It’s Your IP. Keep It That Way

July 16, 2020 Rich Nass

You’ve spent months or even years creating IP that belongs to your company and/or its customers. In many cases, that IP is what makes you stand out from your competitors. The last thing you need is for some hacker to come along and grab that code and use it for their own good. Or worse, they alter the code within that running system, potentially crashing the system or putting people in harm’s way or jeopardizing your brand.

Register for Webinar Series Here 

The bottom here is that you have to design your code such that it’s secure. And that means designing it to be secure from Day 1, not after it’s been written, compiled, debugged, etc. To do this requires a slight altering of the code-writing process, adding security to the developer’s DNA. In other words, keeping code secure needs to be part of the process and not something to be thought about later. And just as important, it has to be easy for the developer or it won’t happen.

What makes this process even more difficult is that code within an embedded system, especially one that’s aimed at the IoT, never seems to be finished. In that, pieces are continually being added, and each additional is another potential door through which a hacker can gain access. In other words, you can have the strongest possible door on your house, but if you forget to lock that door, the hacker gets easy entry.

To get to that point, the security process must be inherent in the developer’s toolset. In theory, it shouldn’t come from a separate security tool. It should be part of the tool that’s already in the developer’s arsenal. In other words, when I wrote code, the security features should be included without me saying “what do I need to add here to make sure this is secure?”

Integrated Tools, Not Add-Ins

One tool that offers such integration is IAR Systems’ C-Trust. But, as detailed above, it does not work independently as a bolt-on tool. It works cohesively with the company’s IAR Embedded Workbench product—the company calls it an “extension.” And IAR Embedded Workbench is likely already in the arsenal of seasoned developers. IAR Systems claims to have a 50% market share amongst embedded developers.

When you start your project, you enable the security setting, which adds the encryption keys and denies version rollbacks. The image that’s generated is encrypted, and that’s the majority of what the developer needs to do.

The alternative to a tool like C-Trust would be collecting bits of information from various tools/companies, develop the security features internally, or employ an open-source solution. With any of these options, the developer has to figure out how to assemble all those disparate parts. And this would need to be recreated each time a new project commences.

While we’re just scratching the surface here, lots more detail can be seen in a webinar (part two of five) hosted by IAR System’s Rafael Taubinger, the company’s global FAE manager. Titled Protect the IP in Your Embedded System, the webinar will walk you through IAR Systems’ C-Trust security tool, allaying the fears of developers who don’t have security in their DNA. When they learn that the process really doesn’t add any pain, they’ll become converts.

Submit your questions prior to each webinar here.

About the Author

Rich Nass

Richard Nass is the Executive Vice-President of OpenSystems Media. His key responsibilities include setting the direction for all aspects of OpenSystems Media’s Embedded and IoT product portfolios, including web sites, e-newsletters, print and digital magazines, and various other digital and print activities. He was instrumental in developing the company's on-line educational portal, Embedded University. Previously, Nass was the Brand Director for UBM’s award-winning Design News property. Prior to that, he led the content team for UBM Canon’s Medical Devices Group, as well all custom properties and events in the U.S., Europe, and Asia. Nass has been in the engineering OEM industry for more than 25 years. In prior stints, he led the Content Team at EE Times, handling the Embedded and Custom groups and the TechOnline DesignLine network of design engineering web sites. Nass holds a BSEE degree from the New Jersey Institute of Technology.

Follow on Twitter Follow on Linkedin Visit Website More Content by Rich Nass
Previous Article
Smarter, Faster, Tougher, Automation Systems: M101 Rugged Series
Smarter, Faster, Tougher, Automation Systems: M101 Rugged Series

Featuring indestructible tablets for factory automation and warehouses.

Next Article
Virtium Expands High-Capacity I-Temp Solid-State Drive Family
Virtium Expands High-Capacity I-Temp Solid-State Drive Family

1TB M.2 SATA, 2TB NVMe SSDs Added to Industrial-Grade StorFly Line Featuring 4TB SATA Drives, Protecting II...