246 posts categorized "Embedded System Engineering"

12/12/2014

Intel’s IoT Platform Extends Security Toward Edges

At a press and analyst event in San Francisco on December 9, Intel announced its “IoT Platform” reference model. The model is horizontal in scope, encompassing numerous technologies applicable to everything from edge devices to gateways to the cloud. In addition, it is intended to be a modular approach, such that Intel’s hardware and software components (including those from subsidiaries Wind River and McAfee) can be mixed with those of other vendors. For example, a customer could deploy its preferred gateway devices not limited to those based on Intel’s Moon Island design, while remaining compatible with Intel’s reference model. We won’t attempt to describe the entire Intel IoT Platform in this blog post, but we’ll focus on a couple of security aspects announced. (Readers can find the full Intel press release here.)

  Intel-McAfee Security Execs

Intel executives discuss IoT Platform security: (left to right) Lorie Wigle, VP of IoT Security Solutions; Steve Grobman, Intel Fellow and CTO for Security Platforms and Solutions; and Luis Blando, SVP of Intel Security Group [McAfee].

As part of the latest announcement, McAfee’s ePolicy Orchestrator (ePO) is being extended into IoT gateways. ePO is software for security management, enabling centralized deployment and control of security policies, as well as monitoring of endpoint security status. Previously, ePO was intended for enterprise IT networks, but the announcement means that it can now encompass a much wider range of industrial and commercial IoT networks. In VDC’s opinion, this could help ease integration between IT and OT (operational technology) departments when transitioning standalone OT systems into IoT systems. OT could maintain functional control over the gateways and edge devices, while IT institutes improved access control between the gateways and enterprise network assets.

A second notable security announcement was that Intel Security will now license its Enhanced Privacy Identity (EPID) technology to other silicon vendors. EPID is a form of remote anonymous attestation using asymmetric (public key and private key) cryptography, through which central systems can confirm the integrity and authentication credentials of remote devices, without those devices having to reveal their identities or those of their owners. (One common use for anonymous attestation is digital rights management for content protection.) Anonymous attestation requires security hardware, such as a CPU with a Trusted Platform Module (TPM) or Trusted Execution Environment (TEE), for which Intel of course is a prime supplier.

EPID can create groups of devices, where a single public key can work with multiple private keys, i.e. one assigned to each device within the group. The mathematics behind EPID is complex, but for those interested, we suggest checking out the article, “Enhanced Privacy ID: A Remote Anonymous Attestation Scheme for Hardware Devices,” by Intel’s Ernie Brickell and Jiangtao Li (Intel Technology Journal, Volume 13, Issue 2, 2009, pp. 96-111). The chart below from that article summarizes how EPID differs from other attestation technologies, including Direct Anonymous Attestation (DAA).

  AttestationComparison
Chart source: Intel Technology Journal

Intel has not yet disclosed licensing terms for other chip makers to use EPID, and onerous or expensive terms could limit its acceptance. However, VDC believes that EPID could be applicable to many IoT scenarios where a central system needs to trust remote devices owned or operated by others. This type of function will become increasingly important as interested parties seek to extract shared or publicly provided data from private IoT devices.

Although numerous security technologies from many vendors are taking hold in the IoT, Intel is uniquely positioned in this market by virtue of its presence at both the network/system level (McAfee, Intel Server Systems) and the device level (Intel CPU hardware, Wind River software). Intel says, for example, that its existing McAfee Embedded Control software for application whitelisting is used by about 200 device manufacturers. Intel’s IoT Platform is the latest evidence that the company will remain a force to be reckoned with in IoT security.

11/25/2014

Where's The Action On Security Concerns?

Recognition of Software Security Issues Are High; Mitigation is Not

I read an interesting report from Spiceworks recently about mobile security actions by IT departments...or perhaps, lack of actions might be more accurate. The report, which is free to download, shows that nearly all IT professionals are worried about security risks affecting mobile devices supported by their company. However, this level of concern vastly outweighs the level of action their organizations have actually taken to lessen security threats.

This central finding, while disappointing, does not come as a surprise. Year after year, we see a persistent gap between awareness of software security importance and the steps taken to mitigate these issues. To help inform our analysis of the software and systems development market, VDC conducts an extensive end-user survey of global development community. In 2014, only 7.7% of embedded engineers surveyed considered security “not at all important” on their current project; just 2% of enterprise/IT developers felt the same way. Yet 22% of the respondents in embedded and 12% from enterprise report their organization has taken no actions in response to security requirements on their current project.

Picture3 - ATVT security

Need to Close the Awareness – Action Gap

The potential financial and safety impacts of software vulnerabilities have been clearly demonstrated by several recent and very public cases. Incidents, such as those exposing customer data from major retailers and software-related automotive recalls can dominate news cycles, damage brand equity, and more importantly - risk lives.

A growing reliance on software for embedded device functionality and to manage financial data has raised the importance of actively addressing security considerations during software design. Unfortunately, the velocity of software innovation is outpacing the application of safeguards and challenges continue to mount. Code base volume and complexity continues to rise. Development teams are increasingly utilizing alternative code sources including open-source software to meet their time-to-market windows. The number of potential entry points for malicious activities is increasing exponentially as more connected devices are deployed as part of the Internet of Things (IoT).

Teams designing software for the IT or embedded markets should start testing for security vulnerabilities early in the development lifecycle when resolution is the least costly. We recommend static and binary analysis as effective tools for finding the most common security defects such as buffer overflows, resource leaks, and other vulnerabilities. Use of these solutions should be incorporated as part of a comprehensive testing regime. Undoubtedly, the ramifications of software vulnerabilities are too severe to leave addressed by manual processes or chance.

 

More insight and Recommendations

For further investigation and discussion about this and other important trends in the automated test and verification tool landscape, as well as other disruptive shifts in systems lifecycle management, please see our 2014 Software and System Lifecycle Management (SSLM) intelligence service.

09/23/2014

VDC Research is Attending ARM TechCon 2014 in Santa Clara October 1-2

We are attending ARM TechCon 2014 in Santa Clata

ARM TechCon 2014 at the Santa Clara Convention Center is designed to facilitate collaborative design by connecting the hardware and software communities in one event. The event delivers a comprehensive forum created to ignite the development and optimization of future ARM-based embedded products. The conference includes about 75 intriguing sessions offering insight and education into new products, advanced development techniques, security issues, and much more. For more information about ARM TechCon 2014 and to register for the event, click here.

Contact us directly to schedule a meeting!

We would like to learn more about your company’s solutions and personal experiences, and we welcome the opportunity to meet attending vendors. VDC will be at the conference on Wednesday, October 1st and Thursday, October 2nd. Please contact us directly if you would like to arrange a meeting.

Contact Steve Hoffenberg, Director, M2M Embedded Software, VDC Research Group at shoffenberg@vdcresearch.com or 508.653.9000 x143.

About VDC Research

VDC has been covering the embedded systems market since 1994. To learn more about VDC’s coverage of Embedded Hardware & Platforms, check out our website here, and to see what other research and products are offered by VDC Research’s Embedded Hardware and Software practices, click here.

09/18/2014

Tasktop unveils new Tricentis offering

Yesterday, at Tricentis Accelerate 2014, Tasktop previewed an upcoming release of Sync featuring increased integration of the Tricentis Tosca Testsuite across multiple software delivery disciplines and tools. Tasktop’s Sync platform provides authoring tools for tasks, data, workflow connectivity and integration between multiple Application Lifecycle Management solutions. Its new partner, Tricentis, is known for its software testing solutions to accelerate business innovation. The partnership between Tricentis and Tasktop represents an exciting advancement along the path of broader Agile and DevOps adoption within the software development industry.

The two companies first partnered in February 2014, to provide a combination of Tricentis Tosca Testsuite and Tasktop Sync. The new software offers a means of automated functional testing in Testsuite and a platform for collaborating across the multiple disciplines of software development with Sync. The evolution of software development has revealed a clear problem of the integration of tools across the design of software. The partnership of Tasktop and Tricentis is an example of a method of addressing this issue. Their tools enable collaboration and testing across different components, removing a disconnect that has hampered software development in the past. We think this software integration can help developers using Agile or DevOps methods to continue to deliver thoroughly tested solutions for customers more rapidly, ultimately lowering the risk of business failure.

 

Upcoming VDC Research reports

In the next few weeks, the VDC M2M and Embedded Software team will publish several reports analyzing important trends impacting the software and system development tool landscape such as the growing need for improved tooling integration. These reports, listed below, also provide VDC’s granular market estimates and growth forecasts through 2016.

  • Automated Test and Verification Tools
  • Software and System Modeling Tools
  • Requirements Management/Definition and Source/Change/Configuration Management tools

To learn more about the research and products offered by VDC Research’s Embedded Software & Tools practice, click here.

 

By Joseph Botsch, Research Assistant and

André Girard, Senior Analyst

 

07/21/2014

VDC Embedded Jama Software Webinar

How to Understand Requirements Management to Develop and Deliver Faster

For Embedded Systems Developers, Time to Market is Critical. Learn the No. 1 Strategy to Develop and Deliver Faster.

During this free webinar on Wednesday, July 23 at 1:00pm ET / 10:00am PT, VDC Research analyst André Girard and Jama Software co-founder Derwyn Harris will present on the growing necessity for requirements management (RM) tools in the face of today’s increasingly complex code bases, distributed development teams, and stricter budgets.

OEMs are facing constant pressure for innovation even with tight budgets, and they are dedicating more of their resources towards software development. Despite the importance of well-written requirements in the software development lifecycle, usage rates of RM tools are still dangerously low, with only 23% of embedded engineers polled by VDC in 2014 indicating they were using a formal RM solution on their current project. To meet demands for an accelerated pace of software content creation, developers will need to better utilize RM tools to monitor and manage the development lifecycle from beginning to end.

This webinar will explore: 

  • How has the software development process changed? 
  • What challenges are OEMs facing today? 
  • How do RM tools help deal with these challenges? 
  • How can RM tools save time and money for OEMs?

Tune in to this webinar to learn the answer to these questions and more. Those who register for this webinar will also receive a free copy of VDC Research’s report, “Pinching Pennies on Requirements Management is Too Costly”, by André Girard.

Click here to register for the webinar. To learn more about the research and products offered by VDC Research’s Embedded Software & Tools practice, click here.

 

Patrick McGrath

Research Associate, VDC Research

06/18/2014

IoT Necessitates Changes in Both People and Technology

The requirements of the devices composing the Internet of Things are changing rapidly. The embedded market no longer consists of dedicated-purpose devices that may or may not be connected. Engineering organizations and deploying enterprises must now design scalable system topologies that can integrate new devices and adapt to the IoT’s evolution. While these next-generation systems are required to facilitate downstream device/node management as well as efficient upstream data transfer and analytics, they must also do so dynamically, allowing for more intelligence and flexibility in node role and workloads within sub-network architectures.

This recognition of a need for change in legacy technologies can already be seen in the shift in programming languages used by embedded engineers. In the past five years, the percentage of engineers using Java in the embedded market has more than doubled. Embedded industry stalwarts such as C will certainly maintain a substantial footprint going forward given the existing software assets and expertise at OEMs, but the results confirm that the market is rapidly looking to new and/or multi-language development to satisfy the requirements of next-generation projects.

Picture1

IoT Skill Set Gap Exacerbated by Existing Embedded Resource Gap

The existing embedded engineering resources unfortunately cannot keep pace with the IoT’s time-to-market and content creation requirements. Already this community has been struggling to meet the needs of pre-IoT development projects. Now, the industry is faced with a dynamic in which not only does it need more efficiency, but the existing population of embedded engineers also cannot scale organically to meet the new software content creation requirements. Today, there are just over 1 million embedded engineers globally, with only 35% of that community holding software engineering-specific primary roles. In order to adapt to the new IoT development demands and respond to this dearth of traditionally skilled resources, OEMs must look to new labor pools.

The global Java community, which is estimated to consist of approximately 9 million developers, offers an opportunity to draw upon an increasingly relevant labor and expertise pool. The value of traditional embedded engineering skill sets has already been partially devalued due to IoT system evolution. Now, knowledge of connectivity stacks and UI development often must be placed at a premium over skills such as footprint optimization. Furthermore, technology like Java’s virtual machines create an abstraction layer that can reduce hardware dependencies and the subsequent rework and optimization that would have previously required more traditional embedded firmware engineers. Despite the already rapid adoption of Java (by embedded standards), we believe that the impending blurring of the distinction between embedded and IT Java developers will reinforce the technology’s adoption and relevance going forward. The wide access to the existing ecosystem of Java tools and third-party software, combined with a growing embedded partner ecosystem spanning semiconductor/IP companies, tool, and hardware/system manufacturers will no doubt further reduce switching costs and any lingering reservations held within many embedded industries.

We will be exploring the business and technical impact of the IoT in a webcast tomorrow with Oracle:

Date: Thursday, June 19, 2014 

Time: 9:30 AM PDT, 12:30 PM EDT, 17:30 GMT

Join this webcast to learn about:

  • Driving both revenue opportunities and operational efficiencies for the IoT value chain
  • Leveraging Java to make devices more secure
  • How Java can help overcome resource gaps around intelligent connected devices
  • Suggestions on how to better manage fragmentation in embedded devices

Register here:

http://bit.ly/1oOuuS9

05/16/2014

Agile in Embedded: Slow to Adopt, Fast to Spread

VDC just recently completed an in-depth analysis into the use and trends around Agile and DevOps methods in the embedded systems market. It is an exciting space with a number of dynamic changes underway as OEMs investigate new ways to improve the overall efficiency of systems development in the face of pressing time-to-market, process standard, and complexity challenges. We have a lot of compelling findings that demonstrate the growing use of Agile, DevOps, and other collaborative approaches across the embedded landscape.

As we dug deep into the data an interesting theme kept linking the findings…collaboration is contagious.

Challenges unique to the embedded market impeded early Agile adoption and, in many cases, will preclude full adherence to the methodology. Nevertheless, once iterative software development practices are successfully introduced, embedded engineering organizations are soon looking into additional ways of improving efficiency through expanding collaboration. Time and again, the initial taste seems to spur more interest. 

Importance of scaling Agile within organization, by use of Agile

Agile blog exhibit

The same spirit of reflection and refinement of processes that are central principles in the Agile methodology are encouraging users to investigate new approaches like scaled Agile, cross-domain integration, and DevOps. Many organizations that introduced Agile on a limited basis are now focused on scaling it to more of their organization by implementing the processes more deeply in existing projects, and expanding use of Agile methods to more teams and projects.

More insight:

Findings from VDC’s 2014 Software and System Development survey helped guide the above analysis. This year, over 500 engineers from a wide range of industries provided invaluable insight into their development and tooling plans, preferences, and pain-points. The full data set from this extensive, global end-user survey is provided to clients of VDC’s Software and System Lifecycle Technology and Engineering Trends Analysis reports. For further investigation and analysis about these trends, please see our most recent report, Agile and DevOps for Embedded Systems, which is available now. 

12/12/2013

Cross-domain integration: the new look of engineering

The benefits of enhanced integration and collaboration between different engineering disciplines are undeniable. A cross-domain integration approach is becoming more important and beneficial as products become more complex. To ensure that products function properly, it is imperative that developers understand how the software, electrical, and mechanical components work together. Using cross-domain integration, product developers are more efficient while also addressing the concerns of both managers and end users, helping ensure that the product is the best it can be.

In VDC’s 2013 Software and System Development Survey, 45% of the respondents indicate the biggest advantage of cross-domain integration is an improved overall design, followed by improvement in the overall product management at 38%. Increased communication and collaboration among different engineering disciplines leads to organizations better connecting the separate silos of knowledge from each domain. This leads to better coordination of the software, electrical, and mechanical components, as well as a greater awareness of the impact changes in one domain will have in another. As a result, organizations are able to see improved product quality and less product failure. Another main advantage is improved traceability (35%), which is becoming more prominent as the number of process standards increases in industries such as automotive and medical.

Despite the benefits and increasing use of cross-domain integration, universal adoption is not right around the corner. Overcoming companies’ current organizational structures is extremely challenging. Many organizations have been working in separated engineering teams for years, with each team having formed distinct policies and procedures.  However, the possibility of greater engineering synergies and improved product quality is enough for most organizations to realize the potentials of cross-domain integration.

By Sarah Foreman

Research Assistant, M2M & Embedded Technology

10/24/2013

Android to Transform Medical Device Market

In an increasingly mobile environment infused with continual technological innovation, OEMs are considering new platforms to develop embedded systems. While there are various platforms to choose from, Android has emerged as the foundation of many new embedded systems. It boasts natural advantages compared to other operating systems – iOS, Blackberry, and Windows to name a few – such as its robust open source user-interface, integrated connectivity, and royalty-free licensing, which can minimize cost and provide OEMs flexibility as they try to fit technology to specific industry needs.

Emerging tools in the medical space mark the potential innovation Android can bring to health care. New diagnostic methods and software systems in mHealth (mobile health) help medical care become more accessible to consumers. Android provides a flexible environment for developers and integrated connectivity between devices, making it a preferable tool in mHealth. Android-based applications can perform various functions, from simple tasks such as keeping track of medication schedules to more advanced measurement capabilities. Consumers can attach different add-ons to their Android devices and track vitals in real-time, from blood pressure and glucose level assessments to even ultrasound imaging.

OEMs can further streamline healthcare by creating embedded systems that perform multiple functions. Rather than switch between individual add-ons to test blood pressure and glucose level, doctors would be able to use a single device and even track results that can be shared to all of the user’s Android devices. Android systems provide great user interfaces and connectivity, two key parameters OEMs are considering in developing new medical devices. Although smartphones and tablets comprise of most of the current Android market share, medical devices exhibit the highest predicted growth at 71.7% annually.

While medical devices are a prime use-case for Android, the market is still in its infancy. OEMs remain reluctant to redesign systems to run Android (or any new OS) as it often requires considerable customization. Decisions by Google and other key market participants will also hold an influence and shape the growth of Android as a software solution.

Beyond the medical space, Android OS is expanding into other markets such as connected car systems and situational awareness systems. To better understand more specific drivers of Android adoption in the medical space and others, please read through the report's executive brief. The full report, Android in the Embedded Systems Market, discusses global market trends, device class forecasts, and important insights about ecosystem participants and end-users.

by Howard Wei

10/22/2013

Outsourced Code Development Driving Automated Test Tool Market

The M2M embedded software team here at VDC Research just published a new report, 2013 Automated Test & Verification Tools (ATVT), volume 3 of our Software & System Lifecycle Management Tools intelligence service. The report looks into the most critical trends and market drivers impacting the rapidly evolving use of dynamic test and static analysis tools in the embedded and enterprise/IT markets.

We expect revenues for several product segments within ATVT to expand at a double digit growth rate over the next several years, fueled by a number of factors.

One of the primary challenges fueling ATVT use is that code bases are expanding in size and complexity as software comes to account for an ever greater percentage of system value. Companies face increasing pressure to deliver more advances through software, and to do so faster. These organizations are looking to several strategies, such as off-shoring to accelerate the pace development while remaining within budget. This outsourcing of embedded systems development enables the use of skilled engineers available at considerably lower labor rates found in the international labor market.

Untitled png


The challenge of coordinating geographically distributed development teams is one of the factors that we continue to see as a major driver for increased use of formal lifecycle management tools. Our research shows project teams with geographically distributed team members are more likely to use automated test tools than those all sharing the same location. We expect it will become increasingly critical for vendors to ensure their test platforms provide the reliable, scalable performance required to execute and manage tests for large installations across distributed geographic locations. There is opportunity for ATVT suppliers to increase revenue and gain market share by providing solution suites with the functionality these customers demand. Many of these organizations will need broader solution suites that enable creation of software code governance, policy definition, testing against those policies, and enforcement of quality, security and efficiency metrics.

More insight

For further investigation and discussion about these trends and others, please see our recently published report, 2013 Automated Test and Verification Tools, volume 3 of our 2013 Software & System Lifecycle Management Tools Market Intelligence Service. This report analyzes the emerging trends for commercially available testing tools, including static analysis, dynamic, and model-based tools. It also covers the previously mentioned tool types used for general software quality testing and defect detection as well as those used for application security testing and vulnerability management.

Please contact us for more information.