For the highest security-critical environments, WHIS offers the Enhanced Security Module (ESM) to reinforce and strengthen the existing security of our RTOS.
The SAFERTOS® Enhanced Security Module (ESM) hardens the spatial separation between user mode Tasks. Its objective is to prevent deliberate and malicious attempts to gain access to sensitive information, take control of the system, and to reduce the effects of a Denial Of Service attack.
SAFERTOS: The Ideal Starting Point for Secure Applications
SAFERTOS® provides tools allowing developers to add a degree of spatial separation between tasks, which used effectively, can help prevent tasks directly making unintentional or accidental access to incorrect memory regions. All SAFERTOS code is tested and verified, and has a reassuringly short supply chain. SAFERTOS has 100% MC/DC Coverage.
In a conventional flash driven system, the typical security boundary, or attack surface, is the external interfaces (the RTOS and host application combined as a block). With the SAFERTOS® ESM, the attack surface is considered to be the boundary of a user mode Task. The objective of the ESM is to make it possible for the application designer to reduce the attack surface of a user mode Task to a minimum. This thereby restricts a bad actor to just the compromised user mode Task, and prevents access to the rest of the system.
The new enhanced security module hardens the external interfaces offered by the RTOS to provide protection against malicious activities in a task compromised by a bad actor.
Typical Users include:
- Developers that need complete data protection in high risk applications in markets such as medical;
- Developers using large, complex devices on multiple cores that may be running code from outside sources;
- Developers using software of unknown provenance.
ESM integrates well with hardware security modules such as Arm TrustZone, or STMicroelectronics’ Secure Boot.
What if There is a Breach of the System?
What happens if your system is breached? Once people are in your system, ESM will immediately notify your application, while providing protection against unauthorised access to data and functions.
In most cases, attacks happen over a period of time. The Enhanced Security Module significantly slows the progress of an attacker in the system, allowing time for the application to be notified. ESM makes gaining access to the system much more difficult for the hacker, and increases the time for detection and action.
Increased Security
Our company structure and policies increase the security of your SAFERTOS® device. You can have complete peace of mind knowing:
- Short supply chain – all of our RTOS code is written in-house by our safety experts;
- There is no unused or undocumented code in SAFERTOS;
- SAFERTOS is safety tested with 100% MC/DC coverage;
- We are part of WITTENSTEIN SE, a large, trusted, German Company.
