IAR, the global leader in embedded software and services, is pleased to announce v9.40 of the IAR Embedded Workbench for Arm. This latest update introduces an advancement in code security: the integration of the pointer Authentication and Branch Target Identification (PACBTI) extension for Armv8.1-M. With PACBTI, user applications gain protection through the implementation of cryptographic signatures, effectively preventing attackers from taking control of the entire system. The release also features enhanced smart IDE Build Actions, elevating the development experience for software engineers.
Driven by growing demands for safety products due to legislation and regulation, IAR’s latest release addresses the critical need for enhanced code security. Among the notable highlights, the new compiler functions within the IAR Embedded Workbench for Arm complemented by the PACBTI extension, provide a robust defense against two prevalent security exploits: Return-Oriented Programming (ROP) and Jump-Oriented Programming (JOP). Both these techniques involve leveraging existing code segments within the user application. By gaining control of the call stack through methods like stack smashing, attackers overwrite crucial pointers stored in the stack to point, redirecting them towards identified vulnerable code snippets that serve the attacker’s purposes. With the inclusion of these new functions, IAR Embedded Workbench establishes formidable barriers, making it significantly more challenging for attackers to exploit code and compromise system integrity.
CIO INFLUENCE: CSI Adds IT Governance to Advisory Services Offering as Cybersecurity, Regulatory Landscapes Grow in Complexity
While PACBTI is designed to identify and mitigate common exploitable software errors, its effectiveness relies on sound software development practices, including the utilization of code analysis tools.
“Security has emerged as a top priority for embedded software developers,” says Anders Holmberg, CTO at IAR. “The latest version of IAR Embedded Workbench for Arm, coupled with well-established software development practices, form the foundation for truly secure embedded applications. Renowned for enhancing efficiency, productivity, and code quality, IAR, in combination with the IAR Embedded Trust and IAR Secure Deploy embedded security solutions, delivers one of the most comprehensive end-to-end solutions ensuring enhanced security every step of the way, from product development to mass production.”
CIO INFLUENCE: SEEQC Unveils Italy’s First Quantum Computing System
IAR Embedded Workbench for Arm stands as a comprehensive development toolchain, encompassing a highly optimized compiler and advanced debugging functionalities. Employing code analysis tools such as IAR C-STAT and IAR C-RUN, developers can proactively identify potential code issues, improve code quality and minimize potential attack surfaces. Both static and runtime analysis play pivotal roles during the development process, guaranteeing the discovery and elimination of vulnerabilities. The latest release also showcases smart IDE Build Actions, which replace pre- and post-build actions, empowering developers to execute multiple commands before compilation and linking.
Building upon the momentum of the previous release, which introduced Armv8-A AARCH64 support, IAR Embedded Workbench for Arm 9.40 now expands its capabilities to include support for Armv8-A AARCH32, enabling 64-bit processors to execute in 32-bit mode. Additionally, the release extends its compatibility to the Renesas E2/E2 lite emulator, offering seamless programming and debugging functionalities for Arm Cortex-M MCUs and Cortex-A MPUs. Furthermore, the latest version adds support for over 275 new devices from major semiconductor partners. Lastly, in extended language mode, the IAR C/C++ Compiler embraces additional GCC-style function attributes, promoting enhanced interoperability within the vast embedded ecosystem of RTOS/middleware. With the release of IAR Embedded Workbench for Arm 9.40, IAR solidifies its commitment to equipping developers with advanced tools and uncompromising security measures, propelling the embedded industry towards a future of innovation and fortified integrity.
CIO INFLUENCE: HP Chooses RISE with SAP to Help Drive Digital Transformation, Optimization and Efficiency
[To share your insights with us, please write to sghosh@martechseries.com]