 SecureSMX® Secure RTOS
SecureSMX®, our secure RTOS, enables OEMs to incorporate effective security protection into their embedded and IoT devices within reasonable time and cost constraints. It allows dividing software for ARM Cortex-M microcontroller-based embedded systems into isolated partitions. This achieves high security by limiting hacker invasions so they cannot reach sensitive data, keys, passwords, and other vital information, nor access code or I/O in other partitions. Furthermore, it allows focusing scarce programmer talent on strengthening the most critical partitions. It protects your company and officers with these benefits:
Gives a safety net for secure coding techniques. Adhering to standards such as MISRA and writing secure code are laudable and should be done. But how much can you rely on them? It takes only one small flaw in an unpartitioned system to open it up to exploitation. Partitioning greatly limits the scope of the intrusion and reduces the attack surface to a manageable size. It allows focusing secure coding efforts on the most critical partitions.
Avoids company and C-suite liability. Failure to demonstrate that a company and its management have taken reasonable steps to avert harm to people and property due to hacking is expected to become a basis for future lawsuits. The reasoning is that hacking has become so prevalent and so well-known that a failure to adopt protective measures against it constitutes negligent behavior. SecureSMX enables OEMs to incorporate effective security protection into their devices within reasonable time and cost constraints.
Allows sales to the Federal Government. The Executive Order on Improving the Nation's Cybersecurity requires Software Bills of Materials (SBoM) for all systems purchased by the Federal Government and its contractors. No longer can weak software hide in obscure devices within large systems. No security, no sale.
Gives full hacker protection. The partial isolation offered by other RTOSs does not provide the protection you need. Only fully isolated partitions will stop a hacker. No other RTOS provides the following full set of features necessary to achieve this:
- Effective privileged mode (pmode) / unprivileged mode (umode) processor control.
- Efficient, flexible task-based Memory Protection Unit (MPU) control.
- Software Interrupt (SWI) API for system services.
- Partition portals for full isolation.
- Multi-heap support to permit dedicated partition heaps.
Ports from FreeRTOS and ThreadX. Our FRPort and TXPort porting layers help migrate systems based on FreeRTOS and ThreadX to SecureSMX. In addition to a major security upgrade, it gives a more powerful kernel and middleware that is already integrated and uses portals for full isolation.
Offers a step by step approach for existing systems: First run the entire application in privileged mode (pmode) with the MPU turned on; then put vulnerable code into a pmode partition with its own MPU regions; switch it to use the SWI services interface; create one or more portals for communication with the rest of the system; and finally move the partition into umode, where it is fully isolated from the rest of the system.
Improves system structure. Partitioning software enforces a more disciplined design. This gives better plug-in modularity and offers the possibility to do updates and recovery on a partition basis rather than to the whole system.
SecureSMX partitioning is similar in concept to Arm's Platform Security Architecture (PSA) and can be used with Arm's PSA RoT on Cortex-v8M processors or in place of it on Cortex-v7M processors. The following white papers provide details about how SecureSMX works and how to use it in your system. The full manual is available to qualified prospects under NDA (see below).
Secure boot and firmware update, secure connection, and data encryption are also required to make systems secure and are offered by integrated SDKs: uLoadXL, uSSH, uSSL.
Questions are welcome! securesmx@smxrtos.com 714-437-7333
Also see Isolated Partitioning of Firmware Improves IoT Device Security
Solutions
Is Your Thing in Danger?
We have found that through careful, innovative design techniques, IoT software can be divided into isolated partitions that provide strong security against hacker invasions on Cortex-M systems
Read More
Where's the Gold?
Many IoT Things are embedded systems to which networking has recently been added. As such, hackers can overcome the weak defenses of such systems and gain access to critical data. There is a solution to prevent this using SecureSMX.
Read More
What's in Your SOUP?
SOUP (Software of Unknown Pedigree) is often incorporated into embedded system projects due to schedule pressure or lack of in-house expertise. This paper outlines a step-by-step approach using SecureSMX to put SOUP into an isolated partition to protect the rest of your system.
Read More
FreeRTOS Security? Not to Worry
It is now possible to greatly increase the security of FreeRTOS projects by porting them to SecureSMX, which facilitates dividing an application into isolated partitions. This limits a hacker to just the partition entered. This paper shows porting from FreeRTOS to SecureSMX.
Read More
Moving Uptown to Umode
Most software starts off running in privileged mode, but to improve security, it should run in unprivileged mode. This paper shows the steps to achieve this with SecureSMX and discusses tradeoffs.
Read More
Get Along Little Dogies
In a recent report, 918 CWEs have been identified and documented by MITRE, and more are being identified regularly. Granted there are tools and standards to help programmers avoid these weaknesses, but this is a lot to worry about when trying to create and debug software that does something useful. This paper shows an alternate approach using SecureSMX.
Read More
Technical Papers
Secure RTOS Enables High Security for Microcontroller Systems
Now that the low-hanging fruit of phishing, weak passwords, inadequate authentication, and weak privilege enforcement are disappearing, hackers are being forced to find new ways to penetrate corporate networks and devices. The vast number of totally vulnerable devices currently connected to corporate networks presents a fertile opportunity for this. So far, device security has received much discussion and little action. This is about to change.
Read More (embedded.com)
Achieving Full MCU Partition Isolation
Part 1: Fundamentals
Full partition isolation is the strongest system security for MCUs, because there is very little a hacker can do from inside of a partition that is fully isolated from the rest of the system. This can be achieved using memory protection units (MPUs), but it comes with some difficulty.
Read More (embedded.com)
Part 2: MPU Management
In this part we get into the details of MPU management, including the relationship between Task Control Blocks (TCBs), Memory Protection Arrays (MPAs), and MPA templates.
Read More (embedded.com)
Part 3: Heaps
In this part we cover the need for multiple heaps and the heap features that are useful in partitioned embedded systems. The right heap is important for achieving full MCU partition isolation.
Read More (embedded.com)
Part 4: Portals
In this part we cover the need for portals between partitions in order to achieve full partition isolation. Two types of portals are discussed: free-message portals and tunnel portals. These convert function call APIs to message APIs, to eliminate common regions.
Read More (embedded.com)
Part 5: Wrap Up
In this part we cover remaining topics to achieve fully isolated partitions, such as SWI API, ISRs, critical sections, memory efficiency, and debugging. It also offers suggestions for chip vendors to improve the MPU hardware.
Read More (embedded.com)
 SecureSMX User's Guide Peek (Excerpts)
For more information, please register or email sales@smxrtos.com.
Indicate your interest in SecureSMX. Full documentation will be supplied under NDA to qualified prospects.
Sign Up for ebook & News
Solution Papers
|
