The only thing harder than explaining what security really means is explaining security products such as IAR's Inception Suite and what they really mean. Security tends to be hard because it entails so many nuanced, yet important, details. Get something wrong and a system can be easily compromised.
That’s why properly incorporating security into a product is important—and why it can be costly and confusing to implement. It’s also important to know what’s being secured and why a few systems require extreme levels of security. Likewise, it’s useful to know what the attack surface for a system will be and the type of threats that must be mitigated. A good starting point is to check out best practices for IoT security (Fig. 1).
Often, a developer has access to a range of security techniques, with software and hardware available. This includes writing code with as few bugs as possible as these can also be potential points of attack. Assembling all of the components from a security standpoint can include details like key management, secure-boot support, and encryption support in the form of standard protocols like Transport Layer Security (TLS). Unfortunately, doing this all from scratch can be time-consuming and error-prone, which is, of course, what you don’t want when talking about security.
Products like IAR’s Security from Inception Suite address the needs and education of developers when it comes to system security, especially for embedded devices. IAR is well known by embedded C/C++ developers for its IAR Embedded Workbench that includes features like MISRA C support.
Security from Inception builds on the IAR Embedded Workbench, but the starting point is really the Embedded Trust security development environment (Fig. 2). With this tool, developers can define profiles that will eventually be using in the application and C-Trust, another tool that integrates security into the development process via the Embedded Workbench.
Next: Trust Wizard