One and Done Security
May 06, 2024
There is a lot of frustration by security experts and legislators, with device OEMs not implementing security measures. Apparently, many OEMs balk at the ongoing effort and expense to create and manage a security team to verify and fix problem reports and to communicate their actions according to the requirements of various security agencies. On their side, OEMs probably prefer a one and done approach to security. I think that I have a solution for this conflict. It is not a perfect solution, but it is a half-step in the right direction. The solution is partitioning. We have found that it is possible to achieve strong isolation between software partitions for the Arm Cortex-M architecture with memory protection units. It is possible to do this without excessive memory waste or processor overhead for both the v7M and v8M architectures. Tasks in one partition cannot access resources in another partition. They must go through portals . Tasks in client partitions send protected messag