Embedded Software Assurance for Configuring Secure Hardware

Security&Privacy
2010
Issue No. 5 - September/October
Abstract - Embedded Software Assurance for Configuring Secure Hardware

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by J. Ryan Kenny Articles by Craig Robinson

September/October 2010 (vol. 8 no. 5)

pp. 20-26

	ASCII Text	x
	J. Ryan Kenny, Craig Robinson, "Embedded Software Assurance for Configuring Secure Hardware," IEEE Security and Privacy, vol. 8, no. 5, pp. 20-26, September/October, 2010.

	BibTex	x
	@article{ 10.1109/MSP.2010.150, author = {J. Ryan Kenny and Craig Robinson}, title = {Embedded Software Assurance for Configuring Secure Hardware}, journal ={IEEE Security and Privacy}, volume = {8}, number = {5}, issn = {1540-7993}, year = {2010}, pages = {20-26}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2010.150}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IEEE Security and Privacy TI - Embedded Software Assurance for Configuring Secure Hardware IS - 5 SN - 1540-7993 SP20 EP26 EPD - 20-26 A1 - J. Ryan Kenny, A1 - Craig Robinson, PY - 2010 KW - secure processor KW - embedded security KW - security configuration VL - 8 JA - IEEE Security and Privacy ER -

J. Ryan Kenny, CPU Technology

Craig Robinson, CPU Technology

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2010.150

The recent development of high-security processors and hardware is substantially changing embedded software tools, shedding light on security in the embedded development environment. The process of developing, certifying, and implementing a secure processor has several challenges that can be compared to providing deadbolts for residential properties. The deadbolt itself, no matter how well designed and tested, offers little security if it isn't installed correctly. Even more significantly, the deadbolt is useless if the owner doesn't lock it at night. These problems are similar for secure hardware—if system developers implement them incorrectly and end users don't employ security configurations, the processor's security properties are of no value in the end system. Instituting security policy in the hardware has all of the hallmarks of traditional security software: user authentication (security engineer only), preventing the impact of users or operating code on security settings, command integrity and verification, and keeping security policy audit log settings. In this article, the authors define the embedded end markets affected by embedded software assurance issues, then examine ways in which security and assurance capabilities are partitioned in hardware and software. They then examine the problems inherent to configuring secure hardware and offers a list of considerations and testing issues for providers interested in improving their embedded security environments to support secure hardware and processors.

1. "Gartner Says Worldwide Security Software Market on Pace to Grow 8 Per Cent in 2009," Gartner Research, 21 Sept. 2009; www.gartner.com/itpage.jsp?id=1184713.
2. "Security Separation of Multi-Core Processors," white paper, CPU Tech., Sept. 2009; http://cputech.com/acalisacalis_download.php?id=2 .
3. S. Mao and T. Wolf, "Hardware Support for Secure Processing in Embedded Systems," Proc. Design Automation Conference (DAC 07), 2007; www.ecs.umass.edu/ece/wolf/pubs/2007dac.html .
4. N. Lawson, "Side-Channel Attacks on Cryptographic Software," IEEE Security & Privacy, vol. 7, no. 6, 2009, pp. 65–68.
5. "Building a Secure System Using TrustZone Technology," ARM application note, 2009; http://infocenter.arm.com/help/index.jsp?topic= com.arm.doc.prd29-genc-009492c.
6. "Malware Turns Software Compilers into Malware Breeders," Wired.com blog, 21 Aug. 2009; www.wired.com/threatlevel/2009/08induc/.
7. FIPS 140-2 Security Requirements for Cryptographic Modules, US Nat'l Inst. Standards and Technology (NIST), 25 May 2001; http://csrc.nist.gov/publicationsPubsFIPS.html .

Index Terms:

secure processor, embedded security, security configuration

Citation:

J. Ryan Kenny, Craig Robinson, "Embedded Software Assurance for Configuring Secure Hardware," IEEE Security and Privacy, vol. 8, no. 5, pp. 20-26, Sep./Oct. 2010, doi:10.1109/MSP.2010.150

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.