Security in Embedded Systems

Presentation by:

Naveen Jakhar, ITS

ADET – 2014 Batch

NTIPRIT

1

Topics covered in this presentation:

What is an Embedded system ?

What are MISRA C rules ?

MISRA C conformance and deviations

Tools for MISRA C conformance

Embedded Security Rules

2

Embedded System - an Introduction

An embedded system is a combination of computer hardware andsoftware, either fixed in capability or programmable, that isspecifically designed for a particular function

Industrial machines, automobiles, medical equipment, cameras,household appliances, airplanes, vending machines and cellularphone and PDA are among the myriad possible hosts of an embeddedsystem

Embedded systems are designed to do some specific task, rather thanbe a general-purpose computer for multiple tasks

3

Embedded System - an Introduction

The program instructions written for embedded systems are referredto as firmware, and are stored in read-only memory or Flashmemory chips

A common array of n-configuration for very-high-volume embeddedsystems is the system on a chip (SoC) which contains a completesystem consisting of multiple processors, multipliers, caches andinterfaces on a single chip. SoCs can be implemented asan application-specific integrated circuit (ASIC) or using a field-programmable gate array(FPGA).

4

Embedded System - InterfacesEmbedded Systems talk with the outside world via peripherals, such as:

• Serial Communication Interfaces (SCI): RS-232, RS-422, RS-485 etc.

• Synchronous Serial Communication Interface: I2C, SPI, SSC and ESSI (Enhanced Synchronous Serial Interface)

• Universal Serial Bus (USB)

• Multi Media Cards (SD Cards, Compact Flash etc.)

• Networks: Ethernet .

• Fieldbuses: CAN-Bus, LIN-Bus, PROFIBUS, etc.

• Timers: PLL(s), Oscillators, Capture/Compare and Time Processing Units

• Discrete IO: aka General Purpose Input/Output (GPIO)

• Analog to Digital/Digital to Analog (ADC/DAC)

• Debugging: JTAG, ISP, ICSP, BDM Port, BITP, and DB9 ports

5

Embedded System and Security ?

Traditionally, many of the hardware and hardware systems controlledby embedded software have not been easily interfaced with as theyhad little need to be exposed. Trends like machine-to-machine (M2M)communication, the Internet of Things and remotely-controlledindustrial systems, however, have increased the number of connecteddevices and simultaneously made these devices targets

Each communication point is a potential point of entry for hackers

End users can't patch embedded systems

It is considerably more expensive to fix defects in embedded systemsonce they're deployed to the field

6

Embedded System and Security

The embedded system is having a hardware component and asoftware running on top of it

So, we need to think of security in both the domains: hardwaredomain security as well as software domain security

The hardware is generally written in HDL languages and for thesoftware we use Embedded C programming

The software security standards which are generally referred :MISRA-C Guidelines for Safety Critical Software and Barr GroupEmbedded C Coding Standard

7

Basic Embedded Systems Security Rules:

A complete product life cycle analysis needs to be performed and lifecycle is divided into various stages

Possible entry paths for attacks into the system need to be definedand described and kept to a minimum value

A risk matrix needs to be built

Hardware support layer

Secure default configuration : Secure mode, Hyperviser mode andapplication mode

Design and test for security

8

Software Security- an Introduction

Buffer and stack overflow attacks overwrite the contents of the heapor stack respectively by writing extra bytes

Command injection can be achieved when New system commandsare appended to existing commands by the malicious attack

SQL injections use malicious SQL code to retrieve or modifyimportant information from database servers

SQL injections can be used to bypass login credentials

Sometimes SQL injections fetch important information from adatabase or delete all important data from a database

9

MISRA C - an Introduction

MISRA stands for Motor Industry Software Reliability Association

MISRA C is a set of software development guidelines forthe C programming language

Its aims are to facilitate code safety, security, portability andreliability, specifically those systems programmed in ISO C / C90 / C99

MISRA C isn't an open standard

10

MISRA Rules:

MISRA Rules can be divided logically into a number of categories:

Avoiding using functions and constructs that are prone to failure, forexample, malloc may fail

Avoiding possible compiler differences, for example, the size of a Cinteger may vary but an INT16 is always 16 bits (C99 standardized onint16_t)

Produce maintainable and debuggable code, for example, namingconventions and commenting

Complexity limits and Best Practice rules

11

MISRA Rules:

No reliance shall be placed on undefined or unspecified behaviour:

Lots of things in C have undefined behaviour:

Divide by zero,

Out-of-bounds memory access,

Signed integer overflow

Conversions shall not be performed between a pointer to a functionand any type other than an integral type

All automatic variables shall have been assigned a value beforebeing used

12

MISRA Rules:

Identifiers in an inner scope shall not use the same name as anidentifier in an outer scope, and therefore hide that identifier

int total;

int foo (int total) { return 3*total; }

The right-hand operand of a logical && or || operator must notcontain side effects

Functions shall not call themselves, either directly or indirectly

13

MISRA Rules:

The address of an object with automatic storage shall not be assignedto another object that may persist after the first object has ceased toexist

An area of memory shall not be reused for unrelated purposes

Floating-point expressions shall not be tested for equality orinequality

The sizeof operator shall not be used on expressions that contain sideeffects. eg. sizeof(x++);

All object and function identifiers shall be declared before use

14

MISRA Rules Conformance and Deviations: In order for a piece of software to claim to be compliant to the MISRA C

Guidelines,

all mandatory rules shall be met and

all required rules and directives shall either be met or subject to a formaldeviation

Advisory rules may be disapplied without a formal deviation, but thisshould still be recorded in the project documentation

Many MISRA C rules can be characterized as guidelines because undercertain condition software engineers may deviate from rules and still beconsidered compliant with the standard. Deviations must be documentedeither in the code or in a file

15

Tools for MISRA Rules Conformance

• Goanna by Red Lizard Software – A software analysis tool for C/C++.

• Rational Test RealTime by IBM - A cross-platform solution forcomponent testing, static and runtime analysis

• LDRA Testbed by Liverpool Data Research Associates

• Parasoft C/C++test by Parasoft

• PC-Lint by Gimpel Software. MISRA C:1998, C:2004, C:2012,C++:2008.[13]

• Polyspace by MathWorks

16

Compilers which support MISRA Conformance:

• Green Hills Software

• IAR Systems - MISRA C:1998, C:2004, C:2012, C++:2008

• TASKING - MISRA C:1998, C:2004, C:2012

• TI Compilers

17

Embedded Security Rules:

A complete product life cycle analysis needs to be performed and lifecycle is divided into various stages

Possible entry paths for attacks into the system need to be definedand described and kept to a minimum value

A risk matrix needs to be built

Hardware support layer

Secure default configuration : Secure mode, Hyperviser mode andapplication mode

Design and test for security

18

Embedded Security Rules:

19

References:

20

https://www.techopedia.com/definition/24866/software-security

http://www.eng.utah.edu/~cs5785/slides-f10/08-6up.pdf

https://en.wikipedia.org/wiki/MISRA_C

http://www.embedded-safety-security.com/

http://www.embedded.com/development/safety-and-security

http://www.academia.edu/7527310/Security_Vulnerabilities_and_Countermeasures_In_TCP_IP_Layers

Thank You“Language is the principal tool with which we communicate; but when words are used carelessly or mistakenly, what was intended to advance mutual understanding may in

fact hinder it; our instrument becomes our burden”

21