Security needs more than checklist compliance
Mohit Arora, Freescale
EDN (March 10, 2015)
One of the ways to gauge security in an electronic system is determining if a product complies with specific security requirements. Yet often such determination is treated as a checklist of security capabilities that must be incorporated to meet compliance for a particular application. Simply adhering to checklists does not ensure security, though, and can actually create vulnerabilities.
Generally speaking, security is very broad topic that has a different meaning for different applications. Requirements and use-cases can differ drastically from one application to another, implying that the security architecture for one may not work optimally for another. This is especially true when working with general purpose microcontrollers that are designed to support a variety of applications. A "security block" can't simply be dropped into the design and be completely effective.
Implementing security is very different than integrating a 3rd party Intellectual property (IP) block, such as adding Ethernet to a System-on-chip (SoC) design. The Ethernet block adheres to a specific standard and has a defined external interface like RMII/MII.
To read the full article, click here
Related Semiconductor IP
- Quantum Safe, ISO 21434 Automotive-grade Programmable Hardware Security Module
- Embedded Hardware Security Module (Root of Trust) - Automotive Grade ISO 26262 ASIL-B
- SoC Security Platform / Hardware Root of Trust
- Ultra-Secure, PQC-first, Root-of-Trust Security Platform
- Embedded Hardware Security Module for Automotive and Advanced Applications
Related White Papers
- SoCs: IP Reuse -> Productized IP: more than pipe dream
- Royalty-based libraries cost more than you think
- Analog circuits need more than just DFT methods
- More platforms than Clapham Junction…