Topics covered in this presentation:
What is an Embedded system ?
What are MISRA C rules ?
MISRA C conformance and deviations
Tools for MISRA C conformance
Embedded Security Rules
2. Topics covered in this presentation:
What is an Embedded system ?
What are MISRA C rules ?
MISRA C conformance and deviations
Tools for MISRA C conformance
Embedded Security Rules
2
3. Embedded System - an Introduction
An embedded system is a combination of computer hardware and
software, either fixed in capability or programmable, that is
specifically designed for a particular function
Industrial machines, automobiles, medical equipment, cameras,
household appliances, airplanes, vending machines and cellular
phone and PDA are among the myriad possible hosts of an embedded
system
Embedded systems are designed to do some specific task, rather than
be a general-purpose computer for multiple tasks
3
4. Embedded System - an Introduction
The program instructions written for embedded systems are referred
to as firmware, and are stored in read-only memory or Flash
memory chips
A common array of n-configuration for very-high-volume embedded
systems is the system on a chip (SoC) which contains a complete
system consisting of multiple processors, multipliers, caches and
interfaces on a single chip. SoCs can be implemented as
an application-specific integrated circuit (ASIC) or using a field-
programmable gate array(FPGA).
4
5. Embedded System - Interfaces
Embedded Systems talk with the outside world via peripherals, such as:
• Serial Communication Interfaces (SCI): RS-232, RS-422, RS-485 etc.
• Synchronous Serial Communication Interface: I2C, SPI, SSC and ESSI (Enhanced
Synchronous Serial Interface)
• Universal Serial Bus (USB)
• Multi Media Cards (SD Cards, Compact Flash etc.)
• Networks: Ethernet .
• Fieldbuses: CAN-Bus, LIN-Bus, PROFIBUS, etc.
• Timers: PLL(s), Oscillators, Capture/Compare and Time Processing Units
• Discrete IO: aka General Purpose Input/Output (GPIO)
• Analog to Digital/Digital to Analog (ADC/DAC)
• Debugging: JTAG, ISP, ICSP, BDM Port, BITP, and DB9 ports
5
6. Embedded System and Security ?
Traditionally, many of the hardware and hardware systems controlled
by embedded software have not been easily interfaced with as they
had little need to be exposed. Trends like machine-to-machine (M2M)
communication, the Internet of Things and remotely-controlled
industrial systems, however, have increased the number of connected
devices and simultaneously made these devices targets
Each communication point is a potential point of entry for hackers
End users can't patch embedded systems
It is considerably more expensive to fix defects in embedded systems
once they're deployed to the field
6
7. Embedded System and Security
The embedded system is having a hardware component and a
software running on top of it
So, we need to think of security in both the domains: hardware
domain security as well as software domain security
The hardware is generally written in HDL languages and for the
software we use Embedded C programming
The software security standards which are generally referred :
MISRA-C Guidelines for Safety Critical Software and Barr Group
Embedded C Coding Standard
7
8. Basic Embedded Systems Security Rules:
A complete product life cycle analysis needs to be performed and life
cycle is divided into various stages
Possible entry paths for attacks into the system need to be defined
and described and kept to a minimum value
A risk matrix needs to be built
Hardware support layer
Secure default configuration : Secure mode, Hyperviser mode and
application mode
Design and test for security
8
9. Software Security- an Introduction
Buffer and stack overflow attacks overwrite the contents of the heap
or stack respectively by writing extra bytes
Command injection can be achieved when New system commands
are appended to existing commands by the malicious attack
SQL injections use malicious SQL code to retrieve or modify
important information from database servers
SQL injections can be used to bypass login credentials
Sometimes SQL injections fetch important information from a
database or delete all important data from a database
9
10. MISRA C - an Introduction
MISRA stands for Motor Industry Software Reliability Association
MISRA C is a set of software development guidelines for
the C programming language
Its aims are to facilitate code safety, security, portability and
reliability, specifically those systems programmed in ISO C / C90 / C99
MISRA C isn't an open standard
10
11. MISRA Rules:
MISRA Rules can be divided logically into a number of categories:
Avoiding using functions and constructs that are prone to failure, for
example, malloc may fail
Avoiding possible compiler differences, for example, the size of a C
integer may vary but an INT16 is always 16 bits (C99 standardized on
int16_t)
Produce maintainable and debuggable code, for example, naming
conventions and commenting
Complexity limits and Best Practice rules
11
12. MISRA Rules:
No reliance shall be placed on undefined or unspecified behaviour:
Lots of things in C have undefined behaviour:
Divide by zero,
Out-of-bounds memory access,
Signed integer overflow
Conversions shall not be performed between a pointer to a function
and any type other than an integral type
All automatic variables shall have been assigned a value before
being used
12
13. MISRA Rules:
Identifiers in an inner scope shall not use the same name as an
identifier in an outer scope, and therefore hide that identifier
int total;
int foo (int total) { return 3*total; }
The right-hand operand of a logical && or || operator must not
contain side effects
Functions shall not call themselves, either directly or indirectly
13
14. MISRA Rules:
The address of an object with automatic storage shall not be assigned
to another object that may persist after the first object has ceased to
exist
An area of memory shall not be reused for unrelated purposes
Floating-point expressions shall not be tested for equality or
inequality
The sizeof operator shall not be used on expressions that contain side
effects. eg. sizeof(x++);
All object and function identifiers shall be declared before use
14
15. MISRA Rules Conformance and Deviations:
In order for a piece of software to claim to be compliant to the MISRA C
Guidelines,
all mandatory rules shall be met and
all required rules and directives shall either be met or subject to a formal
deviation
Advisory rules may be disapplied without a formal deviation, but this
should still be recorded in the project documentation
Many MISRA C rules can be characterized as guidelines because under
certain condition software engineers may deviate from rules and still be
considered compliant with the standard. Deviations must be documented
either in the code or in a file
15
16. Tools for MISRA Rules Conformance
• Goanna by Red Lizard Software – A software analysis tool for C/C++.
• Rational Test RealTime by IBM - A cross-platform solution for
component testing, static and runtime analysis
• LDRA Testbed by Liverpool Data Research Associates
• Parasoft C/C++test by Parasoft
• PC-Lint by Gimpel Software. MISRA C:1998, C:2004, C:2012,
C++:2008.[13]
• Polyspace by MathWorks
16
17. Compilers which support MISRA Conformance:
• Green Hills Software
• IAR Systems - MISRA C:1998, C:2004, C:2012, C++:2008
• TASKING - MISRA C:1998, C:2004, C:2012
• TI Compilers
17
18. Embedded Security Rules:
A complete product life cycle analysis needs to be performed and life
cycle is divided into various stages
Possible entry paths for attacks into the system need to be defined
and described and kept to a minimum value
A risk matrix needs to be built
Hardware support layer
Secure default configuration : Secure mode, Hyperviser mode and
application mode
Design and test for security
18
21. Thank You
“Language is the principal tool with which we communicate; but when words are used
carelessly or mistakenly, what was intended to advance mutual understanding may in
fact hinder it; our instrument becomes our burden”
21