Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > Embedded

Securing systems for networks

Posted: 17 Apr 2006 ?? ?Print Version ?Bookmark and Share

Keywords:rick gentile? dave kleidermacher? analog devices? adi? green hills software?

Embedded-systems designers often believe they must make difficult trade-offs among security, reliability and time-to-market. Most decide to put time-to-market first and "good enough" reliability second, leaving security a distant third.

This neat trick can be accomplished only if you choose the right architecturea combination of processor, operating system and software componentsand only if you start by designing for high levels of reliability. Some amount of reliability can be "tested in" for a product, using traditional architectures and development techniques. But high reliability has to be designed in from the start.

Embedded-systems designers need the ability to partition, isolate and separate, not just modularize. For the highest levels of reliability, you need to put modules in memory regions isolated from one another. You need to use the processor's memory management hardware, along with a suitable OS, to control communications and the use of machine resources, and to enforce separation.

? Modularize. And then, partition your design so that each module is isolated from all the others, carries out a single function and can be restarted by a watchdog process. If the module fails, its watchdog restarts it. As a result, your system is more reliable than its least-reliable component.
? Keep your modules simple. Complexities create vulnerabilities (a security concern) and non-repeatable behavior (a development and reliability concern). Developing a heterogeneous multicore design adds complexity. Make sure you got the necessary processing power in a single processor to avoid that source of complexity.
? Make sure you're using a processor and OS with non-bypassable memory management. Building a non-trivial, reliable or secure product without memory protection is impossible. Memory protection lets you partition your system and practice "defense in depth" so that a vulnerability in one part of the system can't cascade to affect the rest.
? Keep everything out of the kernel. The kernel is the only component of your system on which every other part of the system depends, so it has to be rock solid. Anything that you run in kernel space can only lower reliability and open the door to security problems.
? Choose a kernel architecture that has met recognized standards for security and reliability. Anyone can claim to have a reliable, secure OS, but few have independent verification of their claims. In the security domain, choose an architecture based on the Protection Profile for Separation Kernels being developed by the National Security Agency.
? Use tools that will enforce a high-security coding standard. Misra C is a safe subset of C developed by the Motor Industry Software Reliability Association for the automotive industry, where much code is reliability- and safety-critical. Use the Misra standard internally and choose tools that enforce it.

? Underestimate the value of reliability. Not only does it make products more popular and more profitable, but it can also reduce development headaches.
? Put off testing and fixing bugs until the product is "feature-complete." Products get to market faster when you start them as reliable (with a reliable kernel) and keep them reliable as you develop them, using tools such as memory leak detection and runtime error checking, along with hardware protection, to help find bugs early. If an engineer adds a bug to a flawless product, you can spot it quickly and fix it as soon as you see it.
? Think that your network product can't be a target. It may not contain valuable data now, but just by being on a network, it may provide access to information outside of your product. And as your product matures, it may have information that makes it worth attacking for its own sake.
? Underestimate threat technology. It's evolving at a furious pace. And as the technology grows more sophisticated, it may become economically worthwhile to breach uninteresting targets, such as your product.
? Think that you can re-architect for security or reliability later. Of course, systems with the very highest levels of security need a reliability- and security-oriented architecture, and thus require a rigorous and costly development process. But any products with high functionalityincluding consumer and industrial-control productscan benefit from the same underlying technology, albeit with a more economical development process.

Rick Gentile
Analog Devices Inc.

Dave KleidermacherVP of Engineering
Green Hills Software Inc.

Article Comments - Securing systems for networks
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top