Software Security

Software Security

Overview

As the development of the computer, electric science and technology has permeated into every aspect of our life. Meanwhile, security problems generally come into people’s mind especially in automotive area. Security features must include not just physical access and protection of confidential information, but also critical safety systems. Designer must anticipate every form of attack to prevent access to embedded systems and data. The mechanisms needed to manage the security of an application may be implemented in software, hardware or a combination of both.

Image security

Typically, an attack will occur because malicious software has been allowed to executed during boot process or during run time. One approach to detect the boot code infection is to set up a root of trust mechanism that authenticates the boot code before it executes. A mechanism can be performed by a dedicated security module implemented in hardware entirely or a combination of hardware and software. One example of such a mechanism is the TPM specification.
In the secure offline environment, a hash made of software images, perhaps using SHA-256. The hash value, which uniquely represents the software images, is then signed with a private key that uniquely identifies the owner of the software. The resulting signature plus software image is then transmitted to the embedded memory system, which performs its own hash on the software image. The embedded system also authenticates the signature received from the offline environment using the public key that produced the signature. The authentication procedure results in a hash value that must match the value from hashing the software image. The methodology does not need encrypt the software that is being programmed, nor does it need to hide the signature or public key. Instead, the private key must be kept secret because it defines the identity of the provider of the software image. 7

Run Time Security

Flash programming assures the trustworthiness of code image before installing in your system. However, further measures are needed to ensure the integrity of the code is not modified by the malware while the application is running. Checking the integrity can be done prior to running the application using a secure boot technique that executes the integrity checker from a root of trust. If the resultant additional delay in boot time is not accessible, then another option might be to implement a run time integrity checker that executes in parallel with the application code, sharing the memory bus bandwidth with the application. The trade-off between the two techniques are the start-up time and memory bus bandwidth sharing.
TrustZone implemented in ARM-based products is also designed to enhance the security of software execution. This architecture could be considered an extension of the user/supervisor model that is implemented on a number of existing microprocessor architectures and has similar attributes to a hypervisor.