FreeRTOS (Part 6): FreeRTOS Security

Bob continues his article series about the open-source FreeRTOS. In Part 6, he discusses security concerns and provisions when we use FreeRTOS. Topics Covered What are the security concerns and provisions when using FreeRTOS?What are the security needs in an RTOS?What are the best practices in RTOS design?How does FreeRTOS stack up in terms of security? Tech Discussed FreeRTOSPSoC64 Secure MCU from Infineon Technologies NXP Semiconductors’ LPC540XX MCU A number of years ago, long before the Internet, I asked a friend who worked at Bell Labs about network security. At the time, the Bell Telephone Company had a government-sanctioned monopoly on the phone system. Bell Labs was integrally connected to protecting the security of the phone network. I was completely naïve about the needs for security in the devices I was designing. But he opened my eyes to a different world. Several times during his tenure at Bell Labs, he attended a phone hacker conference incognito (the popular term was “phone phreaks” [1]). He told me about all kinds of hacking techniques that were used to get free long-distance calling. At that time, Bell used single frequencies to cause the phone network to make decisions about routing calls. You could even use a whistle packaged in Captain Crunch (Figure 1) cereal to make long distance calls [2]. Figure 1 Even the sounds from this whistle packaged in Captain Crunch cereal could be used as a hack to make long distance calls. Even though I was exposed early on in my design career to the dark side of hacking and the need to create hacker proof embedded systems, I largely remained in the dark for many years about the extent hackers would go. The advent of the Stuxnet worm and the way it compromised Iranian PLCs should show us the extent to which hackers actually go—especially when the hackers are government funded. This worm caused centrifuges used to create enriched nuclear fuel to self-destruct, which significantly s