11 Myths About Platform Security

Jarvis Wenger has an interesting article in Electronic Design, listing misconceptions about hw/fw security, list below, read the article for all the details!

11 Myths About Platform Security: Greater system complexity means more areas are vulnerable to security breaches. This article examines the role hardware and software play in ensuring a secure computing platform.

1. When buying a product, such as a hypervisor, the software takes care of all additional security concerns in virtualization.
2. Security is only a concern for the OS/hypervisor/application.
3. I have taken care of my hypervisor, OS, application, and boot process, so my system is as secure as it can be.
4. A secure system is also a safe system.
5. My system isn’t connected to the outside world, so it’s secure.
6. My computer is isolated from the outside world, so I don’t need to run updates for the OS/Hypervisor/Application.
7. Only my most trusted employees have physical access, which means my system is secure.
8. My system is relatively secure and physically inaccessible, so it should be safe.
9. I’m using the latest up-to-date containers, therefore my application is safe.
10. The data on my device is encrypted, making it inaccessible.
11. Security is only a concern externally to a device.


Using TPMs in embedded systems

Stefan Thom (Microsoft), Steve Hanna (Infineon), and Stacy Cannady (Cisco) have an article in Electronic Design on TPM use in embedded systems. If you are new to TPM, this is a nice introduction.

Standardizing Trust for Embedded Systems

It’s time to get more serious about the lack of security in embedded products. With recently developed standards, it’s implementation just got easier. If you haven’t been concerned about malicious players hacking into your products in the past, or haven’t found success with previous efforts, it’s time for renewed attention and action. Hacking efforts aren’t slowing and, in fact, are on the rise. These days, hackers can accomplish far more than ever before—and the repercussions are far more costly. […]

Full article: