An
Embedded System is known to be a microprocessor-based
hardware computer system with software that is intended to execute a specific task, either independently or as part of a larger system. Embedded systems have integrated systems as their central feature. This is useful in performing computing for real-time operations.
But are they secure, and if not, how can we look at its security dimension?
Security problems are growing as more capability is crammed into fewer and smaller device footprints. As suppliers cram more and more functionality into the package with no overall systems engineering and very rudimentary security testing, new features frequently crowd out basic security concerns. If the embedded systems face a security threat, loss can be immense. However, no matter what, your approach to build the embedded system software should not waver due to such situations.
If you have to maintain the application security, it starts from the design itself. You need to look after the security aspect right from the beginning, as you look for the hardware and operating system details. Before that let�s have a look at the vulnerabilities of the embedded system which make it open for security threats.
These are no different from a computer system, which are:
“ Password mechanisms are weak
“ Storage methods are weak
“ Communication channels are weak
The general hacking methodology still applies when testing for embedded system security issues:
“ Locate
“ Enumerate
“ Identify Vulnerabilities
“ Exploit/ Demonstrate
For testing the security of embedded systems, the traditional scanning techniques which are applicable for computer systems might be used as well.
But as we look at the design of embedded systems, we may require more niche tools for the purpose. These may include:
“ Wi-fi analysis tools
“ Bluetooth scanners
“ Network analysers
How to develop the security policy?
These points explain the way you need to start with embedded systems security:
“ In the execution space, there are no untested programmes � Additional than the programmes required to run the functions, there should be no other programmes in a location where they can be executed.
“ Data must be kept secret – Programs should not mistakenly reveal information to one another or to the network.
“ Validate data on both ends � All data must be verifiable and fall within expected ranges, with out-of-bounds data being discarded.
“ Secure devices � Devices should be able to check their integrity throughout the boot process, and they should authenticate themselves before sending or receiving data.
“ Observe the rules � Examine the quality characteristic measures developed by the Consortium for IT Software Quality (CISQ) that may be automated for ongoing security and software quality analysis and mitigation.
“ Take action � If an error occurs, the programme must continue to run while the problem is resolved.
Learn more about Embedded Systems with us!
Register here:
1. Embedded Systems training (45-days)
2. Embedded Systems training (6 months)
