Traditional software-only security measures aren’t enough to meet emerging security goals.
SoC design teams fill a mission-critical role in ensuring cyber-physical safety and security for electrical and electronic systems that are connected to the internet. The requirements and tools available to achieve this goal are ever-shifting, but we can be fairly sure that traditional software-only security measures are unlikely to be sufficient; a new class of hardware-level monitoring is also needed.
The focus on cybersecurity is leading to changes in working practices for several reasons:
Fig. 1: Evolving security standards affect the entire automotive ecosystem and the complete product lifecycle.
Securing products containing cyber-physical systems calls for lifecycle management most obviously because in-the-field updates will be vital to ensure that bugs and weaknesses can be patched.
We need a coherent infrastructure that can support the monitoring and control of cybersecurity in deployed systems throughout the operational lifetime of the product. Such an infrastructure should be able to monitor in detail what is happening in the electronics system and automatically check to ensure that operations comply with specifications and rules that support a secure system. At a minimum, operations that contravene those rules are reported and logged. In many cases, it will be important that the attempted accesses are blocked in a way that does not alert attackers to the nature of the defenses being used. While software is an important part of this infrastructure, stopping attacks to the software itself requires monitoring at the hardware level.
Monitoring infrastructure must be able to observe the behavior of the system’s interconnects and buses, as well as the processor cores themselves, while also being secured from unauthorized access. The Embedded Analytics platform from Siemens Digital Industries Software provides a unique combination of system- and hardware-level visibility as well as both active and passive security features and total independence from system functions and resources.
With a unique range of hardware-based security functionality, the Embedded Analytics platform can enable manufacturers of cyber-physical systems to meet security requirements, today and into the future.
Embedded Analytics, with its IP-based monitors that inspect and report on-chip activity, also needs to provide hardware-based security responses to transactions at hardware speeds. For that, we developed the Bus Sentry. By implementing a set of security rules at the interconnect transaction level, the Bus Sentry can stop malicious activity in its tracks.
Fig. 2: The Bus Sentry provides hardware-level security that is extremely difficult to circumvent, supplementing the capabilities of software-based solutions.
With the Bus Sentry implemented in critical systems, other mechanisms for ensuring security become practical, going way beyond what is possible with purely design- or specification-based security countermeasures. An approach based on Embedded Analytics and a security island enables adaptive defense: rules and countermeasures can evolve during the lifetime of the system, based on learning gathered from a whole fleet of systems.
There are many forms of attack that do not have clear-cut rules associated with them, but which can be learned, detected, and mitigated using an Embedded Analytics security platform. These include:
By implementing the hardware-based security features of the Embedded Analytics platform – responsive security IP, a unique range of on-chip monitors, a secure message infrastructure, and advanced threat mitigation enabled by combining the Embedded SDK with on- and off-chip analytics – mission-critical systems can be secured, by design, through their full lifecycle.
Leave a Reply