This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Embedded Software Assurance for Configuring Secure Hardware
September/October 2010 (vol. 8 no. 5)
pp. 20-26
J. Ryan Kenny, CPU Technology
Craig Robinson, CPU Technology
The recent development of high-security processors and hardware is substantially changing embedded software tools, shedding light on security in the embedded development environment. The process of developing, certifying, and implementing a secure processor has several challenges that can be compared to providing deadbolts for residential properties. The deadbolt itself, no matter how well designed and tested, offers little security if it isn't installed correctly. Even more significantly, the deadbolt is useless if the owner doesn't lock it at night. These problems are similar for secure hardware—if system developers implement them incorrectly and end users don't employ security configurations, the processor's security properties are of no value in the end system. Instituting security policy in the hardware has all of the hallmarks of traditional security software: user authentication (security engineer only), preventing the impact of users or operating code on security settings, command integrity and verification, and keeping security policy audit log settings. In this article, the authors define the embedded end markets affected by embedded software assurance issues, then examine ways in which security and assurance capabilities are partitioned in hardware and software. They then examine the problems inherent to configuring secure hardware and offers a list of considerations and testing issues for providers interested in improving their embedded security environments to support secure hardware and processors.

1. "Gartner Says Worldwide Security Software Market on Pace to Grow 8 Per Cent in 2009," Gartner Research, 21 Sept. 2009; www.gartner.com/itpage.jsp?id=1184713.
2. "Security Separation of Multi-Core Processors," white paper, CPU Tech., Sept. 2009; http://cputech.com/acalisacalis_download.php?id=2 .
3. S. Mao and T. Wolf, "Hardware Support for Secure Processing in Embedded Systems," Proc. Design Automation Conference (DAC 07), 2007; www.ecs.umass.edu/ece/wolf/pubs/2007dac.html .
4. N. Lawson, "Side-Channel Attacks on Cryptographic Software," IEEE Security & Privacy, vol. 7, no. 6, 2009, pp. 65–68.
5. "Building a Secure System Using TrustZone Technology," ARM application note, 2009; http://infocenter.arm.com/help/index.jsp?topic= com.arm.doc.prd29-genc-009492c.
6. "Malware Turns Software Compilers into Malware Breeders," Wired.com blog, 21 Aug. 2009; www.wired.com/threatlevel/2009/08induc/.
7. FIPS 140-2 Security Requirements for Cryptographic Modules, US Nat'l Inst. Standards and Technology (NIST), 25 May 2001; http://csrc.nist.gov/publicationsPubsFIPS.html .

Index Terms:
secure processor, embedded security, security configuration
Citation:
J. Ryan Kenny, Craig Robinson, "Embedded Software Assurance for Configuring Secure Hardware," IEEE Security & Privacy, vol. 8, no. 5, pp. 20-26, Sept.-Oct. 2010, doi:10.1109/MSP.2010.150
Usage of this product signifies your acceptance of the Terms of Use.