Security by separation is essential for embedded applications

November 29, 2016 // By Majid Bemanian, director of segment marketing at Imagination Technologies Group plc
Majid Bemanian of Imagination discusses security features in the context of IoT-style embedded applications and the use of virtualization within CPU cores.

The connected MCU

Today microcontrollers (MCUs) are finding their way into nearly every application – in traditional areas such as industrial machinery and automotive to new areas such as wearables and even ‘smart’ clothing. More and more, MCU designs incorporate some kind of connectivity e.g. Bluetooth Smart, ultra-low power Wi-Fi, NFC and Zigbee. Connected MCUs must control their own states and resources, capture and process sensory data, perform some analytics and maintain secure storage; they must also communicate to a remote host for data transport, platform management, and OTA updates.

With embedded applications growing increasingly sophisticated and connected, threats to embedded platforms are increasing significantly. Security must be an up-front design consideration, not an afterthought.

Within an MCU there are several methods to build security. These include secure boot and secure code updates. In addition, CPUs with a Memory Protection Unit (MPU) can improve system security by preventing unauthorized access to boot code and execution of non-trusted kernel mode code.

Key protection and tamper resistance are other important security measures. Anti-tamper features can prevent external ‘snooping’ devices from reading the core memory and/or working out what code is executing – providing yet another layer of security against potential external attacks.

Another key security implementation method is to take advantage of hardware virtualization technology offered in some CPUs. With hardware virtualization it is possible to build a micro-controllers that can run multiple, unmodified, isolated applications independently and securely at the same time on a single, trusted platform. End customers can use this feature to provide a secure path to deliver updates/downloads, and benefit from enhanced IP protection.

Why micro-virtualize?

Hardware virtualization is commonly associated with server-class processor technology. It has been used on 64-bit server platforms for many years and is proven and widespread in the enterprise. Virtualization can enable consolidation of multiple similar or dissimilar workloads in datacenters to decrease capex (hardware and infrastructure costs) and opex (reduce power consumption, cooling), etc.

Next: Embedded is different

Design category: