Risk Management in Embedded Devices using Metering Applications as Example

Along with the rise in use of everyday life electronic products that collect and communicate personal data, there is an increasing need for adequate security. The use of ultra-low-power MCUs in such applications provides a clear advantage in terms of energy consumption. However, given their general-purpose nature and low-power needs, security has not been the main focus in the past. This work places emphasis on methodologically analyzing open security gaps at a system level and providing a score for each vulnerability found. Such vulnerability scores help prioritize the efforts towards building a secure system and balancing the trade-off between suitable protection and minimal cost. The work presented uses as an example an abstraction of metering applications implemented using a general purpose microcontroller. The presented approach makes use of the Common Vulnerability Scoring System open framework to quantify the impact of possible vulnerabilities and prioritize their remediation based on their relevancy.     «

Along with the rise in use of everyday life electronic products that collect and communicate personal data, there is an increasing need for adequate security. The use of ultra-low-power MCUs in such applications provides a clear advantage in terms of energy consumption. However, given their general-purpose nature and low-power needs, security has not been the main focus in the past. This work places emphasis on methodologically analyzing open security gaps at a system level and providing a s...     »