Your submission was sent successfully! Close

Ubuntu Core: an independent security analysis


on 9 April 2020

This is a guest blog by Trent R.Hein, Co-CEO of Rule 4.

Once in a while an opportunity comes along that brings out our inner geek like no other, which is what happened when Canonical asked if we’d be willing to review the overall cybersecurity model of Ubuntu Core and its ecosystem. We’re no strangers to operating system security — we’ve been hands-on operating system cybersecurity practitioners and contributors dating back to the 1990s, with Berkeley (BSD) Unix and early Intel/embedded variants such as BSD/OS, and in more recent years on embedded Linux platforms for mission-critical devices ranging from card access control systems to medical devices and traffic lights.

One of the challenges we often run into is that the traditional focus on a wide array of user-centric features has resulted in Linux distributions that are easy-to-use and incredibly powerful, but not well-suited for purpose-specific uses such as appliances and IoT/Industrial IoT (IIoT) devices. Specialized embedded OSs have been available for many decades, but typically have suffered as “closed” products where functionality was limited and enhancements were highly dependent on the vendor. Even more problematic is the lack of “fleet management” functionality. Typically, the embedded OS was installed when the device was shipped, and barring some herculean effort, that same version and functionality were likely still on the device when it went to its grave. 

Canonical encouraged us to look at every aspect of Ubuntu Core and its ecosystem to validate the strengths of its cybersecurity controls and identify any potential deficiencies in its architecture. Using a combination of meticulous threat mapping and hands-on technical testing of controls and behaviors, we developed a thorough understanding of the cybersecurity attributes of the ecosystem. All of our testing was performed independently and provides an unbiased third-party perspective on risks within the Ubuntu Core ecosystem.

You can read the details of what we tested, our findings, and our recommendations in the full white paper.

The TL;DR version is that Ubuntu Core represents a significant step forward in providing a secure, holistic approach — it brings all of the power of the Linux and snap world to the developer’s fingertips, while providing just enough structure and power through fine-grained security controls, hardening, and sandboxing in a platform that provides for long-term fleet lifecycle management. Together, these attributes form a security arbitrage that is a win-win for the IoT world.

smart start

IoT as a service

Bring an IoT device to market fast. Focus on your apps, we handle the rest. Canonical offers hardware bring up, app integration, knowledge transfer and engineering support to get your first device to market. App store and security updates guaranteed.

Get your IoT device to market fast ›

smart start logo

IoT app store

Build a platform ecosystem for connected devices to unlock new avenues for revenue generation. Get a secure, hosted and managed multi-tenant app store for your IoT devices.

Build your IoT app ecosystem ›

Newsletter signup

Select topics you're
interested in

In submitting this form, I confirm that I have read and agree to Canonical's Privacy Notice and Privacy Policy.

Related posts

“Industrial Pi” Use Cases with Ubuntu and AMD

DFI’s GHF51 mini industrial-grade motherboard, and the EC90A-GH mini fanless industrial computer, are the world’s first industrial computer products that have...

Embedded systems: the advent of the Internet of Things – Part II

This is the second part of the two-part blog series covering embedded Linux systems and the challenges brought about by the proliferation of Internet of...

What is embedded Linux? Part I

“Hello everybody out there using minix –  I’m doing a (free) operating system (just a hobby, won’t be big and professional like gnu) for 386(486) AT clones.  ...