Security: taking the next steps

2 mins read

Hitex’ ARM User Conference in Warwick is becoming one of the key events in the embedded calendar. The latest event, which took place at the end of November, addressed a range of issues, including complexity in the design process and the new mbed OS for IoT devices.

Ian Johnson, a product manager with ARM, discussed the ARMv8-M architecture, launched last month at TechCon in San Diego. According to Johnson, v8-M brings improvements in the instruction set, the memory protection unit and the security model of Cortex-M processors.

“We are looking to improve productivity and the performance of processors but, more importantly, it’s about bringing greater security to the embedded domain,” he explained.

“Part of improving device security is the ability to offer greater separation and our new architecture can isolate the resources you trust from those you don’t.”

Trusted software is software that has been well tested, perhaps certified, and is usually run in conjunction with hardware offering a cryptographic function, Johnson went on to explain.

While it was vital to reduce the attack surface when it came to embedded systems, he warned that while v8-M improves levels of security, ‘it should be seen as the foundation for improved levels of security, not a solution’.

Johnson explained that ARM was bringing optional security extensions to embedded processors through its TrustZone Technology and would be enabling the containerisation of software and the simplification of security assessments of embedded devices.

Security was discussed at length during the event. Haydn Povey, CEO and founder of Secure Thingz, said the IoT had been described by the UK’s intelligence services as a ‘slow motion train wreck’.

He warned that robust security would be possible only if it encompassed the full lifecycle of devices and systems, especially when it came to multivendor devices and those which are managed remotely.

According to Povey, while designers would endeavour to deliver secure applications, they were not infallible. “You have to make the presumption that all systems will be compromised and, as a result, systems must be designed for recovery, update and remediation.”

In a wide ranging presentation, Povey pointed to numerous hacks that had had an impact on the real world – from personal identity theft to the failure of industrial systems. “The worry is that if you can’t trust your data, the idea of big data and the benefits derived from it will be compromised. ARM’s v8-M architecture and approaches like it are a start in providing the security we need. But a lot more needs to be done.”

In his keynote address opening the conference, Hobson Bullman, general manager of ARM’s development solutions group, talked about trends in software development tools and how to best deal with growing design complexity.

“Using the right tools is crucial,” he said and warned that ‘complexity was affecting all embedded systems’.

He said that, in future, engineers would have to be able to address the need for enhanced security, embrace higher level languages and be prepared to work with more standardised IoT platforms.

“When we talk about embedded security, that will include encryption, the virtualisation of secure software, reducing the attack surface and providing secure debug – not opening your systems to attack will be crucial.”