IAR boosts code security with cryptographic signatures

IAR boosts code security with cryptographic signatures

New Products |
By Jean-Pierre Joosting

IAR has announced version 9.40 of the IAR Embedded Workbench for Arm, which introduces an advancement in code security — the integration of the pointer Authentication and Branch Target Identification (PACBTI) extension for Armv8.1-M. With PACBTI, user applications gain protection through the implementation of cryptographic signatures, effectively preventing attackers from taking control of the entire system. The release also features enhanced smart IDE Build Actions, elevating the development experience for software engineers.

Driven by growing demands for safety products due to legislation and regulation, the latest release addresses the critical need for enhanced code security. Among the notable highlights, the new compiler functions within the IAR Embedded Workbench for Arm complemented by the PACBTI extension, provide a robust defense against two prevalent security exploits — Return-Oriented Programming (ROP) and Jump-Oriented Programming (JOP). Both these techniques involve leveraging existing code segments within the user application. By gaining control of the call stack through methods like stack smashing, attackers overwrite crucial pointers stored in the stack to point, redirecting them towards identified vulnerable code snippets that serve the attacker’s purposes. With the inclusion of these new functions, IAR Embedded Workbench establishes formidable barriers, making it significantly more challenging for attackers to exploit code and compromise system integrity.

While PACBTI is designed to identify and mitigate common exploitable software errors, its effectiveness relies on sound software development practices, including the utilization of code analysis tools.

“Security has emerged as a top priority for embedded software developers,” says Anders Holmberg, CTO at IAR. “The latest version of IAR Embedded Workbench for Arm, coupled with well-established software development practices, form the foundation for truly secure embedded applications. Renowned for enhancing efficiency, productivity, and code quality, IAR, in combination with the IAR Embedded Trust and IAR Secure Deploy embedded security, delivers one of the most comprehensive end-to-end solutions ensuring enhanced security every step of the way, from product development to mass production.”

IAR Embedded Workbench for Arm stands as a comprehensive development toolchain, encompassing a highly optimized compiler and advanced debugging functionalities. Employing code analysis tools such as  IAR C-STAT and IAR C-RUN, developers can proactively identify potential code issues, improve code quality and minimize potential attack surfaces. Both static and runtime analysis play pivotal roles during the development process, guaranteeing the discovery and elimination of vulnerabilities. The latest release also showcases smart IDE Build Actions, which replace pre- and post-build actions, empowering developers to execute multiple commands before compilation and linking.

Building upon the momentum of the previous release, which introduced Armv8-A AARCH64 support, IAR Embedded Workbench for Arm 9.40 now expands its capabilities to include support for Armv8-A AARCH32, enabling 64-bit processors to execute in 32-bit mode. Additionally, the release extends its compatibility to the Renesas E2/E2 lite emulator, offering seamless programming and debugging functionalities for Arm Cortex-M MCUs and Cortex-A MPUs. Furthermore, the latest version adds support for over 275 new devices from major semiconductor partners. Lastly, in extended language mode, the IAR C/C++ Compiler embraces additional GCC-style function attributes, promoting enhanced interoperability within the vast embedded ecosystem of RTOS/middleware. With the release of IAR Embedded Workbench for Arm 9.40, IAR solidifies its commitment to equipping developers with advanced tools and uncompromising security measures, propelling the embedded industry towards a future of innovation and fortified integrity.

If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :    eeNews on Google News


Linked Articles