Security package helps thwart hacking of ARC HS3x/HS4x processors

Synopsys announced the new Enhanced Security Package for Synopsys DesignWare ARC HS Processors, enabling designers to develop isolated, secure environments that help protect embedded systems and software from evolving threats in high-end automotive, storage, and gateway applications. The Enhanced Security Package incorporates a range of features, including integrity protection, multiple privilege levels, and a watchdog timer that help protect system-on-chips (SoCs) against both logical and physical attacks, such as IP theft and remote attacks, without compromising performance. ARC HS Processors with the Enhanced Security Package enable SoC developers to create devices less susceptible to security threats while eliminating the increased area and power consumption that an additional security core and associated memories would impose.

Synopsys DesignWare ARC HS Processors are based on the scalable, 32-bit ARCv2 instruction set architecture (ISA) and are optimized for performance efficiency, making them ideally suited for a wide range of high-end embedded applications. The Enhanced Security Package for ARC HS Processors offers integrity protection for registers and memory to detect fault injection attacks, which helps prevent the use of power or clock glitching to bypass secure boot checks or elevate the privilege level.

Access control of hardware resources and the system bus is protected by the HS Processors’ secure memory protection unit (MPU), helping to prevent an attacker from injecting executable code as data. The availability of multiple privilege levels enables software applications to be isolated, making them less vulnerable to attack. Hardware stack bounds checking and compiler-inserted canaries prevent stack overflows that can be exploited to achieve arbitrary code execution or privilege escalation. In addition, randomization of the base address for software prevents return-oriented programming (ROP) and jump-oriented programming (JOP) in larger systems running Linux.