OS is giving it a role for which it is far from perfect. Linux has impressive software and hardware support and supports just about any protocol and any peripheral. Being all dynamic, anything at any time can connect to a Linux system. The result is a massive amount of code and following this a considerable number of potential bugs that could lead to attacks.
IncludeOS offers a better solution. The company has created an open-source OS that links into the application at compile time, resulting in one software image where the OS functionality is inside the application and running directly on top of the hardware.
The IncludeOS approach links only the OS functionality that the application needs into the binary software image, thus reducing both its possible attack surfaces and size. Thus, this approach is normally termed a ‘library OS’.
IncludeOS runs in a single address space, so there are neither inter-process communications nor concepts like kernel space and user space, making it a unikernel OS, and together these concepts give the architecture some very different characteristics in comparison with the traditional OS.
But the most important feature is security. As Linux and most other operating systems are designed to be general-purpose OS with long lifespans on different hardware platforms, they are reconfigurable, making them vulnerable to malicious misuse by an attacker.