RDK continuously puts efforts to identify and prevent/mitigate several threats including unauthorized distribution, fraudulent access, and data tampering including re-direction to illicit content and Denial Of Service (DOS) attacks in the RDK based CPE.  With Wi-Fi, Ethernet, MoCA, Bluetooth, and other points of ingress to the network available on all CPE, and accessible to any device with the same kind of port, a myriad of additional threats are potentially exposed. Therefore, controlling access to valuable service content, network infrastructure, personal information, Internet traffic, neighboring systems, and a multitude of in-home devices, is critical to everyone’s success throughout RDK Operators. As a result, a suite of specifications and recommendations is provided, covering broad security features such as content protection, digital rights management, software security, and more.

Security Features in RDK

There are many security features in the RDK, and the three major features in the platform are - Containerization, Access Control, and Kernel Hardening. 

• Containerization is a mechanism to achieve process isolation by running a limited set of applications or services within a self-contained sandboxed environment. It is a mechanism of sandboxing processes (isolating processes from each other) by using some kernel features. 
• Access Control refers to the security principle that all software processes should run with the minimum privileges needed for them to operate.  A process should only have access to the data, files, interfaces, and capabilities that it needs and should not have access to data owned by other processes or to other parts of the system.  Processes should not run with root privileges unless absolutely required. The access control can be achieved through security module hooks in kernel which verifies whether the user/process have access to the requested resource on each system call. Using such a standard implementation improves scalability of the stack. Some of the examples are AppArmor, SELinux, Smack, Tomoyo.
• Kernel Hardening refers to the process of strengthening the security of the operating system kernel by applying various techniques, configurations, and security measures. The goal is to decrease vulnerabilities, eliminate risks, and to strengthen kernel to prevent attacks.

Note: The aforementioned security features are by default present in RDK Video releases but are not the part of default configuration in RDK Broadband releases.