SSupported by cloud hosting provider DigitalOcean – Try DigitalOcean now and receive a $200 when you create a new account!

Micro Digital: Improving ARM Cortex-M Processor Security Against Hacking And Malware With MPU-Plus

Listen to this article

Micro Digital recently released MPU-Plus, a software that adds an extra layer of security to SMX RTOS (Real Time Operating Systems) by adding support for the Memory Protection Unit of Cortex-M processors which are widely used in IoT (Internet of Things). MPU-Plus is easily integrated into any RTOS and provides an effective and cost-efficient way to progressively increase security. Below is our interview with Ralph Moore from Micro Digital:

Ralph Moore

Q: Ralph, tell us something more about Micro Digital and your history?

A: Micro Digital, Inc. was founded in 1975 and was one of the first embedded-systems companies. Initially, MDI was an engineering company, providing hardware and software design services to OEMs. After many years, MDI transitioned into an embedded software product developer. Micro Digital is the developer of the SMX® RTOS, which began with the smx multitasking kernel released in 1989 and has continued with the release of a steady stream of middleware, driver, and BSP modules to form the complete RTOS that it is today.

We recognize that demands placed upon our customers by their customers require them to steadily add new features to their products. We anticipate these needs and provide proven solutions required by them. A new product developed recently is MPU-Plus™, which adds significant security and reliability to ARM Cortex-M processor-based systems.

MPU-Plus SecurityRecommended: Zentera Systems: A Complete Infrastructure Security Solution For The Multicloud Ecosystem

Q: How can security of existing ARM Cortex M-based products be improved?

A: ARM Cortex-M3-, 4-, and 7-based processors are very popular and in widespread use. There probably are thousands of products incorporating them and hundreds of millions of units already shipped to customers. Many of these products are now being connected to the Internet of Things (IoT). Unfortunately, this greatly increases their vulnerability to hacking and malware. Fortunately, there is a solution to this problem.

Most Cortex-M processors include Memory Protection Units (MPUs). However, because the MPUs are difficult to use and because of tight schedules, MPUs in most products are either ineffectively used or not used at all. Hence they provide little or no protection to the products they are in. Our new product, MPU-Plus consists of software and a step-by-step method to convert code in existing products to effectively use MPUs in order to substantially improve their security against hacking and malware and to also improve their reliability against environmental factors, such as energetic particles and voltage spikes, both of which cause bit flips.

Q: What is unique about MPU-Plus and how does it stand out from competition?

A: MPU-Plus provides carefully designed multitasking support that can be adopted incrementally. This is coupled with a step-by-step procedure wherein, the MPU is initially turned on with the Background Region enabled and it is verified that the application runs normally. Then super regions are created and loaded into each task’s Memory Protection Array (MPA). Next, Background Region is turned off for all tasks and it is verified that the application still runs normally. After this, the least trusted or most vulnerable task is selected and task-specific regions for it are loaded into its MPA. When the system is again running ok, this privileged task (ptask) is converted to an unprivileged task (utask).

As conversion progresses, more untrusted code is running in utasks, trusted code is running in ptasks, and many people in the Company can sleep well again. Critical parts of the system are fully isolated from utasks such that utasks cannot access nor damage them. Though ptasks provide less security than utasks, they are convenient stepping stones to utasks and they provide increased protection for software that must run in privileged mode. This is a unique feature of MPU-Plus in that ptasks are normally not given any attention at all, yet ptasks are often essential for high performance and for hardware control.

An important aspect of this procedure is that it provides a logical process for MPU conversion, and after each step, the system can be tested; if it is not running properly, problems can be traced and fixed. Developers are not confronted with an unmanageable number of problems, all at once; small steps lead to demonstrable improvements in security and reliability. This procedure fosters a succession of security releases dealing with vulnerabilities in order of importance, and with each release making the system less vulnerable to hacking and environmental factors.

MPU-Plus SMX RTOSRecommended: OnSIP Delivers Free Voice, Video, and Messaging App for Modern Businesses

Q: What is your message to managers concerned about the safety of their existing systems that use processors based upon the ARM Cortex-M architecture?

A: Your concern is well-founded. Embedded systems are being drawn into the IoT. Connecting unprotected systems to this Hacker’s Highway is risky and creates serious liabilities for manufacturers that do so. Security in the form of protection of critical system resources is important. Effective protection can only be achieved via hardware means and the MPU is the only security hardware in Cortex-M processors. Hence, using it effectively is essential. I think this is something that deserves attention now, before disasters strike and companies are forced to do massive recalls and pay for expensive damages. Starting conversion projects shows good faith that may ameliorate court awards and actual good results can be achieved.

Q: What are your plans for the future?

A: Currently, regions that are loaded into the MPU are static regions that are defined in the linker command file. Although we have developed a streamlined process for doing this, it is somewhat tedious and error-prone. I plan to develop dynamic regions to ease the conversion process. These will be largely automatic, thus freeing the programmer of the details of creating regions. In addition, we will be supporting the improved Cortex-v8M MPU as soon as hardware becomes available. However, the current Cortex-v7M MPU will be dominant for many years to come and thus will be our primary focus. In addition, we will be supporting customer conversions and continuing to improve MPU-Plus based upon experience with them.

Activate Social Media: