protect intellectual property and deliver secure ... · integration with the cloud solutions from...
Post on 21-May-2020
1 Views
Preview:
TRANSCRIPT
Protect Intellectual Property and Deliver Secure, Encrypted Code with C-TrustShawn A. Prestridge, US FAE Team Leader
Agenda
Where does security begin? Joining forces with Secure Thingz Encrypted code delivery simplified Summary
Where does security begin?
It should be from your project’s inception
The road to security: With our customers all the way
Ensured code quality> Analysis and
testing
Functional safety
> Certifiedproducts
Securing IP and data
> Chain of Trust
Traditional embedded
development
More than an ordinary toolbox
Integrated code analysisC-STAT: Static code analysis• Check compliance with specific standards like MISRA C:2004,
MISRA C++:2008 and MISRA C:2012• Checks compliance with the coding standard CERT C for
secure coding• Detect defects, bugs, and security vulnerabilities as defined by
the Common Weakness Enumeration (CWE)• Extensive and detailed documentation
C-RUN: runtime analysis• Bounds checking, arithmetic, heap and memory leaks checking• Code correlation and graphical feedback in editor• Very efficient instrumentation of compiled code
Debugging all the way up to the cloudIntegration with Amazon Web Services is available in IAR Embedded Workbench
IAR Embedded Workbench for Arm, AWS edition, provides an integration with the cloud solutions from Amazon Web Services.
Thanks to this integration, you can inspect and control the cloud communication of your device directly in the world’s leading development toolchain, making development and debugging of IoT applications simplified and more efficient.
IAR Systems and Secure Thingz share a vision on security
1. Security must be integrated from inception- Adding security late in the development process rarely
works.
2. IoT security needs to be straightforward, scalable and sustainable
- Building security into the design process is the best way to achieve long-term robust and scalable security.
3. By making security implementation easier, we will help our customers secure their intellectual assets, accelerate trustworthy product delivery and transform security from a cost to a benefit.
Shared vision for a secure future, based on three fundamental beliefs:
Encrypted Code Delivery
C-Trust
Already using IAR Embedded Workbench for Arm? Get started in no time!
• Security development tool that works as an extension to IAR Embedded Workbench
• Enables application developers to deliver secure, encrypted code• Ready-made Security Context Profiles for IP protection and
Production control included• Support for mainstream microcontroller devices enables large
number of existing applications to now have security integrated
Deploy Manage and updateManufacture
DevelopSecurityContext
Build SBM, Provision device TestDevelop
application
Security SW development flow
Create your Security Context, Build the Secure Boot Manager and Provision the device
001011110100111101010010001011110100111111010110101010001111010101101010110110110101010010100100100101101010010100100011101000100101
1001011110100000111100101101001010
10101100101001110111100 0101101001011
001011101101010010001010100101110010111101111101001111001010101001101011000
010111100
Develop and Test the applicationusing development keys
Build using production keys,then Deploy to Manufacturing
00101111010011110101001000101111010011110101001011001011110100111101010010111100
0101001011001011110100111101010010111100
SBM00101111010011110101001000101111010011110101001011001011110100111101010010111100
MasteredApplication
Steps to providing encrypted code delivery• Define security context
– Contains information about the MCU you are using– Contains information about the Chain of Trust (CoT) so code can be signed
• Develop Secure Boot Manager (SBM)– Can use our ready-made example– Can customize our SBM to your needs
• Provision devices– Program boards with the SBM and CoT so they can verify code– Done for both production board and pre-production (engineering) boards
Steps to providing encrypted code delivery• Security Context Profiles are provided to developers who have C-Trust
enabled on their Embedded Workbench
• Once a developer enables C-Trust with the security context profile, each time they build a project, the executable is mastered according to the context*
– Code is encrypted– Encrypted code is then signed
• Download-and-debug puts the encrypted/signed code into an update slot and the SBM decrypts and bootloads the code*
*Done automatically with no intervention necessary from developer
Demonstration
Security from Inception SuiteUnique set of tools and services for implementing and customizing security in embedded applications!
• Embedded Trust – Security Development Environment• C-Trust – integrating security in the development workflow• Secure Desktop Provisioner – Secure development and prototyping• IAR Embedded Workbench – Complete C/C++ compiler and debugger
toolchain in one single integrated development environment• C-STAT – integrating static code analysis in the development workflow• I-jet – Industry-leading high-speed in-circuit debugging probe• Training services and custom design reviews
Security from Inception Suite—Editions
Summary• We are with you all the way to total security• Good security is hard, but with the right
tools it becomes easy• Providing encrypted and secured code is
simple with our solution
top related