Article Preview
Top1. Introduction
Security can be defined as “the ability of an entity to protect resources for which it bears protection responsibility” (Kleidermacher & Kleidermacher, 2012). It includes commonly five goals that are confidentiality, integrity, availability, access control and authentication. Confidentiality ensures that the system sensitive information cannot be disclosed to unauthorized entities. Integrity ensures that adversaries cannot alter system operation, so maintaining consistency, accuracy, and trustworthiness of data. Availability ensures that information can be accessed and used reliably and timely. Access control guarantees that sensitive data in a target can only be accessed by authorized entities. Authentication is the process of recognizing a user’s identity (Kleidermacher & Kleidermacher, 2012).
An embedded system is an electronic product which is integrated into a larger system and which interacts with the physical world or the external environment continually via sensors/actuators to accomplish a certain task. As examples of embedded systems, the automobile infotainment head-unit, the antilock breaking system, the powertrain engine control unit, and the digital instrument cluster. Whatever their architectures type (i.e. centralized, distributed, etc.), the used technologies (i.e. wired, wireless, optical, etc.) and the application fields (i.e. automotive, avionics, space, robotics, health care, military, entertainment, etc.), embedded systems have some common decisive requirement-s among others the real time constraints , the reduced energy consumption and the safety assurance. Security is often considered as an afterthought and is typically not taken into account during embedded systems design because traditional embedded systems were not complex, use in-house IPs and close in the sense, they do not use any form of connectivity. In addition, the security itself is a qualitative attribute and its objectives are too abstract. This poses a big challenge to find a suitable metric for its evaluation.
We note that security differs from safety in fact that security is the protection against external deliberate threats (i.e. attackers), while safety is the aspect of being secure against unintended threats which can be internal or external (i.e. Nature).
Figure 1. Some embedded systems within a typical automobile (Kleidermacher & Kleidermacher, 2012)
With the remarkable increasing in embedded systems complexity, ubiquity, and the connectivity to the internet, which is qualified as an unsecure medium, embedded systems are becoming the target of different hackers and cyber-attacks. The latter exploit embedded systems vulnerabilities to achieve their malicious goals. For instance, inject some faulty code to disturb the functioning of the system, steal or alter some confidential data, render some services unavailable, consume the resources of the system and so on. Many attacks and vulnerabilities in embedded systems have been discovered and reported in the last decade.
(Beliba, 2020) identified twelve common attacks on ES partitioned in three big classes as shown in figure 2. Exploiting vulnerabilities in software code, software-based attacks allow a hacker to access data or gain control over an embedded system. The most known software-based attacks are malware attacks, brute-forcing access, overflowing the memory buffer and exploiting a web service. Network-based attacks exploit network infrastructure vulnerabilities to listen for, intercept, and modify traffic transmitted by the embedded system.