protect intellectual property and deliver secure ... · integration with the cloud solutions from...

Protect Intellectual Property and Deliver Secure, Encrypted Code with C-TrustShawn A. Prestridge, US FAE Team Leader

Agenda

Where does security begin? Joining forces with Secure Thingz Encrypted code delivery simplified Summary

Where does security begin?

It should be from your project’s inception

The road to security: With our customers all the way

Ensured code quality> Analysis and

testing

Functional safety

> Certifiedproducts

Securing IP and data

> Chain of Trust

Traditional embedded

development

More than an ordinary toolbox

Integrated code analysisC-STAT: Static code analysis• Check compliance with specific standards like MISRA C:2004,

MISRA C++:2008 and MISRA C:2012• Checks compliance with the coding standard CERT C for

secure coding• Detect defects, bugs, and security vulnerabilities as defined by

the Common Weakness Enumeration (CWE)• Extensive and detailed documentation

C-RUN: runtime analysis• Bounds checking, arithmetic, heap and memory leaks checking• Code correlation and graphical feedback in editor• Very efficient instrumentation of compiled code

Debugging all the way up to the cloudIntegration with Amazon Web Services is available in IAR Embedded Workbench

IAR Embedded Workbench for Arm, AWS edition, provides an integration with the cloud solutions from Amazon Web Services.

Thanks to this integration, you can inspect and control the cloud communication of your device directly in the world’s leading development toolchain, making development and debugging of IoT applications simplified and more efficient.

IAR Systems and Secure Thingz share a vision on security

1. Security must be integrated from inception- Adding security late in the development process rarely

works.

2. IoT security needs to be straightforward, scalable and sustainable

- Building security into the design process is the best way to achieve long-term robust and scalable security.

3. By making security implementation easier, we will help our customers secure their intellectual assets, accelerate trustworthy product delivery and transform security from a cost to a benefit.

Shared vision for a secure future, based on three fundamental beliefs:

Encrypted Code Delivery

C-Trust

Already using IAR Embedded Workbench for Arm? Get started in no time!

• Security development tool that works as an extension to IAR Embedded Workbench

• Enables application developers to deliver secure, encrypted code• Ready-made Security Context Profiles for IP protection and

Production control included• Support for mainstream microcontroller devices enables large

number of existing applications to now have security integrated

Deploy Manage and updateManufacture

DevelopSecurityContext

Build SBM, Provision device TestDevelop

application

Security SW development flow

Create your Security Context, Build the Secure Boot Manager and Provision the device

001011110100111101010010001011110100111111010110101010001111010101101010110110110101010010100100100101101010010100100011101000100101

1001011110100000111100101101001010

10101100101001110111100 0101101001011

001011101101010010001010100101110010111101111101001111001010101001101011000

010111100

Develop and Test the applicationusing development keys

Build using production keys,then Deploy to Manufacturing

00101111010011110101001000101111010011110101001011001011110100111101010010111100

0101001011001011110100111101010010111100

SBM00101111010011110101001000101111010011110101001011001011110100111101010010111100

MasteredApplication

Steps to providing encrypted code delivery• Define security context

– Contains information about the MCU you are using– Contains information about the Chain of Trust (CoT) so code can be signed

• Develop Secure Boot Manager (SBM)– Can use our ready-made example– Can customize our SBM to your needs

• Provision devices– Program boards with the SBM and CoT so they can verify code– Done for both production board and pre-production (engineering) boards

Steps to providing encrypted code delivery• Security Context Profiles are provided to developers who have C-Trust

enabled on their Embedded Workbench

• Once a developer enables C-Trust with the security context profile, each time they build a project, the executable is mastered according to the context*

– Code is encrypted– Encrypted code is then signed

• Download-and-debug puts the encrypted/signed code into an update slot and the SBM decrypts and bootloads the code*

*Done automatically with no intervention necessary from developer

Demonstration

Security from Inception SuiteUnique set of tools and services for implementing and customizing security in embedded applications!

• Embedded Trust – Security Development Environment• C-Trust – integrating security in the development workflow• Secure Desktop Provisioner – Secure development and prototyping• IAR Embedded Workbench – Complete C/C++ compiler and debugger

toolchain in one single integrated development environment• C-STAT – integrating static code analysis in the development workflow• I-jet – Industry-leading high-speed in-circuit debugging probe• Training services and custom design reviews

Security from Inception Suite—Editions

Summary• We are with you all the way to total security• Good security is hard, but with the right

tools it becomes easy• Providing encrypted and secured code is

simple with our solution