Arm Community
Arm Community
  • Site
  • User
  • Site
  • Search
  • User
Arm Community blogs
Arm Community blogs
SoC Design and Simulation blog Secure a safe future with Arm systems
  • Blogs
  • Mentions
  • Sub-Groups
  • Tags
  • Jump...
  • Cancel
More blogs in Arm Community blogs
  • AI blog

  • Announcements

  • Architectures and Processors blog

  • Automotive blog

  • Embedded and Microcontrollers blog

  • Internet of Things (IoT) blog

  • Laptops and Desktops blog

  • Mobile, Graphics, and Gaming blog

  • Operating Systems blog

  • Servers and Cloud Computing blog

  • SoC Design and Simulation blog

  • Tools, Software and IDEs blog

Tags
  • automotive
  • System Technology
  • Security
  • Arm Insights
  • System Design
Actions
  • RSS
  • More
  • Cancel
Related blog posts
Related forum threads

Secure a safe future with Arm systems

Andrew Hopkins
Andrew Hopkins
June 7, 2017

Safety and security are interesting topics; they are closely related and complementary to one another, despite being distinct disciplines in the context of systems and SoC design. They are so close, that some languages (like French) even use the same word to describe them - although it’s worth noting that secure systems can be unsafe and safe systems can arguably be insecure. It is Arm’s aspiration that systems are always safe and secure, which is why we hire and engage with leading experts in both disciplines, to realize effective solutions. Arm is also a continuous improvement organisation and we look to achieve more as technology advances.

The classical relationship between a system and its environment is shown below in Figure 1, although this view is increasingly misaligned with the connected world. In a simple model, security prevents the environment from adversely affecting the system, which could be an outside agent trying to access assets or take control. Safety prevents the system affecting the environment in an uncontrolled way that could lead to a hazard (for example, a fault occurring within the system that leads to the windscreen wipers malfunctioning, or brakes not working as expected). The two form a complementary ‘firewall’ to isolate the system with control of communication so that both security and safety objectives are met.

Safety and security system and environment

Figure 1: Safety and security, a simplified relationship between a system and its environment

A more holistic view defines security as the ‘protection of assets and defence from malicious attack’. The classical view considers protection of assets similarly to a locked box, but ignores the possibility of external interference, which prevents effective operation. External effects are also important for functional safety, as the requirement for freedom from interference may force the system to stop or be less effective, in order to prevent hazardous behaviour.

For example, where V2X is used for autonomous driving the system must secure the communications as part of a trusted relationship. To stay safe the car needs to keep working even if V2X becomes unavailable (maliciously or otherwise).

Another question is how safety fits with the Reliability, Availability and Serviceability (RAS) technology, which Arm first developed to reduce the Failure In Time (FIT) rate of infrastructure and mobile products. Arm’s RAS architecture standardises error reporting to aid diagnosis and recovery. The use of ECC in memories provides resilience to transient and permanent faults. All of these mechanisms are also useful for functional safety, which builds on Arm’s RAS architecture. This is to be expected, as like safety and security - reliability, availability and serviceability are all forms of dependability, as is integrity, which Arm addresses in their product development.

Security

In most systems realizing a practical security capability requires a combination of hardware and software. Although best known for its silicon IP used in SoC devices, Arm is also a developer of security enabling software.

The range of Arm TrustZone technology products, include capabilities within the Arm Cortex-A, Cortex-R and Cortex-M processor families. Arm also provides system IP to help divide resources between the secure and non-secure worlds. Recent products in all families of Arm’s processor cores facilitate a secure execution environment, and are supported by software, such as Arm’s Trusted Firmware and a broad ecosystem of operating system vendors.

Arm TrustZone CryptoCell products build upon Arm’s processor IP to protect assets such as keys, certificates and digital rights. They also provide a root of trust and facilitate secure booting of software. The functionality of CryptoCell includes random number generation and acceleration of encryption.

Collectively the Arm TrustZone products form a solution to help secure the next generation of functional safety systems.

Functional Safety

The essence of functional safety is to avoid errors and prevent hazards (including fatality). The developers of safe systems achieve this by designing fault detection and control capabilities into their products, so that faults are identified and their effects mitigated before a hazardous error occurs. The proportion and type of faults to be detected, depends on the development’s safety concept and is often guided by the suggestions and examples given within functional safety standards (such as ISO 26262 and for defined Automotive Safety Integrity Levels (ASILs) or SILs in IEC 61508 terminology). The highest integrity systems require a greater fault detection capability, known as diagnostic coverage. ASIL D and SIL 3 are at the at the upper end of the spectrum (as show by Figure 2) and are recommended to have a Single Point Fault Metric (SPFM) of at least 99% and 90% coverage of latent faults.

Single point fault metrics by safety integrity

Figure 2.  Example single point fault metrics by safety integrity level

There’s also a human element to development as all engineers are fallible. Human error leads to systematic faults, those inherent in the design, such as misinterpretation of specifications, forgetfulness, mistakes or faults caused by design tools. Developments for functional safety must guard against such faults and Arm helps partners by developing it’s IP with a rigorous development process using leading EDA tools. Arm has a growing portfolio of products suitable for use in ASIL D systems with many more in development. You can read more detail on functional safety in the whitepaper: The Functional Safety Imperative in Automotive Design.

Download Arm's Functional Safety whitepaper

In 2016, Arm launched Cortex-R52, a processor designed from the ground up to meet the real-time and safety needs of many segments including; automotive, robotics, industrial and medical. It has a wide range of applications, including MCU, powertrain and chassis and programmable logic controllers (PLCs), or as a safety island within larger SoCs for Advanced Driver Assist Systems (ADAS) and robotic controllers. You can learn more in the blog New Arm Cortex-R52 enables autonomous systems with the highest functional safety standards.

Summary

As electronic systems assume more responsibility for tasks that directly affect our daily lives, it’s crucial that we can rely on them to be both safe and secure. Functional safety and security are two distinct topics that go hand-in-hand to ensure systems are dependable, without exhibiting hazardous behaviour or wrongfully revealing our information assets.

Arm is an IP vendor experienced with both security and functional safety, making its products well placed to enable success in automotive, industrial and other markets where both functional safety and security are essential.

Learn more at DAC

Attending DAC this year? Join me on June 20th, 13:30 – 15:00 in Ballroom G - where I will be speaking about redundant execution for performant high-integrity systems.

Sign up for SoC Design updates

Anonymous
  • metux
    metux over 7 years ago

    Using terms like "trust" and "security" in relation to firmware, even automotive, is quite funny. These are usually the exact opposite of trustworthy and secure.

    • Cancel
    • Up 0 Down
    • Reply
    • More
    • Cancel
SoC Design and Simulation blog
  • Understanding Scandump: A key silicon debugging technique

    Vincent Yang
    Vincent Yang
    Scandump is highly effective in silicon debugging as it can capture most internal states through scan chains, making it invaluable in diagnosing silicon issues.
    • June 5, 2024
  • Introduction to AMBA Viz

    Tony Nip
    Tony Nip
    AMBA Viz enables faster debug and performance analysis for cycle-accurate simulation and emulation, even for complex interconnects and AMBA bus protocols.
    • May 31, 2024
  • Arm Virtual Platform co-simulation solution accelerates SoC verification

    Daniel Owens
    Daniel Owens
    Avery Design Systems’ co-simulation design verification solution that integrates SystemC-based Arm virtual platforms with a SystemVerilog environment.
    • December 6, 2022