Embedded systems security is a balancing act. On one hand, you need a comprehensive threat model. Chances are, your device is in a malfeasant actor's hands. But, you also have limited resources with which to defend against a wide range of attacks this opens up.
A comprehensive approach to understanding threats and building countermeasures is the key to success. Developing a threat model early in the development of the product is critical. This model will become more complex as the product evolves. As development progresses, new risks will arise.
Every step of the product concept, design and development must consider this model. This holistic approach to embedded security is the responsibility of all team members. When building an embedded product, this team will include:
- Architects, designing the product, picking parts;
- Hardware engineers, designing the PCB assembly;
- Software engineers, building the firmware and ancillary tools;
- QA engineers, testing the product performs as specified;
- Process engineers, who take the design and prepare for mass production.
Each team member must completely understand the security and threat model for the device. This might not include the minutiae of how to mitigate that threat:
- A hardware engineer does not need to know the intricacies of memory protection. But, they should understand that a region of RAM should not be executable and writable at the same time.
- A software engineer doesn't need to know the details of how a secure manufacturing cell works. Each device that's supposed to have a unique key needs a way the process engineers can make this happen.
Through the next several weeks, I'll discuss several keystones of secure embedded system design. This will usually be in the context of flaws seen in real-world systems. To protect the vendors' identities, I generally will not mention the specific device. As vendors fix certain interesting flaws, I'll write more about the details of those. But remember this fact: Security is a human problem. No amount of technology will solve it completely. Technology will only mitigate some human failings.