Increasing security issues and exploits are driving up the numbers of secure hardware shipments as well as driving developers and systems to more ‘memory safe’ languages.
The National Security Agency (NSA) has recommended developers make a strategic shift away from C++ in favor of Java, Ruby, Rust, and other languages offering . They are not alone, as Rust has been embraced by Microsoft, Amazon AWS, Meta, Google, and is being officially supported in the latest Linux kernel.
Typically embedded software developers do not have experience with deep security technologies, so increasingly microcontroller vendors are making it easier by adding on-chip capabilities or ‘secure hardware’ combined with software frameworks.
Toward Safer Code
A recently released Consumer Reports “Memory Safety” Report details that ‘roughly 60 to 70 percent of browser and kernel vulnerabilities—and security bugs found in C/C++ code bases—are due to memory unsafety, many of which can be solved by using memory-safe languages.” A number of alternatives such as isolating the code or undertaking the rewrite of code are not ideal. The report acknowledges that current “options present a number of trade-offs, including implementation effort, execution performance, and safety. For example, code that is otherwise security critical in a logic sense (like JITs, cryptographic primitives, etc.) may be comparatively worse for rewriting.”
Further an Atlantic Council paper explained in more detail last year that“memory-safety errors, can result from simple typos and forgotten lines of code or from complex memory structures and unforeseen interactions.” That report revealed that Google and Microsoft found that about 70% of their discovered bugs stemmed from memory-safety issues.”
Enter the push to use ‘memory safe’ programming languages like Rust to make this far more manageable for developers. While Rust isn’t the only ‘memory safe’ language out, it has far outpaced the adoption of others with over 50% growth in 2022 alone. Rust has consistently led the pack as one of the fastest growing and most loved programming language in 2022 for several years in StackOverflow’s annual survey. Created in 2006 by a software developer with Mozilla Research, the language was created with the charter to be a more reliable and safer alternative to C++.
Fastest growing languages
(source: Github via Dice.com)
Rust is quickly showing up in GitHub and Open Source projects as well with over 180k repositories on GitHub. Android 13 sees 21% of new code is written in Rust, but C and C++ code are still dominate. Other languages are created or behave differently. Take a high-level language like Python or Java will handle allocation for the programmer automatically by finding, adding, and freeing memory as an item is created, grows, shrinks, or gets discarded.
Android 13 memory vulnerabilities
(source: Google Security Blog)
Well known Android security engineer Jeffrey Vander Stoep noted the relationship of language to vulnerabilities. “While correlation doesn’t necessarily mean causation, it’s interesting to note that the percent of vulnerabilities caused by memory safety issues seems to correlate rather closely with the development language that’s used for new code.”
Hardcore developers and some embedded or legacy-entrenched technology enterprises are choosing to stick with the status quo, citing decades of legacy C code out there and are advocating developers apply memory-safe practices while coding in C++ as the right move forward despite the NSA warning.
In fact Bjarne Stroustrup, the creator of C++ posted a response to the national call for safer languages recently on the The Open Standards with a discussion on the role of safety in his design of C++ and linking to several techniques he published around safe coding practices.
Rise of the Secure MCU & Trusted Compute
In addition to a push around code changes, hardware-based security is seeing a resurgence with techniques used by developers for decades. This approach means adding schemas for memory protection and creating instruction extensions. Back in the mid-2000s, trusted execution environment (TEE) technologies were introduced and today with a move to the cloud for many enterprises they have found renewed interest.
Secure microcontrollers (MCUs) are seeing new life again as a hardware strategy as well. MCUs comprise both hardware and software now that there are advances in processing data on the edge (locally) to establish a hard-core based root of trust, embedded cryptography, and internet protocol (IP) security. Chip maker Arm played a big role in the renewed growth of MCUs with the introduction their Cortex processors with security IP TrustZone, the TEE, built in.
Approaches that take cues from both TEE and MCU are making their way to market. Arm’s architecture TrustZone allows for hardware-based security additions such as a hardware secure enclave for the security of sensitive data. Similar integrated strategies from AMD (SEV) and Intel (TDX) have emerged.
Open Source technologies and projects are innovating at the intersection of hardware and software in the interest of improving security. The nonprofit OpenHW Group released a comprehensive Open Source RISC-V microcontroller (MCU) development kit for embedded internet of things (IoT), and artificial intelligence (AI) driven applications that has an IDE, open printed circuit board (PCB) design, and support for AWS IoT.
Other independent projects around open standards include researchers at UC Berkeley Lab’s are studying ways to extend the functionality of TEEs through open standard RISC-V processors. Recently RISC-V has begun to put a greater emphasis on security and began to define a cryptographic instruction set, making security a priority for the popular open chip design.
ABI Research released a 2023 report estimating that the the secure microcontrollers market will grow to US $2.2 billion by 2026, as well as has called for estimated that digital authentication and embedded security will reach 5.3 billion by 2024, doubling the number of shipments in 2019.