Security took center stage at the Embedded World show in Nürnberg this week, with a number of vendors launching software intended to help protect against hacks.
A number of high-profile hacks on cars, most recently the Nissan Leaf, have put the focus on embedded systems security although a survey by Barr Group indicates that the sudden shift in focus on the sector caused by the publicity around the internet of things (IoT) has yet to ripple down into the majority of design projects.
The survey, which will be the focus of a webinar on March 8, covered 2400 engineers, with close to half of them based in North America and a third in Europe. Thirty one per cent of them reported that security is a design requirement serious enough to delay a release. And fewer than 40 per cent submit their source code for review by their peers, with less than half using static analysis tools to check for common flaws.
Andrew Girson, Barr Group’s CEO, said: “The results of this survey indicate that the attention paid to safety and security issues in the design of embedded devices, particularly those that connect to the Internet, is not what it should be.”
Where security has become a design requirement, separation kernels have become an important tool for developers trying to cope with large code bases that are practically impossible to verify for their security. By parcelling critical functions into a different memory space, protected by a hypervisor, it provides a smaller amount of code that needs to be verified and tested exhaustively for faults.
Green Hills Software continues to develop its Integrity RTOS the the Multivisor as a separation kernel for secure systems. The company has ported the software and supporting infrastructure to the NXP i.MX7 family of ARM-based processors.
Lynx Software Technologies has released version 5.3 of its LynxSecure separation kernel hypervisor, claiming the technology can extend the separation of domains to the network interface. In its simplest configuration, LSA.Connect can be used to encrypt network traffic without exposing a large attack surface to malicious agents by housing the network encryption algorithms in their own secure domain, away from both the operating system connected to the internet and the encryption keys themselves.
In a more sophisticated configuration, LSA.connect can be used to extend the principle of domain separation to the network, by supporting multiple isolated encryption tunnels over a single physical network connection, again each housed in their own isolated domains.
Will Keegan, director of software security at Lynx, said, “As an example of multi-stream communications, a connected car could take advantage of separate domains to implement firmware updates, the communication of telematics data, and the transfer of downloadable content for in-vehicle infotainment, all using dedicated secure encryption tunnels.”
To support encryption over the network, HCC Embedded has added to its portfolio of existing network stack software with an IPSec/IKEv2 implementation. IPSec provides a secure virtual channel for embedded data applications.
HCC’s IPSec module with IKEv2 support provides all database management functionality required to administer the storage of authentication certificates and encryption keys and works with the company’s Embedded Encryption Module (EEM).
As with previous software modules, HCC used a formal development process on the IPSec project. The company delivers its IPSec/IKE module with a static analysis report based on full MISRA compliance to help developers ensure that their data is less susceptible to security risks.
The recent launch of Trustzone for Cortex-M processors by ARM will extend the core concept behind separation kernels into relatively low-end devices. It will take time for cores to appear that use the hardware-enforced system. Express Logic provides support for a degree of separation on existing Cortex-M cores through its handling of memory partitions.
The X-Ware Secure Platform uses the Cortex-M’s MPU to assign memory range (partition) boundaries to non-trusted code, preventing such code from accessing code or data outside of its own partition.
In order to permit this “managed code” to access RTOS services and exchange information with code in trusted regions, the X-Ware software provides a remote-access mechanism. This allows RTOS services to be performed for the requesting code while preventing the requesting code from having direct access to the RTOS or other trusted data and code regions. Express Logic claims this makes it possible to create spaces that can be protected from software infiltration.
To support secure boot on the µC/OS-III RTOS, Micrium has worked with Icon Labs to integrate the Floodgate Security Framework. The framework provides security management, secure boot, intrusion detection, secure firmware updates, and an embedded firewall.
To support development processes that use static code checks, LDRA’s version 10 tool suite adds functions to check for mistakes that often lead to security vulnerabilities.