Harshal Patel

Security Fundamentals for Embedded Software

Embedded systems are computer systems designed for some particular control functions within a larger system. They are usually with real-time computing constraints. David Kalinsky, a specialist in and software development, teaches intensive short courses.. He particularly deals with matters of computer software in a unit called Introduction to Software Security for Embedded Systems. He often presents his courses in open-classes at technical training centers of large cities such as Stockholm, Munich, Tel-Aviv and Singapore.

Kalinsky alluded to an incident whereby a young man modified a TV remote to control a city’s tram system; he caused accidents in the process. Thus, he provides an example of serious security threats that affect embedded systems.

Kalinsky concurs that some of the problems could be handled at the systems engineering stage. The developer may institute measures such as data encryption, firewall installation, secure network communication protocols, hardware-assisted control-flow monitoring and authentication of data sources. He, however, thinks that such traditional methods may not be adequate in dealing with the threats and suggests the use of defense mechanisms that deal directly with any software application vulnerabilities.

The writer adds that the intruders usually have an upper hand, due to the fact that a huge number of embedded software has severe execution time constraints. Usually it is a mixture of tough instantaneous and soft immediate jobs. They, therefore, trick software developers to design the application that is “lean and mean” due to limited time requirements at hand. The attackers thus can attack right through one’s own software.

Mr. Kalinsky explains that embedded devices employ analog-to-digital converters to acquire data. They may be gathered regularly, and the sampled data may be stored by the application software.  When an attacker installs his software into the embedded system machine, he can use the stored data to cause harm to the entire system. He succeeds by causing an array overflow rendering it harmful.

In conclusion, Kalinsky attempts to bring out the vulnerabilities of embedded systems and suggests the measures of curbing them, though not perfectly adequate. He insists that attackers do not need the source code of your software application to attack the system. Thus, the custodians of such systems must be wary of such harmful occurrences.