Cybersecurity with Tessent Embedded Analytics

Cybersecurity with Tessent Embedded Analytics

SoC design teams fulfill a mission-critical role in ensuring the physical and cyber security of electrical and electronic systems that are connected to the Internet. The requirements and tools available to achieve this goal are constantly changing, but we can be fairly confident that traditional software-only security measures are unlikely to be sufficient; A new kind of hardware-level monitoring is also needed.

Emerging regulations and legislation

The focus on cybersecurity is generating changes in work practices for several reasons:

  • Concern about legal liability if systems are compromised in a way that leads to loss, death, or injury, an area where standards such as ISO/SAE 21434 and ISA/IEC 62443 attempt to outline the correct approach.

  • Changes in legislation. The United Nations Economic Commission for Europe (UNECE) has proposed regulations for connected and autonomous vehicles, WP.29/GRVA, which will be adopted by more than 60 countries around the world, including all EU states. The legislation promotes a shift in cybersecurity approach for automotive systems from reacting to known attacks with bug fixes and updates, to one based on preventative measures.
  • The cost of product recalls for situations where upgrades cannot be achieved in the field undermines profitability and reduces a brand’s market value. The best way to avoid these burdens is to address cybersecurity issues at design time.

A view of the cybersecurity product lifecycle

Protecting products containing cyber-physical systems most obviously requires lifecycle management because updates in the field will be vital to ensure bugs and weaknesses can be fixed.

We need a consistent infrastructure that can support cybersecurity monitoring and control across deployed systems throughout the operational lifespan of the product. Such an infrastructure should be able to monitor in detail what is happening in the electronic system and automatically verify that operations comply with the specifications and rules that support a secure system. At a minimum, operations that contravene those rules are reported and recorded. In many cases, it will be important that access attempts are blocked in a way that does not alert attackers to the nature of the defenses being used. While software is an important part of this infrastructure, stopping attacks on the software itself requires hardware-level monitoring.

Embedded Analytics: A platform for hardware-based system security

The monitoring infrastructure must be able to observe the behavior of system interconnects and buses, as well as the processor cores themselves, while protecting against unauthorized access. Siemens Digital Industries Software’s Embedded Analytics platform provides a unique combination of hardware and system-level visibility, as well as both active and passive security features and complete independence of system functions and resources.

With a unique range of hardware-based security features, the Embedded Analytics platform can enable manufacturers of cyber-physical systems to meet security requirements today and in the future.

Embedded Analytics, with its IP-based monitors that inspect and report on on-chip activity, also needs to provide hardware-based security responses to transactions at hardware speeds. For that, we developed the Bus Sentry. By implementing a set of security rules at the pipeline transaction level, Bus Sentry can stop malicious activity in its tracks.

With Bus Sentry implemented in critical systems, other mechanisms to ensure security become practical, going far beyond what is possible with security countermeasures based purely on design or specification. An approach based on embedded analytics and an island of security enables an adaptive defense: rules and countermeasures can evolve over the lifetime of the system, based on learning collected from an entire fleet of systems.

Advanced On-Chip Cyber ​​Threat Mitigation

There are many forms of attack that do not have clear rules associated with them, but can be learned, detected, and mitigated using an Embedded Analytics security platform. These include:

  • Side channel and denial of service attacks
  • Use of digital signatures
  • Statistical anomalies
  • forensic analysis

By implementing the hardware-based security features of the Embedded Analytics platform: Responsive Security IP, a unique suite of on-chip monitors, a secure messaging infrastructure, and advanced threat mitigation enabled by combining the embedded SDK with analytics inside and outside of the chip. – Mission critical systems can be protected, by design, throughout their life cycle.

Author: Richard Oxland

Leave a Comment