Skip to content

How AMNESIA:33 Does affect TRENTOS (NOT)

AMNESIA:33 is the second time in 2020 (remember Ripple:20) where IP Stacks integrated in embedded software produce severe security issues. As the picoTCP Stack from Altran is integrated in our microkernel-based operating system TRENTOS which is targeting the high security market, TRENTOS is affected by those issues as well.

But wait: We say TRENTOS is based on a formally verified microkernel with guaranteed security features – How come we are affected by security issues like any other platform?

The point is: we are not. When we were informed about AMNESIA:33 it took us only hours to analyze the impact of those severe security issues on our operating system. The results of that analysis can be seen as a real-world confirmation of microkernel based security mitigations (see 1). In the mentioned paper, existent Linux CVEs are analyzed for their criticality in microkernel based operating systems; showing that for the most of them their criticality is significantly reduced. However, this was done analyzing existent vulnerabilities of the past.

For AMNESIA:33 we can confirm those results by a live example: Out of the 10 vulnerabilities reported for PicoTCP, 8 are not existent within the TRENTOS Software as unused functionalities are disabled and hence aren´t usable. The remaining vulnerabilities are Partially migrated by Microkernel (CIA –confidentiality, integrity and availability), lowering the impact of possible exploits to an “A” score – which means that Denial of service attacks may be possible, but only have an impact on the availability of the IP Stack component; not the whole system.

 So our microkernel – based operating system architecture protects our clients systems from being exploited even by such critical vulnerabilities of untrusted components.

Nevertheless, a fix for the remaining vulnerabilities with lowered impact has been distributed already to our customers and is of course integrated in current and future versions of TRENTOS.


Share on facebook
Share on linkedin
Share on email

Leave a Reply

Your email address will not be published. Required fields are marked *