Securing products containing cyber-physical systems calls for lifecycle management most obviously because in-the-field updates will be vital to ensure that bugs and weaknesses can be patched immediately.

Bild: iStock, peshkov

System on a Chip Security Development of a hardware-based threat detection and response system

07.11.2022

SoC design teams fill a mission-critical role in ensuring cyber-physical safety and security for electrical and electronic systems that are connected to the internet. The requirements and tools available to achieve this goal are ever-shifting, but we can be fairly sure that traditional software-only security measures are not likely to be good enough; a new class of hardware-level monitoring is also needed.

The fundamental focus in systems on cybersecurity is leading to changes in working practices for several reasons, like these: Concern over legal liability if systems are compromised that leads to loss, death, or injury – here standards like ISO/SAE 21434 and ISA/IEC 62443 attempt to outline the correct approach.

Changes in legislation. The United Nations Economic Commission for Europe (UNECE) has proposed regulations for connected and autonomous vehicles that will be adopted by more than 60 countries, including all EU states. The legislation promotes a shift in approach to cybersecurity for automotive systems from reacting to known attacks with bug fixes and updates, to one based on preventive measures.

Financial. The cost of product recalls when in-the-field updates cannot be achieved saps profitability and reduces the value of a brand in the marketplace. The best way of avoiding these burdens is to deal with cybersecurity issues at design time.

A product lifecycle view of cybersecurity

Securing products containing cyber-physical systems calls for lifecycle management most obviously because in-the-field updates will be vital to ensure that bugs and weaknesses can be patched immediately.

We need a coherent infrastructure that can support the monitoring and control of cybersecurity in deployed systems throughout the operational lifetime of the product. Such an infrastructure should be able to monitor in detail what is happening in the electronics system and automatically check to ensure that operations comply with specifications and rules that support a very secure system or component.

At a minimum, operations that contravene those rules are reported and logged. In many cases, it will be important that the attempted accesses are blocked in a way that does not alert attackers to the nature of the defenses being used. While software is an important part of this infrastructure, stopping attacks to the software itself requires monitoring at the hardware level.

Embedded Analytics platform

Monitoring infrastructure must be able to observe the behavior of the system’s interconnects and buses, as well as the processor cores themselves, while also being secured from unauthorized access. The Embedded Analytics platform from Siemens Digital Industries Software provides a unique combination of system- and hardware-level visibility as well as both active and passive security features and total independence from system functions and resources.

Embedded Analytics support the monitoring and control of cybersecurity in deployed systems from the factory to the field. The Embedded Analytics Bus Sentry IP inspects and reports on-chip activity and also provides hardware-based security responses to transactions at hardware speeds. By implementing a set of security rules at the interconnect transaction level, the Bus Sentry can stop malicious activity in its tracks.

With the Bus Sentry, other mechanisms for ensuring security become practical, going way beyond what is possible with purely design- or specification-based security countermeasures. An approach based on Embedded Analytics and a security island enables adaptive defense: rules and countermeasures can evolve during the lifetime of the system, based on learning gathered from a whole fleet of systems.

Advanced on-chip cyber threat mitigation

There are many forms of attack that do not have clear-cut rules associated with them, but which can be learned, detected, and mitigated using an Embedded Analytics security platform. These include:

  • Side-channel and denial-of-service attacks

  • Using digital signatures

  • Statistical anomalies

  • Forensic analysis

By implementing the hardware-based security features of the Embedded Analytics platform – responsive security IP, a unique range of on-chip monitors, a secure message infrastructure, and advanced threat mitigation enabled by combining the Embedded SDK with on- and off-chip analytics – mission-critical systems can be secured, by design, through their full lifecycle. The user thus always works on a secure and reliable system.

As part of a full silicon lifecycle solution (SLS), Embedded Analytics also offers Host Services, a suite of software services that helps our customers use silicon lifecycle management data in their existing software workflows and data infrastructure. Host Services fills a key gap for SLS early adopters—the need to extract data from SLS-enabled chips and use that data in existing flows and enterprise software systems.

With the technology Embedded Analytics, mission-critical systems can be secured, by design, through their full lifecycle today and into the future.

Bildergalerie

  • A complete cybersecurity infrastructure for SoCs

    A complete cybersecurity infrastructure for SoCs

    Bild: Siemens

  • The Bus Sentry provides hardware-level security that is extremely difficult to circumvent, supplementing the capabilities of software-based solutions.

    The Bus Sentry provides hardware-level security that is extremely difficult to circumvent, supplementing the capabilities of software-based solutions.

    Bild: Siemens

  • Richard Oxland is a product manager in the Tessent Embedded Analytics group at Siemens Digital Industries Software.

    Richard Oxland is a product manager in the Tessent Embedded Analytics group at Siemens Digital Industries Software.

    Bild: Siemens

Firmen zu diesem Artikel
Verwandte Artikel