Thursday, January 31, 2008

Check Your Math

How well do you trust the basic mathematical operations of your processor? Subtle math errors in code can allow access secure data. Even if you are not implementing a security algorithm, potential problems from basic mathematical errors can cause results that would seem impossible. There are methods to help prevent these problems:

  • Use asserts before any critical operations.
  • Test important (security) results for consistency.
  • Use a watchdog timer.
  • Check processor errata sheets (both for development and production versions).
  • Use mature, well tested math libraries.
  • Write unit tests for the mathematical sections of the code.
This all adds another layer of complexity to embedded system design, but that cannot be avoided with the increasing complexity and security of modern systems. So make sure to check your math.

Adding Math to List of Security Threats - NY Times Math Error Could Compromise Cryptographic Systems - Information Week

No comments: