March 24, 2012 -- Many embedded software developers feel that embedded systems security should be handled at the systems-engineering level or by the hardware that surrounds their software. And indeed many things can be done at those levels such as secure network communication protocols, firewalls, data encryption, authentication of data sources, and hardware-assisted control-flow monitoring.
But these traditional techniques aren't enough. Power-consumption measurements, electromagnetic leaks, acoustic emissions, and timing measurements can give attackers information they can use to attack your embedded device.
Clearly then, system-level and hardware defenses are not enough. Most security attacks are known to exploit vulnerabilities within application software. Vulnerabilities are introduced into our embedded systems during software design and development. Since system-level and hardware defenses against security attacks are far from perfect, we need to build a third line of defense by dealing with vulnerabilities in our application software.
By David Kalinsky. (Kalinsky is Director of Customer Education at D. Technical Training.)
This brief introduction has been excerpted from the original copyrighted article.
View the entire article on the EE Times Embedded website.