SlideShare a Scribd company logo

Security in Embedded systems

Naveen Jakhar, I.T.S
Naveen Jakhar, I.T.S

Topics covered in this presentation: What is an Embedded system ? What are MISRA C rules ? MISRA C conformance and deviations Tools for MISRA C conformance Embedded Security Rules

Engineering
1 of 21
Download to read offline
Security in Embedded Systems Presentation by: Naveen Jakhar, ITS ADET – 2014 Batch NTIPRIT 1
Topics covered in this presentation:  What is an Embedded system ?  What are MISRA C rules ?  MISRA C conformance and deviations  Tools for MISRA C conformance  Embedded Security Rules 2
Embedded System - an Introduction An embedded system is a combination of computer hardware and software, either fixed in capability or programmable, that is specifically designed for a particular function Industrial machines, automobiles, medical equipment, cameras, household appliances, airplanes, vending machines and cellular phone and PDA are among the myriad possible hosts of an embedded system Embedded systems are designed to do some specific task, rather than be a general-purpose computer for multiple tasks 3
Embedded System - an Introduction The program instructions written for embedded systems are referred to as firmware, and are stored in read-only memory or Flash memory chips A common array of n-configuration for very-high-volume embedded systems is the system on a chip (SoC) which contains a complete system consisting of multiple processors, multipliers, caches and interfaces on a single chip. SoCs can be implemented as an application-specific integrated circuit (ASIC) or using a field- programmable gate array(FPGA). 4
Embedded System - Interfaces Embedded Systems talk with the outside world via peripherals, such as: • Serial Communication Interfaces (SCI): RS-232, RS-422, RS-485 etc. • Synchronous Serial Communication Interface: I2C, SPI, SSC and ESSI (Enhanced Synchronous Serial Interface) • Universal Serial Bus (USB) • Multi Media Cards (SD Cards, Compact Flash etc.) • Networks: Ethernet . • Fieldbuses: CAN-Bus, LIN-Bus, PROFIBUS, etc. • Timers: PLL(s), Oscillators, Capture/Compare and Time Processing Units • Discrete IO: aka General Purpose Input/Output (GPIO) • Analog to Digital/Digital to Analog (ADC/DAC) • Debugging: JTAG, ISP, ICSP, BDM Port, BITP, and DB9 ports 5
Embedded System and Security ? Traditionally, many of the hardware and hardware systems controlled by embedded software have not been easily interfaced with as they had little need to be exposed. Trends like machine-to-machine (M2M) communication, the Internet of Things and remotely-controlled industrial systems, however, have increased the number of connected devices and simultaneously made these devices targets Each communication point is a potential point of entry for hackers End users can't patch embedded systems It is considerably more expensive to fix defects in embedded systems once they're deployed to the field 6
Embedded System and Security  The embedded system is having a hardware component and a software running on top of it So, we need to think of security in both the domains: hardware domain security as well as software domain security  The hardware is generally written in HDL languages and for the software we use Embedded C programming  The software security standards which are generally referred : MISRA-C Guidelines for Safety Critical Software and Barr Group Embedded C Coding Standard 7
Basic Embedded Systems Security Rules: A complete product life cycle analysis needs to be performed and life cycle is divided into various stages Possible entry paths for attacks into the system need to be defined and described and kept to a minimum value A risk matrix needs to be built Hardware support layer Secure default configuration : Secure mode, Hyperviser mode and application mode Design and test for security 8
Software Security- an Introduction Buffer and stack overflow attacks overwrite the contents of the heap or stack respectively by writing extra bytes Command injection can be achieved when New system commands are appended to existing commands by the malicious attack SQL injections use malicious SQL code to retrieve or modify important information from database servers SQL injections can be used to bypass login credentials  Sometimes SQL injections fetch important information from a database or delete all important data from a database 9
MISRA C - an Introduction MISRA stands for Motor Industry Software Reliability Association MISRA C is a set of software development guidelines for the C programming language Its aims are to facilitate code safety, security, portability and reliability, specifically those systems programmed in ISO C / C90 / C99 MISRA C isn't an open standard 10
MISRA Rules: MISRA Rules can be divided logically into a number of categories: Avoiding using functions and constructs that are prone to failure, for example, malloc may fail Avoiding possible compiler differences, for example, the size of a C integer may vary but an INT16 is always 16 bits (C99 standardized on int16_t) Produce maintainable and debuggable code, for example, naming conventions and commenting Complexity limits and Best Practice rules 11
MISRA Rules: No reliance shall be placed on undefined or unspecified behaviour: Lots of things in C have undefined behaviour: Divide by zero, Out-of-bounds memory access, Signed integer overflow Conversions shall not be performed between a pointer to a function and any type other than an integral type All automatic variables shall have been assigned a value before being used 12
MISRA Rules: Identifiers in an inner scope shall not use the same name as an identifier in an outer scope, and therefore hide that identifier int total; int foo (int total) { return 3*total; } The right-hand operand of a logical && or || operator must not contain side effects Functions shall not call themselves, either directly or indirectly 13
MISRA Rules: The address of an object with automatic storage shall not be assigned to another object that may persist after the first object has ceased to exist An area of memory shall not be reused for unrelated purposes Floating-point expressions shall not be tested for equality or inequality The sizeof operator shall not be used on expressions that contain side effects. eg. sizeof(x++); All object and function identifiers shall be declared before use 14
MISRA Rules Conformance and Deviations: In order for a piece of software to claim to be compliant to the MISRA C Guidelines,  all mandatory rules shall be met and  all required rules and directives shall either be met or subject to a formal deviation  Advisory rules may be disapplied without a formal deviation, but this should still be recorded in the project documentation Many MISRA C rules can be characterized as guidelines because under certain condition software engineers may deviate from rules and still be considered compliant with the standard. Deviations must be documented either in the code or in a file 15
Tools for MISRA Rules Conformance • Goanna by Red Lizard Software – A software analysis tool for C/C++. • Rational Test RealTime by IBM - A cross-platform solution for component testing, static and runtime analysis • LDRA Testbed by Liverpool Data Research Associates • Parasoft C/C++test by Parasoft • PC-Lint by Gimpel Software. MISRA C:1998, C:2004, C:2012, C++:2008.[13] • Polyspace by MathWorks 16
Compilers which support MISRA Conformance: • Green Hills Software • IAR Systems - MISRA C:1998, C:2004, C:2012, C++:2008 • TASKING - MISRA C:1998, C:2004, C:2012 • TI Compilers 17
Embedded Security Rules: A complete product life cycle analysis needs to be performed and life cycle is divided into various stages Possible entry paths for attacks into the system need to be defined and described and kept to a minimum value A risk matrix needs to be built Hardware support layer Secure default configuration : Secure mode, Hyperviser mode and application mode Design and test for security 18
Embedded Security Rules: 19
References: 20 https://www.techopedia.com/definition/24866/software-security http://www.eng.utah.edu/~cs5785/slides-f10/08-6up.pdf https://en.wikipedia.org/wiki/MISRA_C http://www.embedded-safety-security.com/ http://www.embedded.com/development/safety-and-security http://www.academia.edu/7527310/Security_Vulnerabilities_and_C ountermeasures_In_TCP_IP_Layers
Thank You “Language is the principal tool with which we communicate; but when words are used carelessly or mistakenly, what was intended to advance mutual understanding may in fact hinder it; our instrument becomes our burden” 21

Recommended

Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security
Malachi Jones
 
introduction to Embedded System Security
introduction to Embedded System Securityintroduction to Embedded System Security
introduction to Embedded System Security
Adel Barkam
 
Security in an embedded system
Security in an embedded system Security in an embedded system
Security in an embedded system
UrmilasSrinivasan
 
Embedded system
Embedded systemEmbedded system
Embedded system
Anmol Bagga
 
Embedded Systems
Embedded SystemsEmbedded Systems
Embedded Systems
Navin Kumar
 
Embedded systems
Embedded systemsEmbedded systems
Embedded systems
Manju Nathan
 
Morello Technology Demonstrator Hardware Overview - Mark Inskip, Arm
Morello Technology Demonstrator Hardware Overview - Mark Inskip, ArmMorello Technology Demonstrator Hardware Overview - Mark Inskip, Arm
Morello Technology Demonstrator Hardware Overview - Mark Inskip, Arm
KTN
 
TinyOS
TinyOSTinyOS
TinyOS
Sneha Shodhan
 

Recommended

Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security
Malachi Jones
 
introduction to Embedded System Security
introduction to Embedded System Securityintroduction to Embedded System Security
introduction to Embedded System Security
Adel Barkam
 
Security in an embedded system
Security in an embedded system Security in an embedded system
Security in an embedded system
UrmilasSrinivasan
 
Embedded system
Embedded systemEmbedded system
Embedded system
Anmol Bagga
 
Embedded Systems
Embedded SystemsEmbedded Systems
Embedded Systems
Navin Kumar
 
Embedded systems
Embedded systemsEmbedded systems
Embedded systems
Manju Nathan
 
Morello Technology Demonstrator Hardware Overview - Mark Inskip, Arm
Morello Technology Demonstrator Hardware Overview - Mark Inskip, ArmMorello Technology Demonstrator Hardware Overview - Mark Inskip, Arm
Morello Technology Demonstrator Hardware Overview - Mark Inskip, Arm
KTN
 
TinyOS
TinyOSTinyOS
TinyOS
Sneha Shodhan
 
Embedded system
Embedded systemEmbedded system
Embedded system
Pankaj Upadhyay
 
Embedded system design challenges
Embedded system design challenges Embedded system design challenges
Embedded system design challenges
Aditya Kamble
 
Trends in Embedded system Design
Trends in Embedded system DesignTrends in Embedded system Design
Trends in Embedded system Design
Raman Deep
 
Windows CE
Windows CEWindows CE
Windows CE
Mayank Garg
 
Embedded Systems - Training ppt
Embedded Systems - Training pptEmbedded Systems - Training ppt
Embedded Systems - Training ppt
Nishant Kayal
 
Introduction to embedded system design
Introduction to embedded system designIntroduction to embedded system design
Introduction to embedded system design
Mukesh Bansal
 
Design challenges in embedded systems
Design challenges in embedded systemsDesign challenges in embedded systems
Design challenges in embedded systems
mahalakshmimalini
 
EC8702 – Unit 1.pptx
EC8702 – Unit 1.pptxEC8702 – Unit 1.pptx
EC8702 – Unit 1.pptx
RockFellerSinghRusse
 
SOC System Design Approach
SOC System Design ApproachSOC System Design Approach
SOC System Design Approach
A B Shinde
 
ARDUINO EMBEDDED SYSTEM
ARDUINO EMBEDDED SYSTEMARDUINO EMBEDDED SYSTEM
ARDUINO EMBEDDED SYSTEM
Vishal GARG
 
Embedded systems
Embedded systemsEmbedded systems
Embedded systems
Edgefxkits & Solutions
 
Class 1 introduction to embedded systems
Class 1 introduction to embedded systemsClass 1 introduction to embedded systems
Class 1 introduction to embedded systems
SURYAPRAKASH S
 
Hardware-Software Codesign
Hardware-Software CodesignHardware-Software Codesign
Hardware-Software Codesign
Sudhanshu Janwadkar
 
Embedded systems notes
Embedded systems notesEmbedded systems notes
Embedded systems notes
Shikha Sharma
 
Introduction to embedded systems
Introduction to embedded systemsIntroduction to embedded systems
Introduction to embedded systems
RAMPRAKASHT1
 
Embedded system seminar
Embedded system seminarEmbedded system seminar
Embedded system seminar
Sukhendra Chaudhary
 
Hardware Software Codesign
Hardware Software CodesignHardware Software Codesign
Hardware Software Codesign
destruck
 
E.s unit 6
E.s unit 6E.s unit 6
E.s unit 6
Sneha Chopra
 
Embedded system
Embedded systemEmbedded system
Embedded system
Vinod Srivastava
 
connecting smart object in IoT.pptx
connecting smart object in IoT.pptxconnecting smart object in IoT.pptx
connecting smart object in IoT.pptx
AnisZahirahAzman
 
Robot supervisor
Robot supervisorRobot supervisor
Robot supervisor
Malak Talbi
 
McAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded DevicesMcAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded Devices
Işınsu Akçetin
 

More Related Content

What's hot

Trends in Embedded system Design
Trends in Embedded system DesignTrends in Embedded system Design
Trends in Embedded system Design
Raman Deep
 
Embedded systems
Embedded systemsEmbedded systems
Embedded systems
Edgefxkits & Solutions
 
Hardware Software Codesign
Hardware Software CodesignHardware Software Codesign
Hardware Software Codesign
destruck
 

What's hot (20)

Embedded system
Embedded systemEmbedded system
Embedded system
 
Embedded system design challenges
Embedded system design challenges Embedded system design challenges
Embedded system design challenges
 
Trends in Embedded system Design
Trends in Embedded system DesignTrends in Embedded system Design
Trends in Embedded system Design
 
Windows CE
Windows CEWindows CE
Windows CE
 
Embedded Systems - Training ppt
Embedded Systems - Training pptEmbedded Systems - Training ppt
Embedded Systems - Training ppt
 
Introduction to embedded system design
Introduction to embedded system designIntroduction to embedded system design
Introduction to embedded system design
 
Design challenges in embedded systems
Design challenges in embedded systemsDesign challenges in embedded systems
Design challenges in embedded systems
 
EC8702 – Unit 1.pptx
EC8702 – Unit 1.pptxEC8702 – Unit 1.pptx
EC8702 – Unit 1.pptx
 
SOC System Design Approach
SOC System Design ApproachSOC System Design Approach
SOC System Design Approach
 
ARDUINO EMBEDDED SYSTEM
ARDUINO EMBEDDED SYSTEMARDUINO EMBEDDED SYSTEM
ARDUINO EMBEDDED SYSTEM
 
Embedded systems
Embedded systemsEmbedded systems
Embedded systems
 
Class 1 introduction to embedded systems
Class 1 introduction to embedded systemsClass 1 introduction to embedded systems
Class 1 introduction to embedded systems
 
Hardware-Software Codesign
Hardware-Software CodesignHardware-Software Codesign
Hardware-Software Codesign
 
Embedded systems notes
Embedded systems notesEmbedded systems notes
Embedded systems notes
 
Introduction to embedded systems
Introduction to embedded systemsIntroduction to embedded systems
Introduction to embedded systems
 
Embedded system seminar
Embedded system seminarEmbedded system seminar
Embedded system seminar
 
Hardware Software Codesign
Hardware Software CodesignHardware Software Codesign
Hardware Software Codesign
 
E.s unit 6
E.s unit 6E.s unit 6
E.s unit 6
 
Embedded system
Embedded systemEmbedded system
Embedded system
 
connecting smart object in IoT.pptx
connecting smart object in IoT.pptxconnecting smart object in IoT.pptx
connecting smart object in IoT.pptx
 

Viewers also liked

McAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded DevicesMcAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded Devices
Işınsu Akçetin
 

Viewers also liked (8)

Robot supervisor
Robot supervisorRobot supervisor
Robot supervisor
 
McAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded DevicesMcAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded Devices
 
Embedded System Security: Learning from Banking and Payment Industry
Embedded System Security: Learning from Banking and Payment IndustryEmbedded System Security: Learning from Banking and Payment Industry
Embedded System Security: Learning from Banking and Payment Industry
 
Embedded based home security system
Embedded based home security systemEmbedded based home security system
Embedded based home security system
 
121115 Présentation Arduino Cocoaheads
121115 Présentation Arduino Cocoaheads121115 Présentation Arduino Cocoaheads
121115 Présentation Arduino Cocoaheads
 
Security in embedded systems
Security in embedded systemsSecurity in embedded systems
Security in embedded systems
 
Présentation des IoT
Présentation des IoTPrésentation des IoT
Présentation des IoT
 
Les systèmes embarqués arduino
Les systèmes embarqués arduinoLes systèmes embarqués arduino
Les systèmes embarqués arduino
 

Similar to Security in Embedded systems

2e062d07-4a72-4792-af77-5e53147d4c81.pdf
2e062d07-4a72-4792-af77-5e53147d4c81.pdf2e062d07-4a72-4792-af77-5e53147d4c81.pdf
2e062d07-4a72-4792-af77-5e53147d4c81.pdf
kimavathmukeshnaik
 
2e062d07-4a72-4792-af77-5e53147d4c81.pdf
2e062d07-4a72-4792-af77-5e53147d4c81.pdf2e062d07-4a72-4792-af77-5e53147d4c81.pdf
2e062d07-4a72-4792-af77-5e53147d4c81.pdf
kimavathmukeshnaik
 
embededsystemfinal1-170130182030 (1).ppt
embededsystemfinal1-170130182030 (1).pptembededsystemfinal1-170130182030 (1).ppt
embededsystemfinal1-170130182030 (1).ppt
kimavathmukeshnaik
 
embedded systems - Developer Student Clubs.pptx.pdf
embedded systems - Developer Student Clubs.pptx.pdfembedded systems - Developer Student Clubs.pptx.pdf
embedded systems - Developer Student Clubs.pptx.pdf
YoussefAbobakr
 
12.automatic toll gate billing system using rfid.
12.automatic toll gate billing system using rfid.12.automatic toll gate billing system using rfid.
12.automatic toll gate billing system using rfid.
Sai Krishna
 
Leveraging Artificial Intelligence Processing on Edge Devices
Leveraging Artificial Intelligence Processing on Edge DevicesLeveraging Artificial Intelligence Processing on Edge Devices
Leveraging Artificial Intelligence Processing on Edge Devices
ICS
 
VDA 2015 Presentation - Full
VDA 2015 Presentation - FullVDA 2015 Presentation - Full
VDA 2015 Presentation - Full
Andrew Banks
 
Embedded system notes
Embedded system notesEmbedded system notes
Embedded system notes
TARUN KUMAR
 

Similar to Security in Embedded systems (20)

btech embedded systems ppt ES UNIT-1.pptx
btech embedded systems ppt ES UNIT-1.pptxbtech embedded systems ppt ES UNIT-1.pptx
btech embedded systems ppt ES UNIT-1.pptx
 
Language for embedded system
Language for embedded systemLanguage for embedded system
Language for embedded system
 
Language for Embedded System
Language for Embedded System Language for Embedded System
Language for Embedded System
 
2e062d07-4a72-4792-af77-5e53147d4c81.pdf
2e062d07-4a72-4792-af77-5e53147d4c81.pdf2e062d07-4a72-4792-af77-5e53147d4c81.pdf
2e062d07-4a72-4792-af77-5e53147d4c81.pdf
 
2e062d07-4a72-4792-af77-5e53147d4c81.pdf
2e062d07-4a72-4792-af77-5e53147d4c81.pdf2e062d07-4a72-4792-af77-5e53147d4c81.pdf
2e062d07-4a72-4792-af77-5e53147d4c81.pdf
 
Embedded system
Embedded systemEmbedded system
Embedded system
 
Ppt on embedded system
Ppt on embedded systemPpt on embedded system
Ppt on embedded system
 
Training report on embedded sys_AVR
Training report on embedded sys_AVRTraining report on embedded sys_AVR
Training report on embedded sys_AVR
 
embededsystemfinal1-170130182030 (1).ppt
embededsystemfinal1-170130182030 (1).pptembededsystemfinal1-170130182030 (1).ppt
embededsystemfinal1-170130182030 (1).ppt
 
embedded systems - Developer Student Clubs.pptx.pdf
embedded systems - Developer Student Clubs.pptx.pdfembedded systems - Developer Student Clubs.pptx.pdf
embedded systems - Developer Student Clubs.pptx.pdf
 
Webinar misra and security
Webinar misra and securityWebinar misra and security
Webinar misra and security
 
12.automatic toll gate billing system using rfid.
12.automatic toll gate billing system using rfid.12.automatic toll gate billing system using rfid.
12.automatic toll gate billing system using rfid.
 
Leveraging Artificial Intelligence Processing on Edge Devices
Leveraging Artificial Intelligence Processing on Edge DevicesLeveraging Artificial Intelligence Processing on Edge Devices
Leveraging Artificial Intelligence Processing on Edge Devices
 
Ch 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden ThreatCh 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden Threat
 
Ijetr042175
Ijetr042175Ijetr042175
Ijetr042175
 
VDA 2015 Presentation - Full
VDA 2015 Presentation - FullVDA 2015 Presentation - Full
VDA 2015 Presentation - Full
 
Chapter-2 Internet of Things.pptx
Chapter-2 Internet of Things.pptxChapter-2 Internet of Things.pptx
Chapter-2 Internet of Things.pptx
 
Embeddedsystem
EmbeddedsystemEmbeddedsystem
Embeddedsystem
 
DEVENDRAPLC .pptx
DEVENDRAPLC .pptxDEVENDRAPLC .pptx
DEVENDRAPLC .pptx
 
Embedded system notes
Embedded system notesEmbedded system notes
Embedded system notes
 

More from Naveen Jakhar, I.T.S

More from Naveen Jakhar, I.T.S (20)

MNP sixth adendment regulations
MNP sixth adendment regulationsMNP sixth adendment regulations
MNP sixth adendment regulations
 
Penalty for violations of EMF radiation norms in India
Penalty for violations of EMF radiation norms in India Penalty for violations of EMF radiation norms in India
Penalty for violations of EMF radiation norms in India
 
Inter-Ministerial R&D for EMF radiation guidelines
Inter-Ministerial R&D for EMF radiation guidelinesInter-Ministerial R&D for EMF radiation guidelines
Inter-Ministerial R&D for EMF radiation guidelines
 
GSM Link Budget
GSM Link BudgetGSM Link Budget
GSM Link Budget
 
UMTS Protocols
UMTS ProtocolsUMTS Protocols
UMTS Protocols
 
UMTS core network and its evolution
UMTS core network and its evolutionUMTS core network and its evolution
UMTS core network and its evolution
 
GSM Air Interface
GSM Air Interface GSM Air Interface
GSM Air Interface
 
Introduction to SIM and USIM
Introduction to SIM and USIMIntroduction to SIM and USIM
Introduction to SIM and USIM
 
Drive testing in mobile networks
Drive testing in mobile networksDrive testing in mobile networks
Drive testing in mobile networks
 
Operating support subsystem (oss) presentation
Operating support subsystem (oss) presentationOperating support subsystem (oss) presentation
Operating support subsystem (oss) presentation
 
Journey of Evolution of UMTS and CDMA
Journey of Evolution of UMTS and CDMAJourney of Evolution of UMTS and CDMA
Journey of Evolution of UMTS and CDMA
 
Concepts of optical fiber communication
Concepts of optical fiber communicationConcepts of optical fiber communication
Concepts of optical fiber communication
 
Radio resource management in wcdma
Radio resource management in wcdmaRadio resource management in wcdma
Radio resource management in wcdma
 
Satellite Communication Theory
Satellite Communication TheorySatellite Communication Theory
Satellite Communication Theory
 
Presentation on satellite antenna
Presentation on satellite antennaPresentation on satellite antenna
Presentation on satellite antenna
 
Data communication basics
Data communication basicsData communication basics
Data communication basics
 
Over view of Transmission Technologies & Optical Fiber Communication
Over view of Transmission Technologies & Optical Fiber Communication Over view of Transmission Technologies & Optical Fiber Communication
Over view of Transmission Technologies & Optical Fiber Communication
 
Overview of Radio Communication
Overview of Radio CommunicationOverview of Radio Communication
Overview of Radio Communication
 
Internet of Things
Internet of ThingsInternet of Things
Internet of Things
 
GSM Base transceiver station
GSM Base transceiver stationGSM Base transceiver station
GSM Base transceiver station
 

Recently uploaded

School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
Kamal Acharya
 
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Call Girls Mumbai
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
Epec Engineered Technologies
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
Kamal Acharya
 

Recently uploaded (20)

S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxS1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
 
Computer Networks Basics of Network Devices
Computer Networks Basics of Network DevicesComputer Networks Basics of Network Devices
Computer Networks Basics of Network Devices
 
Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdf
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
 
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKARHAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
 
kiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal loadkiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal load
 
Moment Distribution Method For Btech Civil
Moment Distribution Method For Btech CivilMoment Distribution Method For Btech Civil
Moment Distribution Method For Btech Civil
 
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
 
Engineering Drawing focus on projection of planes
Engineering Drawing focus on projection of planesEngineering Drawing focus on projection of planes
Engineering Drawing focus on projection of planes
 
DC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equationDC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equation
 
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxOrlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
 

Security in Embedded systems

  • 1. Security in Embedded Systems Presentation by: Naveen Jakhar, ITS ADET – 2014 Batch NTIPRIT 1
  • 2. Topics covered in this presentation:  What is an Embedded system ?  What are MISRA C rules ?  MISRA C conformance and deviations  Tools for MISRA C conformance  Embedded Security Rules 2
  • 3. Embedded System - an Introduction An embedded system is a combination of computer hardware and software, either fixed in capability or programmable, that is specifically designed for a particular function Industrial machines, automobiles, medical equipment, cameras, household appliances, airplanes, vending machines and cellular phone and PDA are among the myriad possible hosts of an embedded system Embedded systems are designed to do some specific task, rather than be a general-purpose computer for multiple tasks 3
  • 4. Embedded System - an Introduction The program instructions written for embedded systems are referred to as firmware, and are stored in read-only memory or Flash memory chips A common array of n-configuration for very-high-volume embedded systems is the system on a chip (SoC) which contains a complete system consisting of multiple processors, multipliers, caches and interfaces on a single chip. SoCs can be implemented as an application-specific integrated circuit (ASIC) or using a field- programmable gate array(FPGA). 4
  • 5. Embedded System - Interfaces Embedded Systems talk with the outside world via peripherals, such as: • Serial Communication Interfaces (SCI): RS-232, RS-422, RS-485 etc. • Synchronous Serial Communication Interface: I2C, SPI, SSC and ESSI (Enhanced Synchronous Serial Interface) • Universal Serial Bus (USB) • Multi Media Cards (SD Cards, Compact Flash etc.) • Networks: Ethernet . • Fieldbuses: CAN-Bus, LIN-Bus, PROFIBUS, etc. • Timers: PLL(s), Oscillators, Capture/Compare and Time Processing Units • Discrete IO: aka General Purpose Input/Output (GPIO) • Analog to Digital/Digital to Analog (ADC/DAC) • Debugging: JTAG, ISP, ICSP, BDM Port, BITP, and DB9 ports 5
  • 6. Embedded System and Security ? Traditionally, many of the hardware and hardware systems controlled by embedded software have not been easily interfaced with as they had little need to be exposed. Trends like machine-to-machine (M2M) communication, the Internet of Things and remotely-controlled industrial systems, however, have increased the number of connected devices and simultaneously made these devices targets Each communication point is a potential point of entry for hackers End users can't patch embedded systems It is considerably more expensive to fix defects in embedded systems once they're deployed to the field 6
  • 7. Embedded System and Security  The embedded system is having a hardware component and a software running on top of it So, we need to think of security in both the domains: hardware domain security as well as software domain security  The hardware is generally written in HDL languages and for the software we use Embedded C programming  The software security standards which are generally referred : MISRA-C Guidelines for Safety Critical Software and Barr Group Embedded C Coding Standard 7
  • 8. Basic Embedded Systems Security Rules: A complete product life cycle analysis needs to be performed and life cycle is divided into various stages Possible entry paths for attacks into the system need to be defined and described and kept to a minimum value A risk matrix needs to be built Hardware support layer Secure default configuration : Secure mode, Hyperviser mode and application mode Design and test for security 8
  • 9. Software Security- an Introduction Buffer and stack overflow attacks overwrite the contents of the heap or stack respectively by writing extra bytes Command injection can be achieved when New system commands are appended to existing commands by the malicious attack SQL injections use malicious SQL code to retrieve or modify important information from database servers SQL injections can be used to bypass login credentials  Sometimes SQL injections fetch important information from a database or delete all important data from a database 9
  • 10. MISRA C - an Introduction MISRA stands for Motor Industry Software Reliability Association MISRA C is a set of software development guidelines for the C programming language Its aims are to facilitate code safety, security, portability and reliability, specifically those systems programmed in ISO C / C90 / C99 MISRA C isn't an open standard 10
  • 11. MISRA Rules: MISRA Rules can be divided logically into a number of categories: Avoiding using functions and constructs that are prone to failure, for example, malloc may fail Avoiding possible compiler differences, for example, the size of a C integer may vary but an INT16 is always 16 bits (C99 standardized on int16_t) Produce maintainable and debuggable code, for example, naming conventions and commenting Complexity limits and Best Practice rules 11
  • 12. MISRA Rules: No reliance shall be placed on undefined or unspecified behaviour: Lots of things in C have undefined behaviour: Divide by zero, Out-of-bounds memory access, Signed integer overflow Conversions shall not be performed between a pointer to a function and any type other than an integral type All automatic variables shall have been assigned a value before being used 12
  • 13. MISRA Rules: Identifiers in an inner scope shall not use the same name as an identifier in an outer scope, and therefore hide that identifier int total; int foo (int total) { return 3*total; } The right-hand operand of a logical && or || operator must not contain side effects Functions shall not call themselves, either directly or indirectly 13
  • 14. MISRA Rules: The address of an object with automatic storage shall not be assigned to another object that may persist after the first object has ceased to exist An area of memory shall not be reused for unrelated purposes Floating-point expressions shall not be tested for equality or inequality The sizeof operator shall not be used on expressions that contain side effects. eg. sizeof(x++); All object and function identifiers shall be declared before use 14
  • 15. MISRA Rules Conformance and Deviations: In order for a piece of software to claim to be compliant to the MISRA C Guidelines,  all mandatory rules shall be met and  all required rules and directives shall either be met or subject to a formal deviation  Advisory rules may be disapplied without a formal deviation, but this should still be recorded in the project documentation Many MISRA C rules can be characterized as guidelines because under certain condition software engineers may deviate from rules and still be considered compliant with the standard. Deviations must be documented either in the code or in a file 15
  • 16. Tools for MISRA Rules Conformance • Goanna by Red Lizard Software – A software analysis tool for C/C++. • Rational Test RealTime by IBM - A cross-platform solution for component testing, static and runtime analysis • LDRA Testbed by Liverpool Data Research Associates • Parasoft C/C++test by Parasoft • PC-Lint by Gimpel Software. MISRA C:1998, C:2004, C:2012, C++:2008.[13] • Polyspace by MathWorks 16
  • 17. Compilers which support MISRA Conformance: • Green Hills Software • IAR Systems - MISRA C:1998, C:2004, C:2012, C++:2008 • TASKING - MISRA C:1998, C:2004, C:2012 • TI Compilers 17
  • 18. Embedded Security Rules: A complete product life cycle analysis needs to be performed and life cycle is divided into various stages Possible entry paths for attacks into the system need to be defined and described and kept to a minimum value A risk matrix needs to be built Hardware support layer Secure default configuration : Secure mode, Hyperviser mode and application mode Design and test for security 18
  • 21. Thank You “Language is the principal tool with which we communicate; but when words are used carelessly or mistakenly, what was intended to advance mutual understanding may in fact hinder it; our instrument becomes our burden” 21