Best practices, standards and a diverse ecosystem are essential for embedded developers to mitigate threats such as stack overflows and software backdoors.
What are the best practices when designing for device through server IoT security systems? This question was put to the experts at ARM, including Marc Canel, Vice President, Security Technologies; Jeff Underhill, Director of Server Programs; and Joakim Bech, Technical Lead for Security Working Group at Linaro. What follows is a portion of those interviews. – JB
Blyler: Security for the Internet of Things (IoT) spans everything from end-point sensors to connected devices, aggregated gateways, and middleware – all the way to servers. How can embedded designers deal with all the inherent complexity?
Bech: I think it’s impossible to get a detailed understanding in all areas. It is simply too much to handle. But luckily, you normally don’t have to focus on all IoT devices at the same time. Under normal conditions, the embedded designers work with a limited set of products in a specific area. The tricky part is when these devices develop their own communication that result in an un-tested area where you could potentially have both bugs and security flaws to an even greater extent than standard protocols. Therefore, if possible, it’s almost always better and preferable to adhere to a predefined standard, instead of inventing new protocols.