Snappy, a software deployment and management system designed by Canonical for the Ubuntu operating system, could be a shortcut to building trusted IoT applications.
The first rule of building a secure and feature-rich ecosystem is software management — push and pull software updates and software discovery through an app store mechanism from a trusted source.
In the go-to-market IoT race, though, that often doesn’t happen. Many Internet of Things (IoT) product developers have ignored the traumatic early history of Microsoft Windows, Android and web platforms, and expoits of IoT devices — because software updates have not been designed in — are regularly reported.
Those earlier platforms have been hardened, updates have been automated, and the app discovery and installation have been made trustworthy. IoT developers need to follow their lead.
The Ubuntu-Core required to integrate Snappy software management system uses 612MB, and snapd, the endpoint software management service needed to interact with Snappy, uses 15MB. The IoT device would need 627MB-plus memory for the IoT app called a snap. Because of memory and computational constraints, it is not a solution for ultra-low-power, small memory microcontroller devices but would work with 32-bit devices like the Raspberry Pi. Nevertheless, a review of Snappy is worth the time because it clearly explains a fairly complete approach to the problem of trusted software management and distribution.
Snappy and its component source code repositories are available on Githubunder a BSD-style license. Open source gives added security because the community of developers can look at the code to verify its integrity and absence of malware, and it can be compiled and adapted for devices not supported by Ubuntu. Snapd will run on other Linux distros, but it is dependent on installing Ubuntu-Core in addition to the distro, increasing memory size.
System components and applications are self-contained (except for the most basic OS features, such as network access) read-only images called snaps.
Snappy uses a confinement and security model.
Snaps run in a secure storage area isolated from other snaps. Snaps can communicate with one another, automatically or with manually set privileges, to prevent exploits using a consumer and provider architecture. Most interfaces are designed for strong application isolation and user control such that auto-connected interfaces are considered safe, and product design and development teams choose what applications to trust and to what extent by manually connected interfaces.
For Full Story, Please click here.