Hi,
Perhaps I can make the claim that if the program memory doesn't contain a "write to program memory" instruction anywhere, and that in Harvard Architecture all executed instructions must originate from program memory, then it should be impossible for a network attacker to overwrite it?
Yes. (Speaking for AVRs with properly set security fuses)
It´s totally different to a PC with van Neumann hardware, where you may uplode a "fake picture" into RAM that indeed contains executable code and with any code exception (and the help of an Operating System) are able to run this code.
With AVRs you can´t execute code at SRAM.
You already need code in your code section that is able to write code.
With AVRs there is an application section and a bootloader section.
With AVRs you can disable that application code can modify application code.
and .. before you can "write" code into the flash memory it needs to be "erased" first.
So I think it´s rather difficult for an internet attack to acces code Flash if you don´t want to.
We´ve built our own secure bootloader for AVRs. We are able to update our applications via internet. But for this we have an external memory. No direct access from application to application section.
One has to transmit crypted code to the external memory, one has to pass several security features. Then one has to hard reset the microcontroller.
Then the bootloader starts and verifies and validates the data in external memory. and only if all these matches the bootloader encryts te code from external memory and programs it into the application section.
There needs to be a good reason for a hacker to invest much time to attack your application. He needs to gain something.
And it greatly helps if he has some knowledge about your source code. Hide it.
For the very most hacker access the "door" is the OS - like Windows.... which you don´t have installed on your microcontroller.
Klaus