IAR elevates code security with IAR Embedded Workbench for Arm 9.40 through PACBTI integration |
With the launch of IAR Embedded Workbench 9.40, IAR introduces seamless compatibility with the Pointer Authentication and Branch Target Identification (PACBTI) extension, protecting embedded applications against security exploits. |
Uppsala, Sweden; June 7, 2023 – IAR, the global leader in embedded software and services, is pleased to announce v9.40 of the IAR Embedded Workbench for Arm. This latest update introduces an advancement in code security: the integration of the pointer Authentication and Branch Target Identification (PACBTI) extension for Armv8.1-M. With PACBTI, user applications gain protection through the implementation of cryptographic signatures, effectively preventing attackers from taking control of the entire system. The release also features enhanced smart IDE Build Actions, elevating the development experience for software engineers. Driven by growing demands for safety products due to legislation and regulation, IAR's latest release addresses the critical need for enhanced code security. Among the notable highlights, the new compiler functions within the IAR Embedded Workbench for Arm complemented by the PACBTI extension, provide a robust defense against two prevalent security exploits: Return-Oriented Programming (ROP) and Jump-Oriented Programming (JOP). Both these techniques involve leveraging existing code segments within the user application. By gaining control of the call stack through methods like stack smashing, attackers overwrite crucial pointers stored in the stack to point, redirecting them towards identified vulnerable code snippets that serve the attacker’s purposes. With the inclusion of these new functions, IAR Embedded Workbench establishes formidable barriers, making it significantly more challenging for attackers to exploit code and compromise system integrity. While PACBTI is designed to identify and mitigate common exploitable software errors, its effectiveness relies on sound software development practices, including the utilization of code analysis tools. "Security has emerged as a top priority for embedded software developers," says Anders Holmberg, CTO at IAR. "The latest version of IAR Embedded Workbench for Arm, coupled with well-established software development practices, form the foundation for truly secure embedded applications. Renowned for enhancing efficiency, productivity, and code quality, IAR, in combination with the IAR Embedded Trust and IAR Secure Deploy embedded security solutions, delivers one of the most comprehensive end-to-end solutions ensuring enhanced security every step of the way, from product development to mass production.” IAR Embedded Workbench for Arm stands as a comprehensive development toolchain, encompassing a highly optimized compiler and advanced debugging functionalities. Employing code analysis tools such as IAR C-STAT and IAR C-RUN, developers can proactively identify potential code issues, improve code quality and minimize potential attack surfaces. Both static and runtime analysis play pivotal roles during the development process, guaranteeing the discovery and elimination of vulnerabilities. The latest release also showcases smart IDE Build Actions, which replace pre- and post-build actions, empowering developers to execute multiple commands before compilation and linking. Building upon the momentum of the previous release, which introduced Armv8-A AARCH64 support, IAR Embedded Workbench for Arm 9.40 now expands its capabilities to include support for Armv8-A AARCH32, enabling 64-bit processors to execute in 32-bit mode. Additionally, the release extends its compatibility to the Renesas E2/E2 lite emulator, offering seamless programming and debugging functionalities for Arm Cortex-M MCUs and Cortex-A MPUs. Furthermore, the latest version adds support for over 275 new devices from major semiconductor partners. Lastly, in extended language mode, the IAR C/C++ Compiler embraces additional GCC-style function attributes, promoting enhanced interoperability within the vast embedded ecosystem of RTOS/middleware. With the release of IAR Embedded Workbench for Arm 9.40, IAR solidifies its commitment to equipping developers with advanced tools and uncompromising security measures, propelling the embedded industry towards a future of innovation and fortified integrity. More information about the IAR Embedded Workbench for Arm 9.40 and free evaluation versions are available at http://www.iar.com/new-release-9.40. Editor's Note: IAR, IAR Embedded Workbench, Embedded Trust, C-Trust, C-SPY, C-RUN, C-STAT, IAR Visual State, I-jet, I-jet Trace, IAR Academy, IAR, and the logotype of IAR are trademarks or registered trademarks owned by IAR Systems AB. All other product names are trademarks of their respective owners. |
About IAR IAR provides world-leading software and services for embedded development, enabling companies worldwide to create secure and innovative products for today and tomorrow. Since 1983, IAR’s solutions have ensured quality, security, reliability, and efficiency in developing over one million embedded applications for companies across industries such as industrial automation, IoT, automotive and medical. IAR supports 15,000 devices from over 70 semiconductor partners. The company is headquartered in Uppsala, Sweden, and has sales and support offices worldwide. IAR is owned by I.A.R. Systems Group AB, listed on NASDAQ OMX Stockholm, Mid Cap (ticker symbol: IAR B). Learn more at www.iar.com. |