Webinar: The Future of Hardware Security
Click below to access the recording of our informative webinar on 20 November 2019 where David Rogers MBE discussed historical security measures and failures of hundreds of years that can help instruct the future of security design for hardware in connected devices.
Embedded monitors detect, block and record attacks, prevent propagation
UltraSoC’s recently announced next-generation hardware-based cybersecurity product offering embeds advanced real-time cybersecurity features in the systems-on-chip (SoCs) that power and control every modern product. The first product in the range, the UltraSoC Bus Sentinel, allows SoC designers to control access to sensitive areas of their devices, instantaneously detect and block suspicious transactions, and build a long-term profile of system operation to secure against current and future cyber threats.
UltraSoC’s security solutions allow designers to incorporate an independent internal monitoring system into their chips. This continuously checks that the device is operating as expected, detecting anomalous behavior that might indicate a security breach. Because it is embedded in the hardware, it can respond in real time (in microseconds rather than the milliseconds required by traditional threat mitigation measures), is very hard to subvert or circumvent, and can even block “zero-day” type attacks that the chip’s designers have not anticipated. In addition to detecting and blocking cyber threats, it can be used to trigger actions that prevent propagation, and to provide a forensic “black box” record of events.
Bare Metal Security™
UltraSoC allows SoC development teams to build an entirely new level of security functionality into their SoCs. Bare Metal Security features use UltraSoC on-chip monitors to watch for unexpected behaviors such as suspicious memory accesses or processor activity, at hardware speed and non-intrusively, with minimal silicon overhead.
Because Bare Metal Security features are implemented as hardware running below the operating system, they are non-intrusive and remain robust even if the system’s conventional security measures are compromised.
Bare Metal Security tools can be used standalone or as a complement to traditional security mechanisms such as encryption and E-Fuse protection. The same gates can also be used for debug and performance profiling, accelerating SoC development and giving the development team an intimate understanding of just how their device operates under real conditions.
Because it is an orthogonal on-chip hardware infrastructure independent of the main system functionality and software, Bare Metal Security functionality does not affect system performance and is very difficult to subvert or tamper with. Bare-Metal Security features also provide visibility of the whole system, making it extremely difficult to camouflage or hide an attack. Although it functions below and outside of the operating system, the technology also provides a means of communicating with software on the device as part of a holistic security system, if this is necessary.
Security is a growing concern for manufacturers of all types of electronic equipment, from IoT-enabled devices such as white goods and smart sensors, to enterprise IT, communications and factory automation products. As well as enabling hardware-based security for larger, complex SoCs, Bare Metal Security can also be used in lean, cost-sensitive connected products like light bulbs and domestic thermostats, which it is impractical to protect via conventional means.
The technology is proof not only against malicious attacks, but also against inadvertent malfunctions – effectively providing “security of operation”. For example, aerospace systems are prone to memory corruption due to radiation hits (“single event upsets”), which can cause the system to enter an unexpected state. Because Bare Metal Security provides protection at the hardware level, it can protect against such events, either by raising an alert or forcing the SoC into a “safe” mode.
You can read more about Bare Metal Security in a Technical Note available from our downloads page.