Return to search

Testing and Security Related Considerations in Embedded Software

The continued increasing use of microprocessors in embedded systems has caused a proliferation of embedded software in small devices. In practice, many of these devices are difficult to update to fix security flaws and software errors. This brings an emphasis on ensuring the secure and reliable software prior to the release of the device to ensure the optimal user experience. With the growing need to enable test and diagnostic capabilities into embedded devices the use of the JTAG interface has grown. While the intentions of the interface was originally to give the ability to shift in data into and out of chip’s scan chains for test, the generic framework has allowed for its features to expand. For embedded microprocessor’s the interface allows for halting execution, insertion of instructions, reprogramming the software, and reading from memory. While it creates a powerful debugging system, it also allows unlimited access to a malicious users. In turn such a user has the ability to either copy the intellectual property on the device, disable digital rights management routines, or alter the devices behavior. A novel method to secure JTAG access through the use of a multi-tiered permission system is presented in this paper. The use of static code analysis can be used to verify the functionality of embedded software code. Ideally, a software code should be tested in a way that guarantees correct behavior across all possible execution paths. While in practices this is typically infeasible due to the innumerable number of paths in the system, the use of automated test systems can help maximize the amount of code covered. In addition, such methods can also identify non-executable software statements that can be an indication of software issues, or sections of software that should not be targeted for testing. New static code analysis methods are presented in this dissertation. One technique uses supersets of software solution spaces to correctly identify unreachable software code in complex systems. Another presented technique automatically generates a set of test vectors to quickly maximize the number of code blocks executed by the set of test vectors. It is shown that such a method can be significantly faster than traditional methods.
Date01 December 2016
CreatorsPierce, Luke
Source SetsSouthern Illinois University Carbondale
Detected LanguageEnglish

Page generated in 0.0021 seconds