SlideShare una empresa de Scribd logo

High end security for low-end microcontrollers

Milosch Meriac
Milosch Meriac

Hardware-security acceleration on ARMv8-M systems. Presentation from the EmbeddedWorld Conference in 2017.

Presentaciones y charlas públicas
1 de 38
Descargar para leer sin conexión
©ARM 2017 High-end security features for low-end microcontrollers: Hardware-security acceleration on ARMv8-M systems Milosch Meriac Embedded World Conference Principal Security Engineer github.com/ARMmbed/uvisor 14 March 2017
©ARM 20162 Why is microcontroller security so hard?
©ARM 20173 The IoT revolution has increased connectivity requirements in embedded systems, but: • Many MCU developers lack sufficient security knowledge • Cost pressure prevents sophisticated security solutions • Reuse of old software that was not designed for security Microcontroller systems are usually… …. if a product is successful, it will attract hackers • Simple • Low cost • Deployed for a long time
©ARM 20174 Device lifetime The security of a system is dynamic over its lifetime. Lifetimes of home automation nodes can be 10+ years Attacks may be easily scaled The assumption of being hacked at some point requires a solid mitigation strategy for simple, reliable and inexpensive updates Do our defenses scale with our attackers? Assume you can’t prevent it Value of bugs is expressed by value = number_of_installations x device_value. Increased value and large deployments drive attackers - especially in the IoT. Massively parallelized security researchers/attackers vs. limited product development budgets and time frames. Microcontroller systems
©ARM 20175 A flat address space, as the result of lack of a memory management units (MMU), does not justify the absence of security. The resulting security model is identical to ancient computer systems from the 80’s – one remote exploits the whole system. Many microcontrollers like ARM Cortex-M3/M4 provide a hardware memory protection unit (MPU) as a good alternative to a MMU. Flat memory models
©ARM 20176 No separation Flat memory models and ignorance of MPUs prevents deployment of vital security models like “least privilege” Escalation Flat memory models enable escalation and persistence of bugs by uncontrolled writing to Flash memories Verification Security verification impossible due to the immense attack surface and lack of secure interfaces between system components Flat memory models Leakage “All your bases are belong to us” – thanks to leakage of device secrets like identity keys or even class secrets.
©ARM 20177 Securing microcontrollers? § Compartmentalization of threads and processes on microcontrollers § Private stack and data sections § Initialization of memory protection unit based on process permissions: § Whitelist approach – only required peripherals should be accessible to each box § Each box must have private .bss data and stack sections § Switch execution to non-secure side, continue boot unprivileged to initialize OS and libraries to reduce the attack surface
©ARM 20168 TrustZone for ARM ARMv8-M simplifies MCU security
©ARM 20179 ARM TrustZone Technology § Optional security extension for the ARMv8-M architecture § Security architecture for deeply embedded processors § Enables containerisation of software § Simplifies security assessment of embedded devices § Similar and compatible to existing TrustZone technology § New architecture tailored for embedded devices § Preserves low interrupt latencies of Cortex-M § Provides high performance cross-domain calling Bringing ARM security extensions to the embedded world
©ARM 201710 Applying ARM TrustZone to microcontrollers § ARMv8-M architecture as used in Cortex-M23 and Cortex-M33 systems § Introduced system level hardware security features § Security-aware DMA peripherals and debugging § Security extended to memories and peripherals through bus filters § Memory protection controllers (MPC) § Peripheral protection controllers (PPC) § CPU can run in secure and in non-secure states, with visibility for all bus peripherals § Efficient and privacy-enabled transitions between the two security modes § Two instances of the interrupt vector table, one for exclusive use on the secure side. § Stack overflow protection Secure regions Non-secure regions
©ARM 201611 Designing system security for microcontrollers
©ARM 201712 § Non-secure side cannot access secure resources. § Secure side has access to everything on the system. § Secure and Non-secure processes may implement independent scheduling. A simplified use case Composing systems from secure and non-secure security domains Firmware projectUser project Non-secure state Secure state System start Firmware Communication stack User application I/O driver Function calls Start Function calls Function calls
©ARM 201713 About TrustZone for ARMv8-M § A security barrier § Secure and Non-Secure code runs on the same core § Non-Secure code cannot access secure resources § Allows direct function calls between domains § Non-Secure to Secure API functions § Entry points protected use Secure Gateway (SG) instructions, non-secure side can’t jump past security checks on the secure side as a result § Entries only permitted in special secure memories with Non-Secure-callable attribute (NSC) § Secure to Non-Secure API functions § BLXNS instruction and FNC_RETURN used by the secure side to perform call-backs into the non-secure side Security extension for next generation Cortex-M processors R0 R1 R13 Secure Non-secure R14 R15 MSPLIM_S PSPLIM_S MSPLIM_NS PSPLIM_NS MSP_S PSP_S MSP_NS PSP_NS Secure handler mode Secure thread m ode Non-secure handler mode Non-secure thread mode Calls Calls
©ARM 201714 Support for multiple secure software libraries § Secure software library manager to handle context switching § Requires Secure privileged and unprivileged levels, and Secure MPU Software Library Manager (e.g. uVisor) Memory Protection Unit SW Lib A Privileged Unprivileged SW Lib B SW Lib C SW Lib X Secure MPU prevents software libraries from directly accessing each other’s data Secure firmware Non-secure Applications § Calling secure APIs from currently selected library § API executes without delay § Calling secure APIs from another Secure library i. Triggers Secure memory management exception ii. Library manager switches context to new MPU configuration iii. API call resumes
©ARM 201715 Secure device services on TrustZone: SDS § Use hardware-accelerated security context switching for low-latency system services § Secure Interrupt management § Secure GPIO access (pin-wise access) § Register Level / Bit Level access gateway § IPC § DMA-APIs § Shared Crypto Accelerators / Crypto API § Random Entropy Pool Drivers § Key Provisioning / Storage § Configuration Storage APIs § … and many more
©ARM 201616 ARMv8-M provides system security
©ARM 201717 Memory protection unit (MPU) § Major update from previous ARMv7-M version § Prevents application task from corrupting OS or other task data § Improves system reliability § User-configurable regions § Address § Size § Memory attributes § Access permissions § Optional in all Cortex-M processors (except Cortex-M0) Cortex-M MEMORY data for task A data for task C data for OS kernel data for task B I/O #2 I/O #1 I/O #0 I/O #n MPU MPU configuration OS kernel (privileged) task A task B task C ARM
©ARM 201718 ARMv8-M MPU features § MPU configuration registers is banked between Secure/Non-secure states § When running Secure code – use Secure MPU settings (MPU_S) § When running Non-Secure code – use Non-Secure MPU settings (MPU_NS) § Both MPUs are optional § Possible to have no MPU, an MPU in one domain or MPUs in both domains § Region count of MPUs can be different between different domains § Support 0 (no MPU), 4, 8, 12 and 16 regions + background regions § Software can use TT (Test Target) instruction to check MPU attributes for enabling portable software security models and security-aware libraries
©ARM 201719 § ARMv8-M adopts base and limit style comparators for regions § Replaces previous power-of-two size, sized aligned scheme § Simplifies software development, encouraging creation of safer software § Accelerates programming, potentially reducing context switch times. § MPU configurable down to 32-byte granularity. § New Device memory attribute definitions (ARMv8 alignment) PMSAv8 (Protected Memory System Arch. v8) Improved programmability and flexibility 1kB 16kB 256kB 1kB SINGLE 274kB REGION PMSAv7 PMSAv8 0x3BC00 0x80400 PMSA – Protected Memory System Architecture
©ARM 201720 The ARMv8-M MPU: key changes to ARMv7-M § The size of an MPU region can be any size in the granularity of 32 bytes.The previous restriction where region size must be 2^N is removed. § Sub-region-disable removed, regions are continuous now § Support for overlapping regions removed (apart from background region) § region priorities are not needed any more § New attribute definitions for device memories § Memory regions define memory attribute using an index value which is then looked up in a set of memory attribute registers
©ARM 201721 Interrupt handling in ARMv8-M § Each interrupt can be assigned toSecure or Non-Secure side § Some system exceptions are banked § e.g. SysTick timer is banked § Secure interrupts can be programmed to have higher priority than Non-secure IRQs § Same operations as in ARMv7-M in most cases (no extra latency) SysTick (NS) SysTick (S) IRQs Processor core NVIC Priority Secure IRQs Non- secure IRQs Secure IRQs Non- secure IRQs or Nested Vectored Interrupt Controller
©ARM 201722 CONFIDENTIAL Hardware stack protection: Stack limit registers § Stack limit registers are special registers § Access using MRS, MSR § In ARMv8-M the “Mainline” profile (Cortex-M23): § 4 stack limit registers § In ARMv8-M the “Baseline” profile (Cortex-M33): § Stack limit for Secure SPs only § Prevent secure stack overflowed into NS § NS software can use MPU for stack limit R0 R1 R13 Secure Non-secure R14 R15 MSPLIM_S PSPLIM_S MSPLIM_NS PSPLIM_NS MSP_S PSP_S MSP_NS PSP_NS
©ARM 201723 Defining system level security with the SAU § The security attribution unit (SAU) and the implementation defined attribution unit (IDAU) define access permissions for Secure/Non-Secure separation: § MPU defines § Access permissions based on Privileged/Unprivileged separation § Memory attributes (e.g. cache policy, XN) § Both of them § Based on (pre-)configured memory regions § SAU/IDAU regions and MPU regions are not necessarily correlated § Programmable in privileged state only (word accesses only)
©ARM 201724 Defining system level security with the IDAU § Use IDAU for primary memory partitioning. § Minimal TrustZone setup § Allows to use IDAU interface only, with zero SAU regions § Memory partitioning using the Memory Protection Controller (MPC) § Peripheral management using the Peripheral Protection Controller (PPC) § Fixed memory space for secure code entries: Non-Secure Callable (NSC) § Typical MCU setup is to use the IDAU interface and 8 SAU regions § Memory partitioning using Memory Protection Controller (MPC) § Peripheral management using Peripheral Protection Controller (PPC) § Secure memory set to NSC by programmable registers, use SAU to override to Secure, leaving small amount of memory as NSC
©ARM 201725 CONFIDENTIAL Security-aware peripherals § A peripheral can be designed to have different programming views when accessed in Secure state and in Non-Secure state § Accessible in Secure address and Non-Secure address § AHB5 / APB4 is needed forTrustZone support § Peripherals should be placed in Non-executable address spaces (to prevent code injection) Peripheral X Secure address range Non-secure address range HNONSEC or PPROT[1] = 0 HNONSEC or PPROT[1] = 1 Default design approach – Secure and Non-secure aliases Note: HNONSEC is an AHB5 signal. PPROT is an APBv2 signal with same information.
©ARM 201726 CONFIDENTIAL Alias of the same memory macro Secure address alias. Accessible by secure SW Non-Secure address alias #0 #1 #2 #3 #4 #5 #0 #1 #2 #3 #4 #5 Block base memory protection controller: MPC § Partition address space § Break down memory space into pages § Each page visible only on one alias (Secure or Non-Secure) § Ideal for embedded flash - with flash erase sector sized pages § Only one configuration-register-bit per page to control access § Suitable for SRAM protection in advanced OS’s § e.g.ARM mbedOS uVisor: github.com/ARMmbed/uvisor § design of gating unit can be complex
©ARM 201727 CONFIDENTIAL Watermark based memory protection controller § Partition memory address space using watermark levels § Each memory segment is visible in one of the address aliases § Easy to design, low gate count § Less flexible in terms of memory layout § Recommended for DDR/SDRAM § Suitable for typical MCU software § Static allocation of Secure/Non-secure memories § Not ideal for advanced OS’s Aliases of the same memory Secure access by secure SW Non-secure accesses Watermark Watermark
©ARM 201728 IDAU/SAU summary: Security defined by address § All addresses are either Secure or Non-secure. § Policing managed by Secure Attribution Unit (SAU) § SAU internally similar to MPU § Implementation Defined Attribution Unit (IDAU) interface for adding hardware based default policing rules § Supports use of external system-level definitions § e.g. based on flash blocks or per peripheral § Banked MPU configuration across Secure/Non-Secure § Independent memory protection per security state § Secure OS can be completely decoupled from Non-secure OS § Load/stores acquire NS attribute based on address § Non-secure access attempts to a secure address results in a memory fault All transactions from core and debugger checked Non-Secure MPU Secure MPU Security Attribution Unit (SAU) System Level Control Request from CPU Request to System System specific IDAU
©ARM 201629 Microcontroller security: Practical use cases
©ARM 201730 Simplified software security with TrustZone for ARMv8-M AMBA 5 AHB5 interconnect Processor (ARMv8-M) Secure regions Non-secure regions Secure Boot loader Secure access only Memory Protection Controller Flash (Page based partitioning) System Security ControllerSRAM (Watermark level based partitioning) Peripheral Protection Controller AHB5 to APB bridge TrustZone aware bus master Legacy bus master (Non-Secure) Security wrapper Memory Protection Controller Security wrapper Legacy bus master (Secure) Peripheral Protection Controller IDAU IDAU IDAU IDAU APB Peripherals APB Peripherals
©ARM 201731 § Trusted messages contain commands, data or firmware parts. § Box security not affected by communication stack exploits or infections outside of trusted box. § Payload delivery is agnostic of protocol stack. § Resilient box communication over the available channels: § Ethernet, CAN-Bus, USB, Serial § Bluetooth,Wi-Fi, ZigBee, 6LoWPAN Use case: Secure outbound communication Exposed box with communication stack Decrypt and verify using DTLS GAP Secured and trusted device process GATT AP BLE LL Trusted box without communication Stack Opaque Block Commands, Data, Firmware Blob Opaque Bluetooth Communication Stack ExposedApplicationCode IoT Device owned by user. Initial identity provisioned by System Integrator Messages delivered agnostic of communication stack
©ARM 201732 § Communication protected using TLS. § Raw message payloads decrypted and verified directly by protected code: § TLS protocol box not exposed to communication protocol stack bugs. § No interference by other boxes. § Low attack surface. § Authentication and encryption keys are protected against malware. § Malware cannot interfere without knowing the encryption or signing keys. Use case: Secure server communication Exposed box with communication stack Decrypt and verify using DTLS TLS box handles only the SSL protocol Opaque BlockOpaque Initial keys provisioned by System Integrator. Messages decoded independent of stacks using mbed TLS in separate security context ExposedApplicationCode Decryption Keys Decrypted BlockDecrypted IP Stack
©ARM 201733 Use case: Secure remote firmware update Exposed box with communication stack GAP GATT AP BLE LL Bluetooth Communication Stack Flash interface box protected by mbed uVisor – without own communication stack CustomApplicationCode Opaque Block IoT device owned by user, Initial identity provisioned by System Integrator, Messages delivered independent of stacks Firmware update blocks FW005 Firmware Update Image Secure Storage, Firmware Update Blocks Re-flash Untrusted Application Upon Completion Opaque Secured and trusted device process Decrypt and verify using DTLS § Delivery of firmware update must be decoupled from a protocol-independent firmware image verification § Bugs in communication stacks or cloud infrastructure must not compromise the firmware update § End-to-end security for firmware updates between the firmware developer and the secure box Note: You can find the extended version of this slide at page 37
©ARM 201734 Use case: Controlled malware recovery § Secure box can remotely recover from malware: § Enforces communication through the exposed side to the server § Thanks to flash controller ACL restrictions, malware cannot modify monitor code or install itself into non-volatile memories § When communication breaks with the server: § Parts of the device stack are reset to a known-good state § Disambiguation from Network failure § Reset prevents malware from staying on the device § Device switches to a safe mode to rule out network problems or to remotely update the firmware via reboot if needed https://commons.wikimedia.org/wiki/File:Biohazard.svg Note: You can find the extended version of this slide at page 38
Download ARM’s detailed paper on the topics presented https://github.com/ARMmbed/uvisor/ Follow ARMmbed uVisor development on github.com, a reference implementation for ARMv8-M security Contact Milosch Meriac milosch.meriac@arm.com Thank you! Questions? The trademarks featured in this presentation are registered and/or unregistered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners. Copyright © 2017 ARM Limited
©ARM 201636 Extended Slides
©ARM 201737 Use case: Secure remote firmware update Exposed box with communication stack GAP GATT AP BLE LL Bluetooth Communication Stack Flash interface box protected by mbed uVisor – without own communication stack CustomApplicationCode Opaque Block IoT device owned by user, Initial identity provisioned by System Integrator, Messages delivered independent of stacks Firmware update blocks FW005 Firmware Update Image Secure Storage, Firmware Update Blocks Re-flash Untrusted Application Upon Completion Opaque Secured and trusted device process Decrypt and verify using DTLS § Delivery of firmware update must be decoupled from a protocol-independent firmware image verification § Bugs in communication stacks or cloud infrastructure must not compromise the firmware update: § End-to-end security for firmware updates between the firmware developer and the secure box § Secure box on the device has exclusive flash-write- access § Box with flash controller ACLs only needs the public update key to verify validity of firmware. § Local malware can’t forge a valid firmware signature to the firmware update box, the required private firmware signature key is not in the device.
©ARM 201738 Use case: Controlled malware recovery § Secure box can remotely recover from malware: § Enforces communication through the exposed side to the server. § Receives latest security rules and virus behaviour fingerprints for detection. § Shares detected pattern fingerprint matches with control server § Distributed detection of viruses and live infrastructure attacks. § Thanks to flash controller ACL restrictions, malware cannot modify monitor code or install itself into non-volatile memories. § When communication with the server breaks for a minimum time: § Disambiguation from Network failure § Parts of the device stack are reset to a known-good state. § Reset prevents malware from staying on the device. § Device switches to a safe mode to rule out network problems or to remotely update the firmware via reboot if needed. https://commons.wikimedia.org/wiki/File:Biohazard.svg

Recomendados

Practical real-time operating system security for the masses
Practical real-time operating system security for the massesPractical real-time operating system security for the masses
Practical real-time operating system security for the massesMilosch Meriac
 
Software development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiuSoftware development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiuArm
 
Developing functional safety systems with arm architecture solutions stroud
Developing functional safety systems with arm architecture solutions stroudDeveloping functional safety systems with arm architecture solutions stroud
Developing functional safety systems with arm architecture solutions stroudArm
 
Resilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security modelsResilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security modelsMilosch Meriac
 
A practical approach to securing embedded and io t platforms
A practical approach to securing embedded and io t platformsA practical approach to securing embedded and io t platforms
A practical approach to securing embedded and io t platformsArm
 
The importance of strong entropy for iot
The importance of strong entropy for iotThe importance of strong entropy for iot
The importance of strong entropy for iotArm
 
So you think developing an SoC needs to be complex or expensive?
So you think developing an SoC needs to be complex or expensive?So you think developing an SoC needs to be complex or expensive?
So you think developing an SoC needs to be complex or expensive?Arm
 
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystemmbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystemarmmbed
 

Recomendados

Practical real-time operating system security for the masses
Practical real-time operating system security for the massesPractical real-time operating system security for the masses
Practical real-time operating system security for the massesMilosch Meriac
 
Software development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiuSoftware development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiuArm
 
Developing functional safety systems with arm architecture solutions stroud
Developing functional safety systems with arm architecture solutions stroudDeveloping functional safety systems with arm architecture solutions stroud
Developing functional safety systems with arm architecture solutions stroudArm
 
Resilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security modelsResilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security modelsMilosch Meriac
 
A practical approach to securing embedded and io t platforms
A practical approach to securing embedded and io t platformsA practical approach to securing embedded and io t platforms
A practical approach to securing embedded and io t platformsArm
 
The importance of strong entropy for iot
The importance of strong entropy for iotThe importance of strong entropy for iot
The importance of strong entropy for iotArm
 
So you think developing an SoC needs to be complex or expensive?
So you think developing an SoC needs to be complex or expensive?So you think developing an SoC needs to be complex or expensive?
So you think developing an SoC needs to be complex or expensive?Arm
 
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystemmbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystemarmmbed
 
BKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T SystemsBKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T SystemsLinaro
 
Introduction to ARM mbed-OS 3.0 uvisor
Introduction to ARM mbed-OS 3.0 uvisorIntroduction to ARM mbed-OS 3.0 uvisor
Introduction to ARM mbed-OS 3.0 uvisorViller Hsiao
 
mbed Connect Asia 2016 Developing IoT devices with mbed OS 5
mbed Connect Asia 2016 Developing IoT devices with mbed OS 5mbed Connect Asia 2016 Developing IoT devices with mbed OS 5
mbed Connect Asia 2016 Developing IoT devices with mbed OS 5armmbed
 
Software defined security-framework_final
Software defined security-framework_finalSoftware defined security-framework_final
Software defined security-framework_finalLan & Wan Solutions
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network ArchitecturesEnergySec
 
ARM: Trusted Zone on Android
ARM: Trusted Zone on AndroidARM: Trusted Zone on Android
ARM: Trusted Zone on AndroidKan-Han (John) Lu
 
Hillstone-Corporate-Overview-EN-V3.0
Hillstone-Corporate-Overview-EN-V3.0Hillstone-Corporate-Overview-EN-V3.0
Hillstone-Corporate-Overview-EN-V3.0Shamal Abeyrathne
 
mbed Connect Asia 2016 mbed Enabled
mbed Connect Asia 2016 mbed Enabledmbed Connect Asia 2016 mbed Enabled
mbed Connect Asia 2016 mbed Enabledarmmbed
 
FortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation FirewallFortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation FirewallShilaThak
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosCisco Canada
 
Fortinet Icon Library
Fortinet Icon LibraryFortinet Icon Library
Fortinet Icon LibraryFortinet
 
Opc e book_2021_3rd_edition_lay06
Opc e book_2021_3rd_edition_lay06Opc e book_2021_3rd_edition_lay06
Opc e book_2021_3rd_edition_lay06Tiago Oliveira
 
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...Tony Pearson
 
Asa sslvpn security
Asa sslvpn securityAsa sslvpn security
Asa sslvpn securityJack Melson
 
Build Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-SegmentationBuild Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-SegmentationWestermo Network Technologies
 
Fortinet sandboxing
Fortinet sandboxingFortinet sandboxing
Fortinet sandboxingNick Straughan
 
Workshop 16 october 2015 paris
Workshop 16 october 2015 parisWorkshop 16 october 2015 paris
Workshop 16 october 2015 parisMarcel Hartgerink
 
Android security maximized by samsung knox
Android security maximized by samsung knoxAndroid security maximized by samsung knox
Android security maximized by samsung knoxJavier Gonzalez
 
Secure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDMSecure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDMBill McGee
 
Fg80 series
Fg80 seriesFg80 series
Fg80 seriespatchs
 
LAS16-203: Platform security architecture for embedded devices
LAS16-203: Platform security architecture for embedded devicesLAS16-203: Platform security architecture for embedded devices
LAS16-203: Platform security architecture for embedded devicesLinaro
 
Review of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptxReview of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptxssusere142fe
 

Más contenido relacionado

La actualidad más candente

BKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T SystemsBKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T SystemsLinaro
 
Introduction to ARM mbed-OS 3.0 uvisor
Introduction to ARM mbed-OS 3.0 uvisorIntroduction to ARM mbed-OS 3.0 uvisor
Introduction to ARM mbed-OS 3.0 uvisorViller Hsiao
 
mbed Connect Asia 2016 Developing IoT devices with mbed OS 5
mbed Connect Asia 2016 Developing IoT devices with mbed OS 5mbed Connect Asia 2016 Developing IoT devices with mbed OS 5
mbed Connect Asia 2016 Developing IoT devices with mbed OS 5armmbed
 
Software defined security-framework_final
Software defined security-framework_finalSoftware defined security-framework_final
Software defined security-framework_finalLan & Wan Solutions
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network ArchitecturesEnergySec
 
ARM: Trusted Zone on Android
ARM: Trusted Zone on AndroidARM: Trusted Zone on Android
ARM: Trusted Zone on AndroidKan-Han (John) Lu
 
Hillstone-Corporate-Overview-EN-V3.0
Hillstone-Corporate-Overview-EN-V3.0Hillstone-Corporate-Overview-EN-V3.0
Hillstone-Corporate-Overview-EN-V3.0Shamal Abeyrathne
 
mbed Connect Asia 2016 mbed Enabled
mbed Connect Asia 2016 mbed Enabledmbed Connect Asia 2016 mbed Enabled
mbed Connect Asia 2016 mbed Enabledarmmbed
 
FortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation FirewallFortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation FirewallShilaThak
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosCisco Canada
 
Fortinet Icon Library
Fortinet Icon LibraryFortinet Icon Library
Fortinet Icon LibraryFortinet
 
Opc e book_2021_3rd_edition_lay06
Opc e book_2021_3rd_edition_lay06Opc e book_2021_3rd_edition_lay06
Opc e book_2021_3rd_edition_lay06Tiago Oliveira
 
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...Tony Pearson
 
Asa sslvpn security
Asa sslvpn securityAsa sslvpn security
Asa sslvpn securityJack Melson
 
Build Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-SegmentationBuild Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-SegmentationWestermo Network Technologies
 
Workshop 16 october 2015 paris
Workshop 16 october 2015 parisWorkshop 16 october 2015 paris
Workshop 16 october 2015 parisMarcel Hartgerink
 
Android security maximized by samsung knox
Android security maximized by samsung knoxAndroid security maximized by samsung knox
Android security maximized by samsung knoxJavier Gonzalez
 
Secure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDMSecure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDMBill McGee
 
Fg80 series
Fg80 seriesFg80 series
Fg80 seriespatchs
 

La actualidad más candente (20)

BKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T SystemsBKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T Systems
 
Introduction to ARM mbed-OS 3.0 uvisor
Introduction to ARM mbed-OS 3.0 uvisorIntroduction to ARM mbed-OS 3.0 uvisor
Introduction to ARM mbed-OS 3.0 uvisor
 
mbed Connect Asia 2016 Developing IoT devices with mbed OS 5
mbed Connect Asia 2016 Developing IoT devices with mbed OS 5mbed Connect Asia 2016 Developing IoT devices with mbed OS 5
mbed Connect Asia 2016 Developing IoT devices with mbed OS 5
 
Software defined security-framework_final
Software defined security-framework_finalSoftware defined security-framework_final
Software defined security-framework_final
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network Architectures
 
ARM: Trusted Zone on Android
ARM: Trusted Zone on AndroidARM: Trusted Zone on Android
ARM: Trusted Zone on Android
 
Hillstone-Corporate-Overview-EN-V3.0
Hillstone-Corporate-Overview-EN-V3.0Hillstone-Corporate-Overview-EN-V3.0
Hillstone-Corporate-Overview-EN-V3.0
 
mbed Connect Asia 2016 mbed Enabled
mbed Connect Asia 2016 mbed Enabledmbed Connect Asia 2016 mbed Enabled
mbed Connect Asia 2016 mbed Enabled
 
FortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation FirewallFortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment Scenarios
 
Fortinet Icon Library
Fortinet Icon LibraryFortinet Icon Library
Fortinet Icon Library
 
Opc e book_2021_3rd_edition_lay06
Opc e book_2021_3rd_edition_lay06Opc e book_2021_3rd_edition_lay06
Opc e book_2021_3rd_edition_lay06
 
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
 
Asa sslvpn security
Asa sslvpn securityAsa sslvpn security
Asa sslvpn security
 
Build Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-SegmentationBuild Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-Segmentation
 
Fortinet sandboxing
Fortinet sandboxingFortinet sandboxing
Fortinet sandboxing
 
Workshop 16 october 2015 paris
Workshop 16 october 2015 parisWorkshop 16 october 2015 paris
Workshop 16 october 2015 paris
 
Android security maximized by samsung knox
Android security maximized by samsung knoxAndroid security maximized by samsung knox
Android security maximized by samsung knox
 
Secure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDMSecure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDM
 
Fg80 series
Fg80 seriesFg80 series
Fg80 series
 

Similar a High end security for low-end microcontrollers

LAS16-203: Platform security architecture for embedded devices
LAS16-203: Platform security architecture for embedded devicesLAS16-203: Platform security architecture for embedded devices
LAS16-203: Platform security architecture for embedded devicesLinaro
 
Review of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptxReview of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptxssusere142fe
 
Thesis presentation
Thesis presentationThesis presentation
Thesis presentationCHIACHE lee
 
08680982.pdfArchitectures for Security A comparative anal.docx
08680982.pdfArchitectures for Security A comparative anal.docx08680982.pdfArchitectures for Security A comparative anal.docx
08680982.pdfArchitectures for Security A comparative anal.docxcroftsshanon
 
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...FFRI, Inc.
 
Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17LennartF
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Linaro
 
Towards Software Defined Persistent Memory
Towards Software Defined Persistent MemoryTowards Software Defined Persistent Memory
Towards Software Defined Persistent MemorySwaminathan Sundararaman
 
Reconfigurable trust forembeddedcomputingplatforms
Reconfigurable trust forembeddedcomputingplatformsReconfigurable trust forembeddedcomputingplatforms
Reconfigurable trust forembeddedcomputingplatformsAbdullah Deeb
 
Optimizing ARM cortex a and cortex-m based heterogeneous multiprocessor syste...
Optimizing ARM cortex a and cortex-m based heterogeneous multiprocessor syste...Optimizing ARM cortex a and cortex-m based heterogeneous multiprocessor syste...
Optimizing ARM cortex a and cortex-m based heterogeneous multiprocessor syste...Arm
 
Next Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by KasperskyNext Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by KasperskyL. Duke Golden
 
Kl iot cebit_dg_200317_finalmktg
Kl iot cebit_dg_200317_finalmktgKl iot cebit_dg_200317_finalmktg
Kl iot cebit_dg_200317_finalmktgL. Duke Golden
 
Design and Development of ARM9 Based Embedded Web Server
Design and Development of ARM9 Based Embedded Web ServerDesign and Development of ARM9 Based Embedded Web Server
Design and Development of ARM9 Based Embedded Web ServerIJERA Editor
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro
 
Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...
Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...
Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...ST_World
 
Specification_of_NVRAM_Manager.pptx
Specification_of_NVRAM_Manager.pptxSpecification_of_NVRAM_Manager.pptx
Specification_of_NVRAM_Manager.pptxPushkarBaheti1
 
Information Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric VanderburgInformation Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric VanderburgEric Vanderburg
 
Future of Power: PureFlex and IBM i - Erik Rex
Future of Power: PureFlex and IBM i - Erik RexFuture of Power: PureFlex and IBM i - Erik Rex
Future of Power: PureFlex and IBM i - Erik RexIBM Danmark
 
Confidential Computing overview
Confidential Computing overviewConfidential Computing overview
Confidential Computing overviewMark Argent
 
HKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8MHKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8MLinaro
 

Similar a High end security for low-end microcontrollers (20)

LAS16-203: Platform security architecture for embedded devices
LAS16-203: Platform security architecture for embedded devicesLAS16-203: Platform security architecture for embedded devices
LAS16-203: Platform security architecture for embedded devices
 
Review of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptxReview of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptx
 
Thesis presentation
Thesis presentationThesis presentation
Thesis presentation
 
08680982.pdfArchitectures for Security A comparative anal.docx
08680982.pdfArchitectures for Security A comparative anal.docx08680982.pdfArchitectures for Security A comparative anal.docx
08680982.pdfArchitectures for Security A comparative anal.docx
 
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
 
Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
 
Towards Software Defined Persistent Memory
Towards Software Defined Persistent MemoryTowards Software Defined Persistent Memory
Towards Software Defined Persistent Memory
 
Reconfigurable trust forembeddedcomputingplatforms
Reconfigurable trust forembeddedcomputingplatformsReconfigurable trust forembeddedcomputingplatforms
Reconfigurable trust forembeddedcomputingplatforms
 
Optimizing ARM cortex a and cortex-m based heterogeneous multiprocessor syste...
Optimizing ARM cortex a and cortex-m based heterogeneous multiprocessor syste...Optimizing ARM cortex a and cortex-m based heterogeneous multiprocessor syste...
Optimizing ARM cortex a and cortex-m based heterogeneous multiprocessor syste...
 
Next Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by KasperskyNext Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by Kaspersky
 
Kl iot cebit_dg_200317_finalmktg
Kl iot cebit_dg_200317_finalmktgKl iot cebit_dg_200317_finalmktg
Kl iot cebit_dg_200317_finalmktg
 
Design and Development of ARM9 Based Embedded Web Server
Design and Development of ARM9 Based Embedded Web ServerDesign and Development of ARM9 Based Embedded Web Server
Design and Development of ARM9 Based Embedded Web Server
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
 
Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...
Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...
Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...
 
Specification_of_NVRAM_Manager.pptx
Specification_of_NVRAM_Manager.pptxSpecification_of_NVRAM_Manager.pptx
Specification_of_NVRAM_Manager.pptx
 
Information Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric VanderburgInformation Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric Vanderburg
 
Future of Power: PureFlex and IBM i - Erik Rex
Future of Power: PureFlex and IBM i - Erik RexFuture of Power: PureFlex and IBM i - Erik Rex
Future of Power: PureFlex and IBM i - Erik Rex
 
Confidential Computing overview
Confidential Computing overviewConfidential Computing overview
Confidential Computing overview
 
HKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8MHKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8M
 

Último

George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024eCommerce Institute
 
Mathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMoumonDas2
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaKayode Fayemi
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AITatiana Gurgel
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024eCommerce Institute
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Delhi Call girls
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Chameera Dedduwage
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyPooja Nehwal
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...Sheetaleventcompany
 
Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsaqsarehman5055
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar TrainingKylaCullinane
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Hasting Chen
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Vipesco
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesPooja Nehwal
 
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, YardstickSaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, Yardsticksaastr
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxNikitaBankoti2
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxraffaeleoman
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubssamaasim06
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxmohammadalnahdi22
 

Último (20)

George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024
 
Mathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptx
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AI
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
 
Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animals
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar Training
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
 
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, YardstickSaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubs
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
 

High end security for low-end microcontrollers

  • 1. ©ARM 2017 High-end security features for low-end microcontrollers: Hardware-security acceleration on ARMv8-M systems Milosch Meriac Embedded World Conference Principal Security Engineer github.com/ARMmbed/uvisor 14 March 2017
  • 3. ©ARM 20173 The IoT revolution has increased connectivity requirements in embedded systems, but: • Many MCU developers lack sufficient security knowledge • Cost pressure prevents sophisticated security solutions • Reuse of old software that was not designed for security Microcontroller systems are usually… …. if a product is successful, it will attract hackers • Simple • Low cost • Deployed for a long time
  • 4. ©ARM 20174 Device lifetime The security of a system is dynamic over its lifetime. Lifetimes of home automation nodes can be 10+ years Attacks may be easily scaled The assumption of being hacked at some point requires a solid mitigation strategy for simple, reliable and inexpensive updates Do our defenses scale with our attackers? Assume you can’t prevent it Value of bugs is expressed by value = number_of_installations x device_value. Increased value and large deployments drive attackers - especially in the IoT. Massively parallelized security researchers/attackers vs. limited product development budgets and time frames. Microcontroller systems
  • 5. ©ARM 20175 A flat address space, as the result of lack of a memory management units (MMU), does not justify the absence of security. The resulting security model is identical to ancient computer systems from the 80’s – one remote exploits the whole system. Many microcontrollers like ARM Cortex-M3/M4 provide a hardware memory protection unit (MPU) as a good alternative to a MMU. Flat memory models
  • 6. ©ARM 20176 No separation Flat memory models and ignorance of MPUs prevents deployment of vital security models like “least privilege” Escalation Flat memory models enable escalation and persistence of bugs by uncontrolled writing to Flash memories Verification Security verification impossible due to the immense attack surface and lack of secure interfaces between system components Flat memory models Leakage “All your bases are belong to us” – thanks to leakage of device secrets like identity keys or even class secrets.
  • 7. ©ARM 20177 Securing microcontrollers? § Compartmentalization of threads and processes on microcontrollers § Private stack and data sections § Initialization of memory protection unit based on process permissions: § Whitelist approach – only required peripherals should be accessible to each box § Each box must have private .bss data and stack sections § Switch execution to non-secure side, continue boot unprivileged to initialize OS and libraries to reduce the attack surface
  • 8. ©ARM 20168 TrustZone for ARM ARMv8-M simplifies MCU security
  • 9. ©ARM 20179 ARM TrustZone Technology § Optional security extension for the ARMv8-M architecture § Security architecture for deeply embedded processors § Enables containerisation of software § Simplifies security assessment of embedded devices § Similar and compatible to existing TrustZone technology § New architecture tailored for embedded devices § Preserves low interrupt latencies of Cortex-M § Provides high performance cross-domain calling Bringing ARM security extensions to the embedded world
  • 10. ©ARM 201710 Applying ARM TrustZone to microcontrollers § ARMv8-M architecture as used in Cortex-M23 and Cortex-M33 systems § Introduced system level hardware security features § Security-aware DMA peripherals and debugging § Security extended to memories and peripherals through bus filters § Memory protection controllers (MPC) § Peripheral protection controllers (PPC) § CPU can run in secure and in non-secure states, with visibility for all bus peripherals § Efficient and privacy-enabled transitions between the two security modes § Two instances of the interrupt vector table, one for exclusive use on the secure side. § Stack overflow protection Secure regions Non-secure regions
  • 11. ©ARM 201611 Designing system security for microcontrollers
  • 12. ©ARM 201712 § Non-secure side cannot access secure resources. § Secure side has access to everything on the system. § Secure and Non-secure processes may implement independent scheduling. A simplified use case Composing systems from secure and non-secure security domains Firmware projectUser project Non-secure state Secure state System start Firmware Communication stack User application I/O driver Function calls Start Function calls Function calls
  • 13. ©ARM 201713 About TrustZone for ARMv8-M § A security barrier § Secure and Non-Secure code runs on the same core § Non-Secure code cannot access secure resources § Allows direct function calls between domains § Non-Secure to Secure API functions § Entry points protected use Secure Gateway (SG) instructions, non-secure side can’t jump past security checks on the secure side as a result § Entries only permitted in special secure memories with Non-Secure-callable attribute (NSC) § Secure to Non-Secure API functions § BLXNS instruction and FNC_RETURN used by the secure side to perform call-backs into the non-secure side Security extension for next generation Cortex-M processors R0 R1 R13 Secure Non-secure R14 R15 MSPLIM_S PSPLIM_S MSPLIM_NS PSPLIM_NS MSP_S PSP_S MSP_NS PSP_NS Secure handler mode Secure thread m ode Non-secure handler mode Non-secure thread mode Calls Calls
  • 14. ©ARM 201714 Support for multiple secure software libraries § Secure software library manager to handle context switching § Requires Secure privileged and unprivileged levels, and Secure MPU Software Library Manager (e.g. uVisor) Memory Protection Unit SW Lib A Privileged Unprivileged SW Lib B SW Lib C SW Lib X Secure MPU prevents software libraries from directly accessing each other’s data Secure firmware Non-secure Applications § Calling secure APIs from currently selected library § API executes without delay § Calling secure APIs from another Secure library i. Triggers Secure memory management exception ii. Library manager switches context to new MPU configuration iii. API call resumes
  • 15. ©ARM 201715 Secure device services on TrustZone: SDS § Use hardware-accelerated security context switching for low-latency system services § Secure Interrupt management § Secure GPIO access (pin-wise access) § Register Level / Bit Level access gateway § IPC § DMA-APIs § Shared Crypto Accelerators / Crypto API § Random Entropy Pool Drivers § Key Provisioning / Storage § Configuration Storage APIs § … and many more
  • 16. ©ARM 201616 ARMv8-M provides system security
  • 17. ©ARM 201717 Memory protection unit (MPU) § Major update from previous ARMv7-M version § Prevents application task from corrupting OS or other task data § Improves system reliability § User-configurable regions § Address § Size § Memory attributes § Access permissions § Optional in all Cortex-M processors (except Cortex-M0) Cortex-M MEMORY data for task A data for task C data for OS kernel data for task B I/O #2 I/O #1 I/O #0 I/O #n MPU MPU configuration OS kernel (privileged) task A task B task C ARM
  • 18. ©ARM 201718 ARMv8-M MPU features § MPU configuration registers is banked between Secure/Non-secure states § When running Secure code – use Secure MPU settings (MPU_S) § When running Non-Secure code – use Non-Secure MPU settings (MPU_NS) § Both MPUs are optional § Possible to have no MPU, an MPU in one domain or MPUs in both domains § Region count of MPUs can be different between different domains § Support 0 (no MPU), 4, 8, 12 and 16 regions + background regions § Software can use TT (Test Target) instruction to check MPU attributes for enabling portable software security models and security-aware libraries
  • 19. ©ARM 201719 § ARMv8-M adopts base and limit style comparators for regions § Replaces previous power-of-two size, sized aligned scheme § Simplifies software development, encouraging creation of safer software § Accelerates programming, potentially reducing context switch times. § MPU configurable down to 32-byte granularity. § New Device memory attribute definitions (ARMv8 alignment) PMSAv8 (Protected Memory System Arch. v8) Improved programmability and flexibility 1kB 16kB 256kB 1kB SINGLE 274kB REGION PMSAv7 PMSAv8 0x3BC00 0x80400 PMSA – Protected Memory System Architecture
  • 20. ©ARM 201720 The ARMv8-M MPU: key changes to ARMv7-M § The size of an MPU region can be any size in the granularity of 32 bytes.The previous restriction where region size must be 2^N is removed. § Sub-region-disable removed, regions are continuous now § Support for overlapping regions removed (apart from background region) § region priorities are not needed any more § New attribute definitions for device memories § Memory regions define memory attribute using an index value which is then looked up in a set of memory attribute registers
  • 21. ©ARM 201721 Interrupt handling in ARMv8-M § Each interrupt can be assigned toSecure or Non-Secure side § Some system exceptions are banked § e.g. SysTick timer is banked § Secure interrupts can be programmed to have higher priority than Non-secure IRQs § Same operations as in ARMv7-M in most cases (no extra latency) SysTick (NS) SysTick (S) IRQs Processor core NVIC Priority Secure IRQs Non- secure IRQs Secure IRQs Non- secure IRQs or Nested Vectored Interrupt Controller
  • 22. ©ARM 201722 CONFIDENTIAL Hardware stack protection: Stack limit registers § Stack limit registers are special registers § Access using MRS, MSR § In ARMv8-M the “Mainline” profile (Cortex-M23): § 4 stack limit registers § In ARMv8-M the “Baseline” profile (Cortex-M33): § Stack limit for Secure SPs only § Prevent secure stack overflowed into NS § NS software can use MPU for stack limit R0 R1 R13 Secure Non-secure R14 R15 MSPLIM_S PSPLIM_S MSPLIM_NS PSPLIM_NS MSP_S PSP_S MSP_NS PSP_NS
  • 23. ©ARM 201723 Defining system level security with the SAU § The security attribution unit (SAU) and the implementation defined attribution unit (IDAU) define access permissions for Secure/Non-Secure separation: § MPU defines § Access permissions based on Privileged/Unprivileged separation § Memory attributes (e.g. cache policy, XN) § Both of them § Based on (pre-)configured memory regions § SAU/IDAU regions and MPU regions are not necessarily correlated § Programmable in privileged state only (word accesses only)
  • 24. ©ARM 201724 Defining system level security with the IDAU § Use IDAU for primary memory partitioning. § Minimal TrustZone setup § Allows to use IDAU interface only, with zero SAU regions § Memory partitioning using the Memory Protection Controller (MPC) § Peripheral management using the Peripheral Protection Controller (PPC) § Fixed memory space for secure code entries: Non-Secure Callable (NSC) § Typical MCU setup is to use the IDAU interface and 8 SAU regions § Memory partitioning using Memory Protection Controller (MPC) § Peripheral management using Peripheral Protection Controller (PPC) § Secure memory set to NSC by programmable registers, use SAU to override to Secure, leaving small amount of memory as NSC
  • 25. ©ARM 201725 CONFIDENTIAL Security-aware peripherals § A peripheral can be designed to have different programming views when accessed in Secure state and in Non-Secure state § Accessible in Secure address and Non-Secure address § AHB5 / APB4 is needed forTrustZone support § Peripherals should be placed in Non-executable address spaces (to prevent code injection) Peripheral X Secure address range Non-secure address range HNONSEC or PPROT[1] = 0 HNONSEC or PPROT[1] = 1 Default design approach – Secure and Non-secure aliases Note: HNONSEC is an AHB5 signal. PPROT is an APBv2 signal with same information.
  • 26. ©ARM 201726 CONFIDENTIAL Alias of the same memory macro Secure address alias. Accessible by secure SW Non-Secure address alias #0 #1 #2 #3 #4 #5 #0 #1 #2 #3 #4 #5 Block base memory protection controller: MPC § Partition address space § Break down memory space into pages § Each page visible only on one alias (Secure or Non-Secure) § Ideal for embedded flash - with flash erase sector sized pages § Only one configuration-register-bit per page to control access § Suitable for SRAM protection in advanced OS’s § e.g.ARM mbedOS uVisor: github.com/ARMmbed/uvisor § design of gating unit can be complex
  • 27. ©ARM 201727 CONFIDENTIAL Watermark based memory protection controller § Partition memory address space using watermark levels § Each memory segment is visible in one of the address aliases § Easy to design, low gate count § Less flexible in terms of memory layout § Recommended for DDR/SDRAM § Suitable for typical MCU software § Static allocation of Secure/Non-secure memories § Not ideal for advanced OS’s Aliases of the same memory Secure access by secure SW Non-secure accesses Watermark Watermark
  • 28. ©ARM 201728 IDAU/SAU summary: Security defined by address § All addresses are either Secure or Non-secure. § Policing managed by Secure Attribution Unit (SAU) § SAU internally similar to MPU § Implementation Defined Attribution Unit (IDAU) interface for adding hardware based default policing rules § Supports use of external system-level definitions § e.g. based on flash blocks or per peripheral § Banked MPU configuration across Secure/Non-Secure § Independent memory protection per security state § Secure OS can be completely decoupled from Non-secure OS § Load/stores acquire NS attribute based on address § Non-secure access attempts to a secure address results in a memory fault All transactions from core and debugger checked Non-Secure MPU Secure MPU Security Attribution Unit (SAU) System Level Control Request from CPU Request to System System specific IDAU
  • 30. ©ARM 201730 Simplified software security with TrustZone for ARMv8-M AMBA 5 AHB5 interconnect Processor (ARMv8-M) Secure regions Non-secure regions Secure Boot loader Secure access only Memory Protection Controller Flash (Page based partitioning) System Security ControllerSRAM (Watermark level based partitioning) Peripheral Protection Controller AHB5 to APB bridge TrustZone aware bus master Legacy bus master (Non-Secure) Security wrapper Memory Protection Controller Security wrapper Legacy bus master (Secure) Peripheral Protection Controller IDAU IDAU IDAU IDAU APB Peripherals APB Peripherals
  • 31. ©ARM 201731 § Trusted messages contain commands, data or firmware parts. § Box security not affected by communication stack exploits or infections outside of trusted box. § Payload delivery is agnostic of protocol stack. § Resilient box communication over the available channels: § Ethernet, CAN-Bus, USB, Serial § Bluetooth,Wi-Fi, ZigBee, 6LoWPAN Use case: Secure outbound communication Exposed box with communication stack Decrypt and verify using DTLS GAP Secured and trusted device process GATT AP BLE LL Trusted box without communication Stack Opaque Block Commands, Data, Firmware Blob Opaque Bluetooth Communication Stack ExposedApplicationCode IoT Device owned by user. Initial identity provisioned by System Integrator Messages delivered agnostic of communication stack
  • 32. ©ARM 201732 § Communication protected using TLS. § Raw message payloads decrypted and verified directly by protected code: § TLS protocol box not exposed to communication protocol stack bugs. § No interference by other boxes. § Low attack surface. § Authentication and encryption keys are protected against malware. § Malware cannot interfere without knowing the encryption or signing keys. Use case: Secure server communication Exposed box with communication stack Decrypt and verify using DTLS TLS box handles only the SSL protocol Opaque BlockOpaque Initial keys provisioned by System Integrator. Messages decoded independent of stacks using mbed TLS in separate security context ExposedApplicationCode Decryption Keys Decrypted BlockDecrypted IP Stack
  • 33. ©ARM 201733 Use case: Secure remote firmware update Exposed box with communication stack GAP GATT AP BLE LL Bluetooth Communication Stack Flash interface box protected by mbed uVisor – without own communication stack CustomApplicationCode Opaque Block IoT device owned by user, Initial identity provisioned by System Integrator, Messages delivered independent of stacks Firmware update blocks FW005 Firmware Update Image Secure Storage, Firmware Update Blocks Re-flash Untrusted Application Upon Completion Opaque Secured and trusted device process Decrypt and verify using DTLS § Delivery of firmware update must be decoupled from a protocol-independent firmware image verification § Bugs in communication stacks or cloud infrastructure must not compromise the firmware update § End-to-end security for firmware updates between the firmware developer and the secure box Note: You can find the extended version of this slide at page 37
  • 34. ©ARM 201734 Use case: Controlled malware recovery § Secure box can remotely recover from malware: § Enforces communication through the exposed side to the server § Thanks to flash controller ACL restrictions, malware cannot modify monitor code or install itself into non-volatile memories § When communication breaks with the server: § Parts of the device stack are reset to a known-good state § Disambiguation from Network failure § Reset prevents malware from staying on the device § Device switches to a safe mode to rule out network problems or to remotely update the firmware via reboot if needed https://commons.wikimedia.org/wiki/File:Biohazard.svg Note: You can find the extended version of this slide at page 38
  • 35. Download ARM’s detailed paper on the topics presented https://github.com/ARMmbed/uvisor/ Follow ARMmbed uVisor development on github.com, a reference implementation for ARMv8-M security Contact Milosch Meriac milosch.meriac@arm.com Thank you! Questions? The trademarks featured in this presentation are registered and/or unregistered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners. Copyright © 2017 ARM Limited
  • 37. ©ARM 201737 Use case: Secure remote firmware update Exposed box with communication stack GAP GATT AP BLE LL Bluetooth Communication Stack Flash interface box protected by mbed uVisor – without own communication stack CustomApplicationCode Opaque Block IoT device owned by user, Initial identity provisioned by System Integrator, Messages delivered independent of stacks Firmware update blocks FW005 Firmware Update Image Secure Storage, Firmware Update Blocks Re-flash Untrusted Application Upon Completion Opaque Secured and trusted device process Decrypt and verify using DTLS § Delivery of firmware update must be decoupled from a protocol-independent firmware image verification § Bugs in communication stacks or cloud infrastructure must not compromise the firmware update: § End-to-end security for firmware updates between the firmware developer and the secure box § Secure box on the device has exclusive flash-write- access § Box with flash controller ACLs only needs the public update key to verify validity of firmware. § Local malware can’t forge a valid firmware signature to the firmware update box, the required private firmware signature key is not in the device.
  • 38. ©ARM 201738 Use case: Controlled malware recovery § Secure box can remotely recover from malware: § Enforces communication through the exposed side to the server. § Receives latest security rules and virus behaviour fingerprints for detection. § Shares detected pattern fingerprint matches with control server § Distributed detection of viruses and live infrastructure attacks. § Thanks to flash controller ACL restrictions, malware cannot modify monitor code or install itself into non-volatile memories. § When communication with the server breaks for a minimum time: § Disambiguation from Network failure § Parts of the device stack are reset to a known-good state. § Reset prevents malware from staying on the device. § Device switches to a safe mode to rule out network problems or to remotely update the firmware via reboot if needed. https://commons.wikimedia.org/wiki/File:Biohazard.svg