• Memory Protection Unit: Is It Secure Enough? – PlaxidityX Ep 15

  • Jan 26 2025
  • Length: 30 mins
  • Podcast

Memory Protection Unit: Is It Secure Enough? – PlaxidityX Ep 15

Listen for free

View show details

  • Summary

  • Have you ever wondered how microcontrollers in vehicles manage memory access behind the scenes? This episode sheds light on the Memory Protection Unit, an essential yet sometimes overlooked hardware layer designed to stop unauthorized reads, writes, and execution. We revisit fundamental principles—like differentiating between the Core MPU (CMPU) and the System MPU (SMPU)—and explain how each can become a target for cyber attackers.

    Through detailed automotive cyber security case studies involving two newly discovered vulnerabilities, we reveal how a privileged attacker might disable the SMPU entirely. When that happens, carefully drawn security boundaries collapse, exposing critical sections of code and data. The conversation further explores how incomplete hardware locking mechanisms can nullify protective features, leaving devices open to unexpected exploits.

    Despite these alarming scenarios, there are proven strategies for mitigating threats. We discuss testing every crucial claim in the datasheet, adopting multiple layers of security, and monitoring vendor errata to stay informed about updated countermeasures. This episode will challenge listeners to question assumptions and take a closer look at an automotive security architecture often assumed to be rock-solid.

    Chapters:
    (00:00) Introduction to Automotive Memory Protection Units
    (01:43) From MMUs to MPUs
    (03:08) The MPU: A Modern Day Cyber Sentinel
    (05:18) Protection Units in the Automotive Domain
    (08:09) Types of MPUs
    (08:21) Core MPU (CMPU)
    (09:01) System MPU (SMPU)
    (09:54) Peripheral Protection Unit (PPU)
    (11:54) Some background: The PowerPC architecture
    (13:23) The MPU Vulnerabilities
    (14:48) The Core MPU and its Limitations
    (17:06) The System MPU (SMPU)
    (19:38) Configuring the SMPU
    (21:50) The SMPU Vulnerability
    (23:10) Disclosure to STMicroelectronics
    (25:55) Disclosure to NXP
    (28:05) MPU Mitigations
    (28:55) Concluding remarks
    (29:48) Outro on the MPU PlaxidityX Case Study

    Contact us:
    https://www.linkedin.com/company/plaxidityx/
    https://www.youtube.com/@PlaxidityX
    contact@plaxidityx.com

    Show more Show less
Show more Show less

What listeners say about Memory Protection Unit: Is It Secure Enough? – PlaxidityX Ep 15

Average customer ratings

Reviews - Please select the tabs below to change the source of reviews.

Audible.com reviews

Amazon reviews
No Reviews are Available