ARM embedded code security boost with pointer authentication tool
IAR has added support for ARM’s Pointer Authentication and Branch Target Identification (PACBTI) extension into its latest development tool to protect embedded code against security exploits.
Version 9.40 of the IAR Embedded Workbench for ARM integrates the PACBTI extension for Armv8.1-M. This supports the implementation of cryptographic signatures, effectively preventing attackers from taking control of the system.
The PACBTI extension provides a robust defence against two prevalent security exploits: Return-Oriented Programming (ROP) and Jump-Oriented Programming (JOP). Both these techniques use existing code segments within the user application. By gaining control of the call stack through methods like stack smashing, attackers overwrite crucial pointers stored in the stack to point, redirecting them towards identified vulnerable code snippets that serve the attacker’s purposes. With the inclusion of these new functions, IAR Embedded Workbench establishes formidable barriers, making it significantly more challenging for attackers to exploit code and compromise system integrity.
While PACBTI is designed to identify and mitigate common exploitable software errors, its effectiveness relies on sound software development practices, including the utilization of code analysis tools.
Code analysis tools such as IAR C-STAT and IAR C-RUN in the workbench can proactively identify potential code issues, improve code quality and minimize potential attack surfaces. Both static and runtime analysis play pivotal roles during the development process, guaranteeing the discovery and elimination of vulnerabilities.
“Security has emerged as a top priority for embedded software developers,” says Anders Holmberg, CTO at IAR. “The latest version of IAR Embedded Workbench for Arm, coupled with well-established software development practices, form the foundation for truly secure embedded applications. Renowned for enhancing efficiency, productivity, and code quality, IAR, in combination with the IAR Embedded Trust and IAR Secure Deploy embedded security solutions, delivers one of the most comprehensive end-to-end solutions ensuring enhanced security every step of the way, from product development to mass production.”
The latest release also showcases smart IDE Build Actions, which replace pre- and post-build actions, allowing developers to execute multiple commands before compilation and linking. The workbench includes a highly optimized compiler and debugging tools. In extended language mode, the IAR C/C++ Compiler embraces additional GCC-style function attributes, promoting enhanced interoperability within the vast embedded ecosystem of RTOS/middleware.
V9.40 also supports the Armv8-A AARCH32, enabling 64-bit processors to execute in 32-bit mode, and extends its compatibility to the Renesas E2/E2 lite emulator, offering seamless programming and debugging functionalities for Arm Cortex-M MCUs and Cortex-A MPUs. The release also adds support for over 275 new devices from major semiconductor partners.
If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :
