EMBEDDED PROCESSING ARCHITECTURES FOR SECURITY

In the past, embedded systems tended to perform one or a few fixed functions.
The trend is for embedded systems to perform multiple functions and
also to provide the ability to download new software to implement new or
updated applications in the field, rather than only in the more controlled environment
of the factory. While this certainly increases the flexibility and
useful lifetime of an embedded system, it poses new challenges in terms
of the increased likelihood of attacks by malicious parties. An embedded
system should ideally provide required security functions, implement them
efficiently and also defend against attacks by malicious parties. We discuss
these below, especially in the context of the additional challenges faced
by resource-constrained embedded systems in an environment of ubiquitous
networking and pervasive computing.

Figure 1 illustrates the architectural design space for secure embedded
processing systems. Different macro-architecture models are listed in the
first row, and described further below. These include embedded general purpose
processor (EP) vs. application-specific instruction set processor
(ASIP) vs. EP with custom hardware accelerators connected to the processor
bus, etc.). The second row details instruction-set architecture and
micro-architecture choices for tuning the base processor where appropriate.
The third row articulates security processing features that must be chosen
or designed. For example, choosing the functionality to be implemented
by custom instructions, hardware accelerators or general-purpose instruction
primitives. The fourth row involves selection of attack-resistant features
in the embedded processor and embedded system design. These protect
against both software attacks and physical attacks.
This may include an enhanced memory management unit to manage a secure
memory space, process isolation architecture, additional redundant circuitry
for thwarting power analysis attacks, and fault detection circuitry.

Figure 1: Architectural design space for secure information processing

Advertisements

, , , , , , , ,

  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: