Your submission was sent successfully! Close

  1. Blog
  2. Article

Guest
on 9 April 2020

Ubuntu Core: an independent security analysis


This is a guest blog by Trent R.Hein, Co-CEO of Rule 4.

Once in a while an opportunity comes along that brings out our inner geek like no other, which is what happened when Canonical asked if we’d be willing to review the overall cybersecurity model of Ubuntu Core and its ecosystem. We’re no strangers to operating system security — we’ve been hands-on operating system cybersecurity practitioners and contributors dating back to the 1990s, with Berkeley (BSD) Unix and early Intel/embedded variants such as BSD/OS, and in more recent years on embedded Linux platforms for mission-critical devices ranging from card access control systems to medical devices and traffic lights.

One of the challenges we often run into is that the traditional focus on a wide array of user-centric features has resulted in Linux distributions that are easy-to-use and incredibly powerful, but not well-suited for purpose-specific uses such as appliances and IoT/Industrial IoT (IIoT) devices. Specialized embedded OSs have been available for many decades, but typically have suffered as “closed” products where functionality was limited and enhancements were highly dependent on the vendor. Even more problematic is the lack of “fleet management” functionality. Typically, the embedded OS was installed when the device was shipped, and barring some herculean effort, that same version and functionality were likely still on the device when it went to its grave. 

Canonical encouraged us to look at every aspect of Ubuntu Core and its ecosystem to validate the strengths of its cybersecurity controls and identify any potential deficiencies in its architecture. Using a combination of meticulous threat mapping and hands-on technical testing of controls and behaviors, we developed a thorough understanding of the cybersecurity attributes of the ecosystem. All of our testing was performed independently and provides an unbiased third-party perspective on risks within the Ubuntu Core ecosystem.

You can read the details of what we tested, our findings, and our recommendations in the full white paper.

The TL;DR version is that Ubuntu Core represents a significant step forward in providing a secure, holistic approach — it brings all of the power of the Linux and snap world to the developer’s fingertips, while providing just enough structure and power through fine-grained security controls, hardening, and sandboxing in a platform that provides for long-term fleet lifecycle management. Together, these attributes form a security arbitrage that is a win-win for the IoT world.

Related posts


Canonical
6 July 2023

불변의 리눅스 데스크톱 기반으로서의 우분투 코어(Ubuntu Core)

Desktop Article

캐노니컬(Canonical)은 IoT를 위한 완전한 컨테이너 플랫폼을 만들기 위해 2014년에 우분투 코어 개발을 시작했습니다. 우분투 코어에서는 도커(Docker) 및 LXC가 구축된 것과 동일한 커널 컨테이너 기술을 사용하여 잘 정의된 업그레이드 및 롤백을 통해 시스템의 모든 구성 요소를 안전한 샌드박스에 넣습니다. 저희는 자율적으로 연결된 사물 인터넷 장치가 사람의 개입 없이 적용할 수 있는 업데이트를 수신하여 에지에서 보안 및 ...


Oliver Smith
31 May 2023

Ubuntu Core as an immutable Linux Desktop base

Desktop Article

Join us as we discuss the architecture of immutable operating systems and the role of Ubuntu Core in the future of the immutable Linux desktop. ...


lizzieepton
29 November 2023

Meet Canonical at CES 2024

Ubuntu Article

It’s that exciting time of year, CES is almost here. With 2880+ exhibitors, the Consumer Electronics Show (CES) has cemented its position as the premier event for unveiling the latest technological advancements. With each passing year, CES becomes an even more integral platform for showcasing groundbreaking innovations. Join us at booth 9 ...