EN 
DE 
The operational reliability of software-intensive embedded systems is closely linked to protection against unauthorized access or targeted attacks. The necessary measures for this include software and Hardware developers face equally high challenges.
Embedded systems are structured and integrated into surrounding technical systems in such a way that they can take on complex control and data processing tasks. Operational and data security must not be disrupted or even prevented by external influences.
This is achieved on the one hand by maintaining operational safety (safety), and on the other hand, security is understood as the entirety of measures to protect a system from external access or attacks. This underscores both the distinction between these terms and also shows how closely they are related.
Combining openness and security
Given the rapid pace of progress, reliably accompanied by increasing time constraints, competitive pressures, and the need for success, the central challenge lies in achieving an appropriate level of security alongside quality requirements. At first glance, the demands of openness (interconnectability with other systems), adaptability, and security seem to contradict the need for well-protected software engineering.
„Build and forget“ is a thing of the past.
With embedded software, improved access security can be achieved through software updates. This, in turn, requires system accessibility via interfaces, such as the internet. Thus, the requirement to improve software security through updates inevitably means that the system cannot be completely protected against unauthorized access. This presents challenges for both software and hardware development. Hardware-wise, secure interfaces and transmission procedures are needed. And the software must be designed so that it can be corrected with authorization but not manipulated without it. The "install and forget" approach is therefore a thing of the past.
Use known and proven algorithms and methods
In the development of embedded systems, the application of cryptographic methods can make many processes secure, or at least more secure. Unfortunately, the same mistakes are repeatedly made in the implementation of cryptography. This often makes it unnecessarily easy for intruders. Software developers frequently assume that no one can crack the algorithms they have developed, but the opposite is true. A common tactic is to write unclear or seemingly convoluted code. However, especially in today's interconnected world, every method will sooner or later become known. Self-testing of a self-developed algorithm might reveal that even the author cannot crack it. In that case, it is considered particularly secure.
Ultimately, you can't tell from looking at an algorithm whether it's safe or not. Therefore, the recommendation is to develop conservatively, using well-known and proven algorithms and methods.
However, even perfectly implemented cryptology has its limits, such as denial-of-service attacks or the ever-successful attempt to exploit the weakest element of a wall of security measures: the user himself.
Ultimately, common sense should never be overshadowed by formalism. When it comes to achieving security, some security is always better than none at all.
Further information
MicroConsult Training & Coaching on the topic of Safety & Security
