Post on 21-Jan-2017
transcript
Security in Embedded Systems
Presentation by:
Naveen Jakhar, ITS
ADET – 2014 Batch
NTIPRIT
1
Topics covered in this presentation:
What is an Embedded system ?
What are MISRA C rules ?
MISRA C conformance and deviations
Tools for MISRA C conformance
Embedded Security Rules
2
Embedded System - an Introduction
An embedded system is a combination of computer hardware andsoftware, either fixed in capability or programmable, that isspecifically designed for a particular function
Industrial machines, automobiles, medical equipment, cameras,household appliances, airplanes, vending machines and cellularphone and PDA are among the myriad possible hosts of an embeddedsystem
Embedded systems are designed to do some specific task, rather thanbe a general-purpose computer for multiple tasks
3
Embedded System - an Introduction
The program instructions written for embedded systems are referredto as firmware, and are stored in read-only memory or Flashmemory chips
A common array of n-configuration for very-high-volume embeddedsystems is the system on a chip (SoC) which contains a completesystem consisting of multiple processors, multipliers, caches andinterfaces on a single chip. SoCs can be implemented asan application-specific integrated circuit (ASIC) or using a field-programmable gate array(FPGA).
4
Embedded System - InterfacesEmbedded Systems talk with the outside world via peripherals, such as:
• Serial Communication Interfaces (SCI): RS-232, RS-422, RS-485 etc.
• Synchronous Serial Communication Interface: I2C, SPI, SSC and ESSI (Enhanced Synchronous Serial Interface)
• Universal Serial Bus (USB)
• Multi Media Cards (SD Cards, Compact Flash etc.)
• Networks: Ethernet .
• Fieldbuses: CAN-Bus, LIN-Bus, PROFIBUS, etc.
• Timers: PLL(s), Oscillators, Capture/Compare and Time Processing Units
• Discrete IO: aka General Purpose Input/Output (GPIO)
• Analog to Digital/Digital to Analog (ADC/DAC)
• Debugging: JTAG, ISP, ICSP, BDM Port, BITP, and DB9 ports
5
Embedded System and Security ?
Traditionally, many of the hardware and hardware systems controlledby embedded software have not been easily interfaced with as theyhad little need to be exposed. Trends like machine-to-machine (M2M)communication, the Internet of Things and remotely-controlledindustrial systems, however, have increased the number of connecteddevices and simultaneously made these devices targets
Each communication point is a potential point of entry for hackers
End users can't patch embedded systems
It is considerably more expensive to fix defects in embedded systemsonce they're deployed to the field
6
Embedded System and Security
The embedded system is having a hardware component and asoftware running on top of it
So, we need to think of security in both the domains: hardwaredomain security as well as software domain security
The hardware is generally written in HDL languages and for thesoftware we use Embedded C programming
The software security standards which are generally referred :MISRA-C Guidelines for Safety Critical Software and Barr GroupEmbedded C Coding Standard
7
Basic Embedded Systems Security Rules:
A complete product life cycle analysis needs to be performed and lifecycle is divided into various stages
Possible entry paths for attacks into the system need to be definedand described and kept to a minimum value
A risk matrix needs to be built
Hardware support layer
Secure default configuration : Secure mode, Hyperviser mode andapplication mode
Design and test for security
8
Software Security- an Introduction
Buffer and stack overflow attacks overwrite the contents of the heapor stack respectively by writing extra bytes
Command injection can be achieved when New system commandsare appended to existing commands by the malicious attack
SQL injections use malicious SQL code to retrieve or modifyimportant information from database servers
SQL injections can be used to bypass login credentials
Sometimes SQL injections fetch important information from adatabase or delete all important data from a database
9
MISRA C - an Introduction
MISRA stands for Motor Industry Software Reliability Association
MISRA C is a set of software development guidelines forthe C programming language
Its aims are to facilitate code safety, security, portability andreliability, specifically those systems programmed in ISO C / C90 / C99
MISRA C isn't an open standard
10
MISRA Rules:
MISRA Rules can be divided logically into a number of categories:
Avoiding using functions and constructs that are prone to failure, forexample, malloc may fail
Avoiding possible compiler differences, for example, the size of a Cinteger may vary but an INT16 is always 16 bits (C99 standardized onint16_t)
Produce maintainable and debuggable code, for example, namingconventions and commenting
Complexity limits and Best Practice rules
11
MISRA Rules:
No reliance shall be placed on undefined or unspecified behaviour:
Lots of things in C have undefined behaviour:
Divide by zero,
Out-of-bounds memory access,
Signed integer overflow
Conversions shall not be performed between a pointer to a functionand any type other than an integral type
All automatic variables shall have been assigned a value beforebeing used
12
MISRA Rules:
Identifiers in an inner scope shall not use the same name as anidentifier in an outer scope, and therefore hide that identifier
int total;
int foo (int total) { return 3*total; }
The right-hand operand of a logical && or || operator must notcontain side effects
Functions shall not call themselves, either directly or indirectly
13
MISRA Rules:
The address of an object with automatic storage shall not be assignedto another object that may persist after the first object has ceased toexist
An area of memory shall not be reused for unrelated purposes
Floating-point expressions shall not be tested for equality orinequality
The sizeof operator shall not be used on expressions that contain sideeffects. eg. sizeof(x++);
All object and function identifiers shall be declared before use
14
MISRA Rules Conformance and Deviations: In order for a piece of software to claim to be compliant to the MISRA C
Guidelines,
all mandatory rules shall be met and
all required rules and directives shall either be met or subject to a formaldeviation
Advisory rules may be disapplied without a formal deviation, but thisshould still be recorded in the project documentation
Many MISRA C rules can be characterized as guidelines because undercertain condition software engineers may deviate from rules and still beconsidered compliant with the standard. Deviations must be documentedeither in the code or in a file
15
Tools for MISRA Rules Conformance
• Goanna by Red Lizard Software – A software analysis tool for C/C++.
• Rational Test RealTime by IBM - A cross-platform solution forcomponent testing, static and runtime analysis
• LDRA Testbed by Liverpool Data Research Associates
• Parasoft C/C++test by Parasoft
• PC-Lint by Gimpel Software. MISRA C:1998, C:2004, C:2012,C++:2008.[13]
• Polyspace by MathWorks
16
Compilers which support MISRA Conformance:
• Green Hills Software
• IAR Systems - MISRA C:1998, C:2004, C:2012, C++:2008
• TASKING - MISRA C:1998, C:2004, C:2012
• TI Compilers
17
Embedded Security Rules:
A complete product life cycle analysis needs to be performed and lifecycle is divided into various stages
Possible entry paths for attacks into the system need to be definedand described and kept to a minimum value
A risk matrix needs to be built
Hardware support layer
Secure default configuration : Secure mode, Hyperviser mode andapplication mode
Design and test for security
18
Embedded Security Rules:
19
References:
20
https://www.techopedia.com/definition/24866/software-security
http://www.eng.utah.edu/~cs5785/slides-f10/08-6up.pdf
https://en.wikipedia.org/wiki/MISRA_C
http://www.embedded-safety-security.com/
http://www.embedded.com/development/safety-and-security
http://www.academia.edu/7527310/Security_Vulnerabilities_and_Countermeasures_In_TCP_IP_Layers
Thank You“Language is the principal tool with which we communicate; but when words are used carelessly or mistakenly, what was intended to advance mutual understanding may in
fact hinder it; our instrument becomes our burden”
21