Protecting embedded systems –The next ten years

Abstract

In this talk, I will speculate about the likely near-term and medium-term scientific developments in the protection of embedded systems. A common view of the Internet divides its history into three waves, the first being centered around mainframes and terminals, and the second (from about 1992 until now) on PCs, browsers, and a GUI.The third wave, starting now, will see the connection of all sorts of devices that are currently in proprietary networks, standalone, or even non-computerized. By the end of 2003, there might well be more mobile phones connected to the Internet than computers. Within a few years we will see many of the world’s fridges, heart monitors, bus ticket dispensers, burglar alarms, and electricity meters talking IP. By 2010, ‘ubiquitous computing’ will be part of our lives. Some of the likely effects of ubiquitous computing are already apparent. For example, applications with intermittent connectivity will have to maintain much of their security state locally rather than globally. This will create new markets for processors with appropriate levels of tamperresistance. But what will this mean? I will discuss protection requirements at four levels.