Isolated Partitioning of Firmware Improves IoT Device Security

June 8, 2022June 4, 2022 ~ Ralph Moore ~ Leave a comment

There are two methods for improving IoT device security: secure partitioning and secure coding. The latter seems to have gained favor, not only for cloud software, but also for IoT device firmware. This may be because there has not been an effective firmware partitioning solution for microcontroller-based devices using memory protection units (MPUs). We are … Continue reading Isolated Partitioning of Firmware Improves IoT Device Security

Let’s KISS

February 14, 2022February 14, 2022 ~ Ralph Moore ~ Leave a comment

Keep It Simple Stupid has been the motto of many engineers, dating back to Kelly Johnson, who coined the KISS acronym at the Lockheed Skunk Works in the 1960s. It means that simpler designs are better. What we first create is usually complicated. Refactoring it makes it simpler and simpler. This is better because it … Continue reading Let’s KISS

Ten Windows

February 1, 2022May 4, 2022 ~ Ralph Moore ~ Leave a comment

I recently read Viewpoint: IoT and the cybersecurity industry’s hardware blind spot by Shahram Mossayebi. It is well-written and informative. Although the Hardware Root of Trust (HRoT) based upon immutable device identity, as discussed in this article, may be essential, I don’t think it is the complete solution for security of IoT devices. It does nothing … Continue reading Ten Windows

Improving IoT Device Security

December 8, 2021February 8, 2022 ~ Ralph Moore ~ Leave a comment

I just read a very good article, Supply Chain Security Guidance, by the staff at Finite State, Inc. This article brings home the massive impact upon embedded devices that President Biden’s Executive Order on Improving the Nation’s Cybersecurity will have. I think it is clear from this article that very few existing connected devices are … Continue reading Improving IoT Device Security

Get Along Little Dogies

November 19, 2021February 12, 2022 ~ Ralph Moore ~ Leave a comment

Is it time to herd your CWEs (Common Weakness Enumerations) into a safe coral where they won’t trample your code? In a recent report, 918 CWEs have been identified and documented by MITRE, and more are being identified regularly. Of these, 418 are classified as software weaknesses. Each weakness is described in a separate document, … Continue reading Get Along Little Dogies