Why RTOS Security is a Must in the Age of AI-Enabled Systems

Why RTOS Security is a Must in the Age of AI-Enabled Systems
Published on

This growing popularity of AI provides numerous benefits and conveniences, including more efficient device operation, automation, and improved productivity. However, these advantages also come with risks, especially with the increased reliance on connected devices that use operating systems or firmware with security inadequacies. 

One of the most common operating systems used in smart and connected devices is Real-time Operating System or RTOS. This is why discussing the security of this OS is important. The excitement for AI could be making many organizations pay less attention to the software of the AI-enabled devices they are using. Also, they may be forgetting the need to secure the new devices they use.

The importance of RTOS and RTOS security

RTOS is one of the popular operating systems used in connected devices. There is no exact count as to how many devices use it, but it is estimated to be in tens of billions of devices. One manufacturer says that its RTOS is used by around two billion products.

RTOS is particularly designed for systems wherein events need to be processed as quickly as possible, under strict deadlines. All processes are time-bound and committed to a fixed schedule to ensure proper operation. It is often used in environments where numerous events, which are usually outside of the main computer system, need to go through timely receipt and processing routines.

Examples of such environments are telephone exchanges, airline traffic control, command and control systems, manufacturing robotics, and network multimedia systems. Similarly, pacemaker devices operate according to this setup, and the slightest of system failures can have fatal consequences.

These systems involve the deployment of a variety of devices, including low-resource ones that run on RTOS. For example, in telephone switching systems, a VoIP gateway running RTOS may be employed together with other devices such as Digital Subscriber Line Access Multiplexer (DSLAM) and packet switching equipment. Many utility systems, from communications to transportation and power grids, have RTOS devices among their critical components that play important roles in their AI implementation.

To emphasize, RTOS is one of the popular OSes used in devices that are part of AI-enhanced systems. However, RTOS security is often overlooked, because there are a multitude of these devices in operation. Overseeing them individually entails a lot of work. Organizations usually rely on the assurances of the device manufacturers and their conventional cybersecurity systems that may or may not look into the vulnerabilities of their embedded devices.

Securing RTOS

RTOS is not inherently more or less secure than other OSes. Its security depends on how the operating system is configured. Different RTOS variants come with different sets of security features. Organizations that are in the process of acquiring RTOS devices should pay attention to the security functions of the devices they are getting.

Some of the most important features to look for include memory protection, user and connection authorization and authentication mechanisms, as well as task isolation or sandboxing. The presence of a "secure boot" function like the one in FreeRTOS is also important. Additionally, the ability to integrate with network security tools such as firewalls and intrusion detection systems is a must.

Moreover, it is crucial to ascertain that the RTOS devices that will be deployed are regularly updated. Devices should have a reliable patch management system, guaranteeing that security updates are promptly released whenever vulnerabilities are discovered.

On the other hand, it is also important for device manufacturers to be mindful of RTOS security as part of their quality assurance. Users cannot be expected to take on all the burden of securing their devices, especially given the IoT cybersecurity labeling initiative and Biden-Harris National Cybersecurity Strategy.

The IoT cybersecurity labeling initiative is not yet compulsory but there is an ongoing voluntary cybersecurity labeling program, which guides consumers in making secure choices. With this, manufacturers may not be obligated to disclose the cybersecurity capabilities of their devices, but consumers are slowly becoming more particular with their product choices as far as security is concerned. Manufacturers are indirectly compelled to improve the cybersecurity of their products to gain customers' trust.

When it comes to the Biden cybersecurity strategy, one of the key points laid out is making businesses more involved in cybersecurity. Device manufacturers are expected to ensure the security of their products before they offer them to consumers, from the hardware to the software.

RTOS and AI: Unbound but connected

RTOS devices themselves generally do not run AI software. However, they can become part of AI-powered systems. As mentioned, RTOS is intended for low-resource devices that handle data and task processing under strict deadlines, in real-time. 

In self-driving cars, for instance, there is a main computer system that contains AI software and a multitude of sensors and embedded devices that have their respective OSes or firmware. There is a synergy between powerful computers and various low-resource small devices that are capable of making split-second decisions. These devices and the AI system are connected, but they are not together. AI does not reside in individual embedded devices but in a powerful computer or the cloud, coordinating data collection and actions across different devices while taking advantage of the real-time processing of RTOS devices and others that use real-time OS.

If any of the small devices mentioned above suffer from delays of even just a few seconds, the impact will be devastating. A very brief malfunction is all it takes for a self-driving car to hit people crossing the street, bump into other cars, or speed into a dead end or a cliff. Similarly, a cyber attack on one of the embedded devices in a power grid can make thousands or millions of people lose their access to power.

RTOS devices, being low on processing and storage resources, are relatively easy to attack if they are not properly secured. They usually do not have their own internal security controls. It is difficult to continuously track and protect them unless they have a runtime protection system that can deterministically deter memory and code manipulation and continuously detect security flaws.

The security controls that protect the AI system may not extend its defensive functions into RTOS devices. That's why it is important to carefully examine the RTOS devices being deployed, put up effective cybersecurity mechanisms for them, and observe best practices.

In conclusion 

In AI-enabled systems, RTOS devices and the computers that house AI may be separate, but an attack on the RTOS devices is enough to inflict massive damage. The RTOS devices play vital roles in being coordinated and controlled to some extent by AI. If they go haywire, AI can do nothing much to restore their normal functions.

The integration of AI and real-time operating systems has been providing important innovations and more efficient ways to do things. However, to maximize the advantages brought about by AI-enabled systems, it is crucial to pay attention to new security needs, especially those related to the protection of low-resource embedded devices that lack full-fledged cyber defenses. 

Join our WhatsApp Channel to get the latest news, exclusives and videos on WhatsApp

                                                                                                       _____________                                             

Disclaimer: Analytics Insight does not provide financial advice or guidance. Also note that the cryptocurrencies mentioned/listed on the website could potentially be scams, i.e. designed to induce you to invest financial resources that may be lost forever and not be recoverable once investments are made. You are responsible for conducting your own research (DYOR) before making any investments. Read more here.

Related Stories

No stories found.
logo
Analytics Insight
www.analyticsinsight.net