Is it time to herd your CWEs (Common Weakness Enumerations) into a safe coral where they won’t trample your code? In a recent report, 918 CWEs have been identified and documented by MITRE, and more are being identified regularly. Of these, 418 are classified as software weaknesses. Each weakness is described in a separate document, … Continue reading Get Along Little Dogies
pmode partitions may be just as effective as umode partitions for reliability; however, umode partitions are much better for security for the following reasons: The hardware enforced pmode barrier prevents umode access to pmode data and code.The MPU cannot be turned off nor altered from umode.The Background Region (BR) is ineffective in umode. These combine … Continue reading Moving Uptown to Umode
It is now possible to greatly increase the security of FreeRTOS projects by porting them to SecureSMX®, using FRPort™. SecureSMX facilitates partitioning an application into isolated partitions. This provides strong protection against hacking since a hacker can only access code and data within the partition that he has entered. In this solution paper, we discuss … Continue reading FreeRTOS Security? Not To Worry
SOUP (Software of Unknown Pedigree) is often incorporated into embedded system projects due to schedule pressure, lack of in-house expertise, or for other reasons, and it ends up in the final product. Such third-party software may be carefully designed, documented, and commented, but it remains a mystery to your team because no one has time … Continue reading What’s In Your SOUP?
Many Things are embedded systems to which networking has recently been added. As such, hackers coming in via the Hacker’s Highway (aka the Internet) can overcome the weak defenses of such systems and gain access to critical information such as encryption keys. As a consequence, entire networks can become compromised all the way into the … Continue reading Where’s The Gold?
Introduction The figure below shows the security structure of typical microcontroller embedded software. There is no structure! A hacker who has gained access to the system, has access to anything he wants, including keys and other secrets. This undermines the security afforded by encryption, authentication, and other security methods employed in modern systems. This figure … Continue reading Is Your Thing In Danger?