Chapter 92. Secure Code for Embedded Systems
Jason Sinchak
Unlike web, mobile, or local applications that are designed to run on a variety of platforms, applications for embedded systems are purpose-built for a particular system, including a custom platform (operating system) and associated hardware. The application becomes part of the embedded device, functioning as a key interface into the device and the orchestrator of many backend processes working in concert to provide a critical function. As a result of the marriage between an individual application and the entirety of the embedded system, the manner in which an application is developed and the associated cybersecurity concerns can have many downstream effects.
Coding
Speed and reliability are core tenets of an embedded system. These imperatives generally require coding applications in native unmanaged languages, such as C and C++ or interacting with associated libraries where this level of complexity is present. Speed requires close integration with hardware and the unescapable utilization of privileged operations. Cybersecurity considerations for coding on an embedded system focus on reducing vulnerabilities common to unmanaged languages and ensuring the application sustains a trust boundary between its primary interface with the outside world and the underlying platform.
Injection
The application serves as a key trust ...
Get 97 Things Every Application Security Professional Should Know now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
