1. A safe embedded system is one that is designed to prevent heavy damages through measures like fail-safe behavior, redundancy, and clustering. It requires complex hardware, software, development rules, and certification. 2. A secure embedded system protects data, access, and communication through high assurance computing that considers security early in design. It provides protection before corporate firewalls. 3. Major provisions for safety include fail-safe behavior, redundancy, clustering, radiation resistance, supervisors, diversity, determinism, and event logging.

1. 5 Thingsto Know about
Safety and Security of
Embedded Systems

2. Done by MEN
A secure system is one where the features are
relatively inaccessible to unauthorized users,
therefore the system is protected.
A safe system needs to be secure, whereas,
a secure system may not need to be safe
depending on the application.
Safety and Security of Embedded Systems

3. 1. What are the main characteristics of a safe embedded system?
2. What are the main characteristics of a secure embedded system?
3. What are the major provisions to make an embedded system safe?
4. What are the major provisions to make an embedded system secure?
5. What are the security measures for a safe embedded system?
Safety and Security of Embedded Systems

4. 1.
What are the main characteristics
of a safe embedded system?

5. 1. What are the main characteristics of a safe embedded system?
Safety-critical applications require safe embedded system architectures
with a predictable failure behavior to prevent from loss of life, substantial
financial damage or severe harm to the environment.
As a safe system is not likely to cause such heavy damages, there must be
measures defined that intervene in case of any malfunction.
The complex architecture of such systems usually requires equally complex
hardware, software, development rules, followed by a strict certification
process.

6. 2.
What are the main characteristics
of a secure embedded system?

7. The security of embedded systems deals with the protection of the
data they store, access to and communicate with the world – reducing
vulnerabilities of hardware and software.
High assurance embedded computing is necessary for the security,
integrity, confidentiality and high availability of the application, especially
with the increasing importance of the IoT and trends like BYOD.
Building protection into the device itself provides security before the
corporate firewall. Security needs to be considered early in the design of a
new system and may even be customized according to the requirements
of the application.
2. What are the main characteristics of a secure embedded system?

8. 3.
What are the major provisions
to make an embedded system safe?

9. » Fail-Safe Behavior. In case of a serious failure, the system enters a defined
safe state. If it is fail-silent, it shuts down completely.
» Redundancy. Multiplying critical components, such as the CPU, increases
the function‘s reliability.
» Clustering. This does not increase a subsystem‘s safety, but it raises
availability. Backing up a system is using redundancy on a higher level with
the aim of keeping your system up even in case of a failure.
3. What are the major provisions to make an embedded system safe?

10. » Radiation Resistance. Cosmic radiation can cause memory errors in
airborne applications. Special design can prevent effects like Single Event
Upsets (SEU) in FPGA and memory components.
» Supervisors. Board management and supervision in safe computers
need to go beyond the usual CPU functions. A reliable CPU should have a
dedicated monitor at its side rather than supervise itself.
» Diversity. If redundant components are identical, a common cause can
make them fail. This is why a system must support dissimilarities both in
hardware and in software, e.g., diversely built up I/O or different operating
systems on redundant processors.
3. What are the major provisions to make an embedded system safe?

11. » Determinism. The need for predictable behavior forbids a number of
mechanisms, like interrupts, common in non-critical applications. Design
engineers need particular expertise in this respect.
» Event Logging. While this is not a necessary safety function, it can help
track back faults in critical systems in case of an incident. Chances are
higher to avoid the error cause in the future by taking precautions.
3. What are the major provisions to make an embedded system safe?

12. 4.
What are the major provisions
to make an embedded system secure?

13. » Threat prevention, detection, and response. User account access controls
and cryptography can protect systems files and data. Firewalls prevent
systems from a network security perspective. Intrusion detection systems
are designed to detect network attacks in progress. Response is the
summary of methods to effectively protect the system from harm.
4. What are the major provisions to make an embedded system secure?

14. » Software-based and hardware-based security. Hardware-based or assisted
computer security offers an alternative to software-only computer
security:
» TPM. Trusted platform modules secure devices by integrating crypto-
graphic capabilities on processors and SOCs. Used together with ser-
ver-side software, TPMs detect and authenticate hardware devices,
preventing unauthorized access.
» Secure boot. Based on hardware support, this method uses
cryptographically signed code to verify authentication.
4. What are the major provisions to make an embedded system secure?

15. » Intrusion detection/prevention. As a hardware or software
implemented function, IDS triggers an alarm, whereas IPS is capable of
interrupting the connection, modifying or destroying data packages.
» Drive locks. Drive locks are software tools to encrypt internal and
external hard drives, making them inaccessible to unauthorized
parties.
» USB dongle. It creates a secure encrypted tunnel between the
software application and the key, or can be used to access web-based
content, or can be configured to lock or unlock a computer.
4. What are the major provisions to make an embedded system secure?

16. » Disabling USB ports. This is another security option to prevent from
hostile access.
» Device tampering. This detection method shows when the seal on the
device enclosure has been broken, indicating that a not authorizated
person may be violating the system.
» Firewall. A firewall is – in addition to the more specific hardware
protection – a software layer to defend against common attacks.
» Security patches and updates. Being part of the vulnerability
management, security patches are the primary method of fixing
security weaknesses in software.
4. What are the major provisions to make an embedded system secure?

17. 5.
What are the security measures
for a safe embedded system?

18. Safe embedded systems control critical functions in industrial automation,
transportation, and other markets, where a collapse of the system caused
by an external attack could have catastrophic consequences. And – critical
embedded systems are often deployed in the field or even mobile, being
may be directly connected to the Internet with none of the protections
found in a corporate environment.
5. What are the security measures for a safe embedded system?

19. » Up to now the preferred method is still to keep a safe system away from
standard networks, the Internet or the Cloud.
» To exchange operation data between a safe computer and open
networks, “vital-to-non-vital” gateways may be one way to achieve the
security needed.
With no extra security measures for safe embedded systems yet on
the horizon, it is said that at least physical computer attacks and social
engineering can only be prevented by non-computer means, e.g. with
trainings of the personnel.
5. What are the security measures for a safe embedded system?

20. www.men.de/competencies/safe-computing/
www.men-france.fr/competencies/safe-computing/

21. www.menmicro.com/competencies/safe-computing/