Although real-time operating systems are ubiquitous in the industry, OS-level security features are silently absent in most microcontroller systems. As a result, securing these systems against active attackers becomes impractical due to the missing foundations.
We believe security does not need to cost an ARM and a leg in memory resources or device performance. Operating systems for MMU-less low-end microcontrollers should be on par with established security models. High end embedded systems security does not need to be exclusive to Cortex-A/x86 Linux systems.
uVisor is available under Apache License on Github : https://github.com/ARMmbed/uvisor
We will show how spatial isolation of process memories using the ARM v7M Memory Protection Unit (MPU) works - and how it effects interprocess-communication, memory management, thread synchronisation and internal protection of key-material.
We will then introduce temporal isolation for guaranteed operation and device safety even under local attack. To make our point we integrated an advanced security foundation into the vendor-independent RTOS abstraction layer CMSIS-RTOS. Our example implementation - the ARMmbed uVisor for CMSIS-RTOS - is available under the Apache License.