Understanding The Architecture Of Barbara OS

Barbara OS (Operating System) is the core of Barbara IoT technology. It is an Operating System for IoT devices, built in with security from the ground up, and specially designed for Industrial IoTdeployments.

Compatible with modern hardware architectures (ARM, x86), it is remotely manageable from the Barbara Panel dashboard, and it is the perfect enabler for system integrators and device manufacturers who want to accomplish IIoT projects in a secure and easy way.

The following picture depicts the high-level architecture of Barbara OS:

In its core, Barbara OS contains an up-to-date, fully patched Linux Kernel. Most of the industrial devices today run old or unmaintained versions of Operating Systems, and this presents normally the first vulnerability surface leveraged by malicious entities. Barbara IoT patches Barbara OS against zero-day vulnerabilities in record time, and make the new version available to its customers immediately.

Its secure update system allows the deployment of those patches via an encrypted and verified channel from the Barbara Panel. The update packages are also bandwidth optimized with sizes that can be close to 1Mb.

In order to remotely manage user and application configuration changes that go beyond pure firmware updates, Barbara OS includes a secure configuration system. In most of the IIoT deployments today, any single small change includes loading new software physically in the device. With this configuration system, users can securely and remotely update things like application binary packages, environment and application variables, network configurations, and many other software items.

Barbara OS is built with C/C++ compiler collections as well as Python interpreters, that can be used to build applications in Barbara OS powered devices. Furthermore, there is a Barbara SDK (written in C++). This SDK as well as its comprehensive documentation, provide developers with useful pre-built packages and methods that allow easy access to sensor data and actuators, as well as functionality, to send/receive data to/from the cloud.

In order to interact with other devices, the secure communications stack of Barbara OS includes both IoT and Industrial protocols and is in continuous extension. No matter whether it is an IT (e.g. HTTPS), IoT (e.g. MQTT) or OT (e.g. Modbus/TCP) protocol, the stack is implemented in Barbara and accessible for applications.

Barbara OS is equipped with a set of security features that makes it the perfect choice for devices in IIoT deployments with critical privacy or resilience requirements, including:

• Full encryption of all the data (system and user data), both at rest and when traveling through the network.
• A user permission management that clearly segments the data access for user applications running in the device and prevents privilege escalation issues.
• Integrity checks over the system data on boot time by running cryptographic checksums of the actual firmware versus expected values
• Error management through a comprehensive log system that allows detecting potential security-related events or functional issues. Log system could be easily integrated with SIEM solutions.
• An active watchdog based monitoring system that allows reducing the device downtime, being able to autonomous and automatically fix system issues
• Identity and cloud service access control based on cryptographic certificates, whose management is transparent to the end user and remotely manageable via Barbara Panel.

Additionally, for those use cases where a blockchain based on IoT nodes is needed or desired, we have integrated Ethereum’s SDK within Barbara OS.

Last but not least, and similar to the network communication stack, Barbara OS includes a large number of integrations with sensor, actuators and bus drivers, such as GPIO, SPI, various serial ports, Wi-Fi, Lora, 2G/3G, Ethernet and others.

By integrating Barbara OS, system integrators and device manufacturers can benefit from this large set of pre-built capabilities in order to accomplish secure IIoT deployments with minimal effort.

In future posts, we will talk about how easy is building and flashing Barbara OS in a compatible device.

This post was originally published at barbaraiot.com on October 11, 2018. If you like it and want to receive similar content subscribe to our Newsletter