Arif:
It is possible to defeat almost any security system built into IC chips and microcontrollers if you are willing to spend enough money and break every law in the books.

Some systems are designed much more robust than others and there is also a trend toward more and more secure systems as chip manufacturers wise up to what customers want. I think the manufacturers are also looking at the tricks played by chip hackers too and trying to design ever more complex circuits to protect a customers IP.

However it is unfortunate that there are groups of people in this world that see a big money making opportunity to break security of a microcontroller and sell a contract service to preform code read out for a fee. Hackers that do this kind of thing even go to lengths to open up chip packages and probe right on the die to figure out how the gating of security works so they can figure out ways to defeat it.

Since there is no sure fire way to ensure that security of your IP in a microcontroller is absolutely safe it is best for you to focus your product security strategy in a multiplicity of ways. Some examples are...

Use ISP parts so that code updates are easy in the midst of production and change your code from time to time.

Use the vendor supplied security as a front line of defense but don't stake your whole business on it.

Make your code algorithms dependant on other parts of your product hardware so the microcontroller (or its software) without the hardware is useless.

Consider the use of high security protection keys like Dallas IBUTTON devices or RAINBOW keys (recall the software dongles on your PC) to interact with your firmware in a way that encodes and decodes configuration constants and intermeidate results in algorithmes that makes having just the code useless.

Use higher speed devices with more FLASH and program then in C. It is FAR FAR more difficult to disassemble algorithmes that were originally written in C than in assembly language.

Do not be afraid of embedding part of your product algotithm into a CPLD. These very capable logic parts are today very cost effective. A state machine in hardware of a CPLD that interacts with firmware in a protected microcontroller can be extremely difficult to reverse engineer.

And finally since these days small ISP based FLASH microcontrollers are getting so inexpensive do consider the idea of splitting your product algorithm up into multiple parts that are not necessarily divided along hierarchal lines. Have firmware talk between the parts. As a minimum this approach will multiply the hacker fee that your competitor pays by the number of processors you have elected to put into your hardware. A good point here is to not use all the same parts for all the processors too so that each cannot be hacked by the same techniques. Use derivatives from several vendors and maybe even relent and use some non-8052 type parts.

Good luck
Michael Karas