Ten Windows
by Ralph Moore
February 1, 2022
I recently read Viewpoint: IoT and the cybersecurity industry's hardware blind spot by Shahram Mossayebi. It is well-written and informative. Although the Hardware Root of Trust (HRoT) based upon immutable device identity, as discussed in this article, may be essential, I don't think it is the complete solution for security of IoT devices. It does nothing about stack overflows, buffer overflows, etc. HRoT is akin to installing steel outside doors with stronger locks. I think that effective device security begins with the assumption that the cybercriminal is already inside — whether he got in by bribing the night watchman, posing as a security expert for a small OEM, or whatever, makes no difference. People are clever. If the reward is big enough, a criminal will find a way in.
Also, secure coding, alone, is not sufficient, because there are not enough embedded programmers to fix the more than 400 software CWEs (Common Weakness Enumerations) found so far, and counting. In fact, this appears to be a losing battle because the hackers are rapidly inventing new vulnerabilities.
I believe that isolated partitions are the most practical solution to the device security problem. They are akin to installing a steel door with a strong lock in every room and corridor in a castle, so no matter which of Shahram's ten open windows the hacker came through, he is still locked out. Even if the hacker brought a welding torch to cut through the room's steel door he finds himself in another locked room and no closer to the Crown Room where the gold and jewels are stored. Meanwhile, an alarm has been sounded and the castle guards are coming!
Isolated partitions are not a perfect solution, but I think they reduce the attack surface by orders of magnitude, thus allowing our embedded programmers to be deployed where their secure coding skills will have the greatest benefit. For more on isolated partitioning, see Achieving Device Security.
Ralph Moore is a graduate of Caltech. He and a partner started Micro Digital Inc. in 1975 as one of the first microprocessor design services. Now Ralph is primarily the Company RTOS innovator. He does all functions including product definition, architecture, design, coding, debugging, documenting, and assisting customers. Ralph's current focus is to improve the security of IoT and embedded devices through firmware partitioning. He believes that it is the most practical approach to achieving acceptable security for devices connected to networks and to the Cloud.
Copyright © 2022 Micro Digital, Inc. All rights reserved.
|