Welcome to the July 2019 edition of the Embedded Artistry Newsletter! This is a monthly newsletter of curated and original content to help you build superior embedded systems. This newsletter supplements the website and covers topics not mentioned there.
This month we'll cover:
- Phillip's interview on Embedded.fm
- Atomic clocks in space
- Stuxnet: ten years later
- Embedded systems security resources
- Embedded news from around the web
- Updates to the Embedded Artistry Website
Last month, Embedded.fm interviewed Phillip. Elecia, Chris, and Phillip discussed consulting, writing, learning, code reviews, rules of thumb, Boeing 737 MAX, and implementing C++ threading types with an RTOS.
Check out Embedded.fm episode 290!
Atomic Clocks in Space
We love learning about technological developments with space exploration, since they involve wonderful examples of highly reliable embedded systems.
In June, NASA’s Jet Propulsion Laboratory (JPL) announced that they were creating a deep-space atomic clock. This clock is a toaster-sized device that aims to facilitate navigational efforts for future space missions. The first clock was launched into Earth’s orbit at the end of June for a one-year trial.
You can learn more about the Deep Space Atomic Clock with these JPL links:
- What is an Atomic Clock?
- Five Things to Know about NASA's Deep Space Atomic Clock
- How an Atomic Clock Will Get Humans to Mars on Time
- NASA Technology Missions Launch on SpaceX Falcon Heavy
A Look at Stuxnet, Ten Years Later
June marked the 10th anniversary of the first Stuxnet infection, which targeted Siemens PLCs and was responsible for damaging Iran's nuclear program. Stuxnet caused centrifuges at the nuclear plant to spin out of control while operator screens reported nominal values, leading to systems failures, asset damage, safety concerns, and a national security fiasco.
It's interesting to look back on Stuxnet with the context of today's continual onslaught of security vulnerability announcements and IoT botnet attacks. What have we learned in the ten years since Stuxnet demonstrated the capability of vulnerabilities to wreak havoc on physical systems? The overall state of device security hasn't noticeably improved, and reports of hacked devices reaching into the physical world abound.
Security can no longer be an afterthought. Even if your product isn’t connected to a nuclear reactor, vulnerabilities are exploited with disastrous results. For more on Stuxnet:
For more on Stuxnet:
- An Unprecedented Look at Stuxnet, the World's First Digital Weapon *Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon
- Wikipedia: Stuxnet
- Stuxnet: What has Changed?
Embedded Systems Security Resources
A reader reached out to us on LinkedIn and requested recommendations for books and resources discussing embedded systems security. As we just mentioned, security is an area that we all need to focus on when we design and build our embedded systems. If you have recommended books or links that discuss embedded systems security, let us know! We will be collecting recommendations and publishing a post dedicated to security resources. Here’s what we’ve collected thus far.
Phil Koopman has a collection of lectures discussing embedded systems security:
- Just a Minute on Embedded System Security Plans
- Embedded Security, Safety, and Software Quality
- Embedded Systems Security Pitfalls
- Embedded Systems Security: Cryptography
- Embedded Systems Security: Security Plan
The following books relate to embedded systems security:
- Security Engineering: A Guide to Building Dependable Distributed Systems
- Embedded Systems Security: Practical Methods for Safe and Secure Software and Systems Development
- Hardware Security: A Hands-on Learning Approach
- Practical Internet of Things Security
- The IoT Hacker's Handbook: A Practical Guide to Hacking the Internet of Things
Here are articles with general introductions to embedded systems security concepts:
- A Primer for Embedded Systems Security by Totalphase discusses risk assessments, classifying attackers, and a layered security model.
- Security Requirements for Embedded Devices - What is Really Needed? summarizes embedded security challenges and possible security features to focus on.
- Security Fundamentals for Embedded Software
These articles focus on common pitfalls with embedded device security:
- Top 16 Embedded Security Pitfalls by Phil Koopman covers common pitfalls to avoid when designing your security plan.
- Secrecy vs. Integrity and Why Encryption Might Be the Wrong Choice by Phil Koopman shows that encryption doesn't solve all of our security problems. In many cases, authentication and integrity are more important.
- Security Pitfalls in Cryptography by Bruce Schneier contains some lessons learned that you can apply to avoid creating a bad cryptographic system.
Around the Web
We've grouped our July reading recommendations by these categories:
Bunnie comments on the trade war with China and its potential impact on Open Source Could Be a Casualty of the Trade War.
If you're interested in the intersection of machine learning and embedded systems, a reader on LinkedIn shared this link for running TensorFlow Lite on a microcontroller.
The Memfault team also published an excellent article on writing linker scripts for firmware.
Colin Walls wrote about mixing C and C++ in an embedded application. If you're interested in trying out C++ on an existing embedded product, try one of Colin's two approaches.
Watchdog timers are a staple element of embedded systems. Alexandru Lazar shared some Watchdog Timer Anti-patterns that we should keep in mind when building our systems.
Thread Group announced version 1.2 of the Thread wireless protocol. Stacey Higginbotham provided a summary of the changes
For a great example of applying
std::variant to create a state machine, check out this C++ article: Space Game: A std::variant-Based State Machine by Example.
Appropriately for the 10-year anniversary of Stuxnet, we saw an inordinate amount of articles related to security.
EE Times highlighted that the IoT security gap is widening: we're adding more devices and sending more data, but IoT devices are still a prime hacking target.
Designing Hardware for Data Privacy highlights the need to develop a thread model for our devices and to implement the appropriate countermeasures.
Enhancing Privacy and Security in the Smart Meter Lifecycle provides a look at a variety of techniques that can be used to improve IoT device security.
How Many Layers of Security Do You Have? argues that designers should consider two guiding principles: defense in depth and principle of least privilege.
Will the Real Root of Trust Stand Up? discusses the concept of a "root of trust".
Strange Parts recorded a fantastic factory tour of the PCBWay factory in Shenzen: Inside a PCB Soldering Factory - in China. If you are curious about how circuit boards are manufactured, check out this video.
Dangerous Prototypes also shared a helpful app note discussing a method for using two accelerometers to make rotational measurements, which is useful if you already have two accelerometers and don't want to update your product to add a gyroscope.
Hiring Embedded Engineers?
Is your company hiring embedded systems hardware/software engineers? Send us a short job ad with a link to the full job description. We will be happy to include it in our newsletter.
We've renamed the "Embedded C++" and "Migrating from C to C++" categories to work around a Squarespace link generation issue.
We added additional acronyms to the Glossary.
We updated the following articles:
- Embedded Rules of Thumb
- Pareto Principle for Software
- Programmers: Let's Study Source Code Classics
- Interview Question Breakdown: Bad C Analysis
- ARM Pointer Alignment Requirements
- Installing LLVM/Clang on OS X
- Implementing an Asynchronous Dispatch Queue with FreeRTOS
- Warnings: -Weverything and the Kitchen Sink
We published the following articles in June:
- Regular Expressions for Embedded C++, a guest post by Klemens Morgenstern
- Enforce Correct Integer Arithmetic using the C++ Safe Numerics Library
These were our most popular articles in June:
- Creating a Circular Buffer in C/C++
- For Beginners
- Demystifying Microcontroller GPIO Settings
- Installing LLVM/Clang on OSX
- C++ Casting, or: "Oh No, They Broke Malloc!"
- Improving Your Callback Game
- Jenkins: Configuring a Linux Slave Node
- An Overview of C++ STL Containers
- Migrating from C to C++: NULL vs nullptr
Thanks for Reading!
Have any feedback, questions, suggestions, interesting articles, or resources to recommend to other developers? Simply reply to this email!
-Phillip & Rozi