Security must run from inception to deployment

May 27, 2020 //By William G. Wong & A Delapalisse
Security Must Run from Inception to Deployment
IAR’s Security from Inception Suite takes security from application design through device production and market deployment.

The only thing harder than explaining what security really means is explaining security products such as IAR's Inception Suite and what they really mean. Security tends to be hard because it entails so many nuanced, yet important, details. Get something wrong and a system can be easily compromised.

That’s why properly incorporating security into a product is important—and why it can be costly and confusing to implement. It’s also important to know what’s being secured and why a few systems require extreme levels of security. Likewise, it’s useful to know what the attack surface for a system will be and the type of threats that must be mitigated. A good starting point is to check out best practices for IoT security (Fig. 1).

1. A good starting point for IoT security best practices includes these 13 aspects.
1. A good starting point for IoT security best practices includes these 13 aspects.

Often, a developer has access to a range of security techniques, with software and hardware available. This includes writing code with as few bugs as possible as these can also be potential points of attack. Assembling all of the components from a security standpoint can include details like key management, secure-boot support, and encryption support in the form of standard protocols like Transport Layer Security (TLS). Unfortunately, doing this all from scratch can be time-consuming and error-prone, which is, of course, what you don’t want when talking about security.

Inception Suite

Products like IAR’s Security from Inception Suite address the needs and education of developers when it comes to system security, especially for embedded devices. IAR is well known by embedded C/C++ developers for its IAR Embedded Workbench that includes features like MISRA C support.

Security from Inception builds on the IAR Embedded Workbench, but the starting point is really the     Embedded Trust security development environment (Fig. 2). With this tool, developers can define profiles that will eventually be using in the application and C-Trust, another tool that integrates security into the development process via the Embedded Workbench.

2. Designing security for a system starts with the Embedded Trust Wizard.
2. Designing security for a system starts with the Embedded Trust Wizard.

 

Next: Trust Wizard


Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.