Mitigating software security vulnerabilities of your embedded system

Consumer electronics, healthcare, automotive, payment systems, industrial control and you name it, embedded system are everywhere. As someone working on embedded system firmware and applications, I think the following simple guidelines can make your embedded system more secure.

• Regularly check for security vulnerabilities of the software components of your system and apply updates/patches.
  For example, suppose you are using Linux as the OS and OpenSSL library in your secure applications. You can look up vulnerabilities of these components (and many other) in the CVE Details security vulnerability datasource. OpenSSL also maintains its own page for vulnerabilities.
• Maintain a minimum configuration for all the components.
  This means that you should remove features that are not needed for your system. For example, 
• Remove unnecessary kernel modules.
• Strip down busybox and keep only the commands that are absolutely necessary.
• Strip down 3rd-party libraries to keep only the features that your applications need.
• Use ASLR (Address Space Layout Randomization).
  Modern Linux kernels enable this by default and set it to 2 (full randomization). You can read its value from the proc filesystem entry /proc/sys/kernel/randomize_va_space.
• Configure Linux kernel to use stack protection.
  Note that this will inevitably increase the size of the kernel. The LWN article "Strong" stack protection for GCC describes stack protection in general and the configurations CONFIG_CC_STACKPROTECTOR_NONE, CONFIG_CC_STACKPROTECTOR, and CONFIG_CC_STACKPROTECTOR_STRONG available for the kernel.
• Follow secure coding practices.
  You can find lots of useful secure coding guidelines for commonly used programming languages including c and c++ at Carnegie Mellon University SEI CERT coding standards.
• Use code analysis tools to help find vulnerabilities in your code and fix them.
• Use your compiler wisely.
  Modern c/c++ compilers are smart and they can help you a lot in finding issues in your code and protecting it against vulnerabilities.
• Turn on all warnings. Pay close attention to the warnings. 
• Use options to protect your application. Here and here you can find good concise descriptions of these options, and you can always look up GCC documentation. Note however that some of these options may not be available in your cross-compiler.
• Pay attention to the optimization level that you are using and its implications. Highly optimized code can sometimes make some of your secure coding practices useless (for example, clearing buffers to limit the lifetime of sensitive data in a highly optimized code).
• This is not related to software, but worth mentioning here. It is possible that your hardware itself is vulnerable. This is evident from the recent Meltdown and Spectre attacks. So, applying software updates/patches as mentioned in the very first item helps mitigate these vulnerabilities. The processor vendor usually informs of any hardware vulnerabilities and suggests software mitigation techniques you can use until a new hardware revision is available.