In VxWorks, which I have used for many years, the Ethernet ISR does very little work – it wakes up a task dedicated to processing network input and disables the interrupt, until the network task has finished processing all input. It is advantageous to be able to control the scheduling priority of this network task such that any unexpectedly high network traffic does not impact real-time critical processing. This technology has been available with VxWorks since the mid-80′s, and has given it a great competitive advantage, as was the fact that it was the first RTOS to be integrated with Ethernet and TCP/IP.

Karim, security does not have to be an add-on piece of software, this is a misconception arising from the PC industry. If you look at this not just as security (i.e. the protection against intentional harmful act) but as quality (protection against inadvertent malfunction or accident), you may get at a better starting point.

Here is an anecdote: many years ago a worked for an industrial equipment maker who produces machines that make use of extremely dangerous materials – they were not nuclear, but they were explosive and toxic at the same time. So in theory at least one might see those as prime targets for subversion. At the time however our main concern had been with inadvertent malfunction (i.e. quality), but the solution is equally effective for sabotage prevention. There is a tiered system of protections put in place using mechanical, electrical and software interlock mechanisms that all work with the aim to prevent any situation that may lead to an uncontrolled reaction (explosion) or leak of toxic materials. Also, these machines are networked with TCP/IP, but are only connected to isolated networks. The worst that could happen if any software element misbehaves in any way is that some production batch will be botched, or the machine will need to undergo several hours of “cleaning” before it can resume production, but nothing more. Electrical circuits with hard-wired logic protect the machine from any serious damage to itself or its environment, and on top of that certain extremely dangerous conditions are prevented mechanically. Of course if an authorized person sabotages the mechanical and electrical interlocks, they do not really need to hack the software or synthesize a DDoS attack to make the thing go boom.

In summary, the need for reliability and safety in embedded systems has addressed the security aspect implicitly already, in most instances. This is in contrast to the PC industry where very little attention to quality has been paid, and where the cost of an failure or accident was considered low enough to ignore.

On the other hand to protect networks that monitors and/or controls high importance systems like a network of controllers inside nuclear reactor or even the car network the best way is to run the security application (e.g. firewall) through the main server and let it responsible of the intrusion protection, will reduce both computation load and resources management at the embedded device side, one other option is to isolate networks of strategic sensitivity (national security related projects, infrastructure) from global and public networks to minimize the risks of intrusion/viruses/malware/hacking, thats safer and preferable solution by many organizations.

My point is to try to minimize the network security load required from the embedded device and save resources cause the risks that endanger networked embedded devices aren’t the highest concerns and priorities in the current world cyberspace security or embedded systems, however I claim its important as you said from long term aspect.

cheers