New Approaches to Connected Device Security
|
|
- Rosalyn Ellis
- 6 years ago
- Views:
Transcription
1 New Approaches to Connected Device Security Erik Jacobson Architecture Marketing Director Arm Arm Techcon 2017
2 - If you connect it to the Internet, someone will try to hack it. - If what you put on the Internet has value, someone will invest time and effort to steal it. Brian Krebs January
3 Agenda Securing IoT devices Introducing the Platform Security Architecture (PSA) The PSA Firmware Framework Trusted Firmware-M Summary 3
4 Securing IoT Devices Securing IoT devices
5 A diversity of device types OEM 1 OEM 2 OEM 3 SILICON PARTNER A SILICON PARTNER B SILICON PARTNER C SILICON PARTNER D 5
6 A diversity of device types needs common ground-rules OEM 1 OEM 2 OEM 3 SILICON PARTNER A SILICON PARTNER B SILICON PARTNER C SILICON PARTNER D 6
7 Security needs to be designed-in However, threat modelling and security analysis is often lacking Analyse Architect Need to avoid the illusion of security by just using components that we think makes a system more secure. Implement 7
8 The integration challenge Thousands of IoT device designs. Integrating components from multiple vendors. Diverse implementations of each component. Each device is a unique integration challenge. Integration work may not be reusable for other devices OEM Platform System on Chip Application RTOS Security firmware Device Management 8
9 The deployment challenge Connected devices require secure communication over insecure links. Cryptography and secret keys are required Software has bugs. Some are vulnerabilities that can be exploited to get secrets. Unpatchable software presumes no exploitable defects Connected devices must be in-field updatable Connected, secure, in-field updatable systems have high software complexity. High risk of remotely exploitable vulnerabilities that can expose the secret keys 9
10 The commercial challenge Designing-in and implementing best practice security is: Difficult + Expensive -> Often not addressed properly Or security features are implemented as a retro-fit 10
11 We need a process and enablers To help companies on tight timescales & budgets to build more secure systems Analyse Threat models and security analyses Architect Firmware & hardware architecture specifications Implement Source code & hardware IP 11
12 Introducing the Platform Security Architecture (PSA) Introducing the Platform Security Architecture
13 Introducing Platform Security Architecture (PSA) A recipe for building more secure systems from analysis to implementation Analyse Threat models and security analyses PSA documents Architect Firmware & hardware architecture specifications Implement Source code Enabling products & contributions 13
14 PSA will consist of three parts Platform Security Architecture Hardware system architecture Inform Threat Models and Security Threat Models and Security Threat Analyses Analyses Models and Security Analyses Trusted device initialization Asses Device Security Model Trusted boot & firmware update Implementation Implementation Implementation Firmware framework Specify Trusted functions 14
15 Security starts with analysis System description 15 Assets Threats Threat: Remote SW attacks Security Objectives Security Objective: Strong Crypto Security Requirements Security Requirement: Hardware based key store English-language Protection Profiles Example Asset: metering data to be protected in integrity & confidentiality Arm will publish representative IoT device Threat Models and Security Analyses. Analyse
16 PSA architecture specifications A growing suite of specification documents Device Security Model (DSM). Overall security architecture for designing and deploying devices within ecosystems Device lifecycle and its implications on roots of trust Root of trust and associated security services Root secrets their storage, protection, and provisioning Hardware system architecture. SoC hardware requirements (TBSA-M) Trusted device initialization. Factory initialization process for firmware and cryptographic Roots of Trust Trusted boot and firmware update. Firmware integrity requirements Firmware Framework (PSA-FF). Secure Processing Environment architecture and API specification Trusted functions APIs for Root of Trust services, e.g. Attestation Data sealing Cryptographic operations Creation of device identity certificates 16
17 Open source code to accelerate adoption Freely available reference implementation Trusted Firmware-M Reference firmware for the architecture specification Initially targeting Armv8-M In development now publically available first quarter
18 Security by separation / isolation PSA protects sensitive assets (keys, credentials and firmware) by separating these from the application firmware and hardware. Non-secure processing environment Secure processing environment PSA defines a Secure Processing Environment (SPE) for this data, the code that manages it and its trusted hardware resources. Application Device management The application firmware runs in the Non-secure Processing Environment (NSPE). RTOS Secure partition manager Secure boot PSA requires a secure boot process so only authentic, trusted firmware runs in the SPE. PSA depends on secure installation of the initial keys and firmware during manufacture. Platform hardware Root of Trust keys 18
19 Standardize interfaces PSA specifies interfaces to decouple components. Enables reuse of components in other device platforms Reduces integration effort Partners can provide alternative implementations. Necessary to address different cost, footprint, regulatory or security needs PSA provides an architectural specification. Hardware, firmware and process requirements and interfaces Non-secure processing environment Application RTOS Secure IPC Platform hardware Secure processing environment Device management Secure partition API Secure partition manager Boot firmware Secure hardware requirements Root of Trust keys 19
20 An example IoT device implementation PSA is agnostic across architecture, RTOS, trusted firmware, etc. OEMs can choose their preferred implementations/ Shown in this example: SoC using Armv8-M (e.g. Cortex-M33) Reference OSS partition manager Arm Mbed components APIs are equally open to other RTOSes. Non-secure processing environment Application Arm mbed OS Secure IPC Arm v8-m based SoC Secure processing environment Arm mbed Client Secure partition API Arm Trusted Firmware v8-m TBSA-v8M Boot firmware Root of Trust keys 20
21 The PSA Firmware Framework (PSA-FF)
22 PSA Firmware Framework (PSA-FF) concepts Non-secure Processing environment Secure processing environment Secure Partition Manager (SPM) Provides the boot, isolation and IPC services to the SPE Partition The unit of execution Secure function Non secure partition Application firmware Secure partition Secure function Secure function Secure partition Secure function Secure function Trusted partition Trusted function Trusted function A set of related APIs invoked through secure IPC Trusted function A Secure Function that provides a Root of Trust service OS libraries OS kernel Secure Partition Manager Secure IPC Secure isolation Secure debug Isolation boundary 22
23 PSA firmware isolation levels Level 2 Separate Root of Trust from Secure Partitions within SPE Level 1 Lower cost hardware only isolate the SPE Level 3 More robustness isolate all partitions from each other 23
24 Secure Partition Programming Model The SPE defines a standard programming model for Secure Partitions. Secure Partitions are declared using a manifest. Partition identity Resource requirements Implemented Secure Functions All Secure Partitions are created when the device boots. Each Secure Partition has a single non re-entrant thread of execution. Secure Partitions use a small runtime API to the SPM. IPC server and client Device access Memory allocation 24
25 Secure IPC IPC design principles Secure by design no shared memory buffers Enable efficient implementation for simple platforms Easy to develop secure services on top Channel-based client/server IPC Partition (client) IPC library Channel handle Secure IPC framework Channel Message Channel handle Secure Partition (server) Secure Function The server is a Secure Function in a Secure Partition The client might be a Secure Partition or a task in the Nonsecure Partition Send message Port Port handle Requests are made on a connected channel and synchronous for the client. Event queue Secure Functions can use the client identity to implement access control. 25
26 PSA In Action TLS Session Setup Example Non-secure partition Secure partition Secure partition Trusted partition Application Key store Data sealing Application network TLS library TLS secure function Crypto operations Network protocol Secure partition manager Secure IPC TLS session setup PSA IPC PSA h/w access Platform hardware Cryptographic acceleration Root of Trust keys 26
27 A reference OSS implementation: Trusted Firmware-M
28 Trusted Firmware-M Open source reference implementation Overview Reference firmware for the architecture specification Initially targeting Armv8-M In development now publically available first quarter 2018 Similar to existing Trusted Firmware project (-A) Details Constrained runtime isolation level 1 implementation Initial target SSE-200 (Arm Musca-A1 testchip board) OS support Mbed OS is the main target in first release RTX is being used for prototyping work and will be released with limited support 28
29 PSA is architecture agnostic but we have prioritised M-profile Specifications available today Hardware requirements (TBSA) Firmware framework (PSA-FF) Platform Security Architecture TBSA v8m In development Device Security Model (DSM) Device initialization Boot and firmware update Trusted Function APIs Device Security Model Trusted device initialization Trusted boot & firmware update Firmware Framework - M Trusted Functions 29
30 Summary Summary
31 Summary PSA is a recipe to consistently design-in the right level of security into connected devices. It consists of three parts: 1. Threat Models and Security Analyses 2. HW & FW architecture specifications 3. A reference OSS implementation (public Q1 2018) First specifications available now (under NDA, public in Q1 2018). More published through-out 2018 Trusted Firmware-M OSS code public in Q PSA: Shifting the economics of security Security.economics << 1; 31
32 Thank You! Danke! Merci! 谢谢! [Additional ありがとう Material]! Gracias! Kiitos! 32
33 The Arm trademarks featured in this presentation are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners Arm Limited
Beyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development
Beyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development Part1 - PSA Tech Seminars 2017 Agenda Platform Security Architecture Architecture overview Trusted Firmware-M IoT Threat
More informationBeyond TrustZone PSA. Rob Coombs Security Director. Part1 - PSA Tech Seminars Arm Limited
Beyond TrustZone PSA Rob Coombs Security Director Part1 - PSA Tech Seminars 2017 Agenda Platform Security Architecture Architecture overview Trusted Firmware-M IoT Threat models & security analyses Summary
More informationBeyond TrustZone Part 1 - PSA
Beyond TrustZone Part 1 - PSA Rob Coombs Security Director, Arm Arm Tech Symposia 2017, Hsinchu Agenda Platform Security Architecture Architecture overview Trusted Firmware-M IoT Threat models & security
More informationBeyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop
Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop Part2 Security Enclaves Tech Seminars 2017 Agenda New security technology for IoT Security Enclaves CryptoIsland
More informationA Developer's Guide to Security on Cortex-M based MCUs
A Developer's Guide to Security on Cortex-M based MCUs 2018 Arm Limited Nazir S Arm Tech Symposia India Agenda Why do we need security? Types of attacks and security assessments Introduction to TrustZone
More informationImplementing debug. and trace access. through functional I/O. Alvin Yang Staff FAE. Arm Tech Symposia Arm Limited
Implementing debug and trace access through functional I/O Alvin Yang Staff FAE Arm Tech Symposia 2017 Agenda Debug and trace access limitations A new approach Protocol based Bare metal vs mission mode
More informationAccelerating intelligence at the edge for embedded and IoT applications
Accelerating intelligence at the edge for embedded and IoT applications Arm Tech Symposia 2017 Agenda The emergence of intelligence at the edge Requirements for intelligent edge computing IP and technologies
More information2017 Arm Limited. How to design an IoT SoC and get Arm CPU IP for no upfront license fee
2017 Arm Limited How to design an IoT SoC and get Arm CPU IP for no upfront license fee An enhanced Arm DesignStart Building on a strong foundation Successfully used by 1000s of designers, researchers
More informationCompute solutions for mass deployment of autonomy
Compute solutions for mass deployment of autonomy Rod Watt Director of Vehicle Architecture and System Analysis Introduction 2 From inception to now 1990 Joint venture between Acorn Computers and Apple.
More informationThe Changing Face of Edge Compute
The Changing Face of Edge Compute 2018 Arm Limited Alvin Yang Nov 2018 Market trends acceleration of technology deployment 26 years 4 years 100 billion chips shipped 100 billion chips shipped 1 Trillion
More informationWAVE ONE MAINFRAME WAVE THREE INTERNET WAVE FOUR MOBILE & CLOUD WAVE TWO PERSONAL COMPUTING & SOFTWARE Arm Limited
WAVE ONE MAINFRAME WAVE THREE INTERNET WAVE FOUR MOBILE & CLOUD WAVE TWO PERSONAL COMPUTING & SOFTWARE Artificial Intelligence Fifth wave Data-driven computing era IoT Generating data 5G 5G Transporting
More informationBuilding firmware update: The devil is in the details
Building firmware update: The devil is in the details Atsushi Haruta, IoT Services Group, Arm Arm Tech Symposia Japan 2017 Arm Mbed: Secure device management Application Cloud Mbed Cloud Secure, scalable,
More informationSecuring IoT with the ARM mbed ecosystem
Securing IoT with the ARM mbed ecosystem Xiao Sun / Senior Applications Engineer / ARM ARM mbed Connect / Shenzhen, China December 5, 2016 Lots of interest in IoT security Researchers are looking into
More informationA Secure and Connected Intelligent Future. Ian Smythe Senior Director Marketing, Client Business Arm Tech Symposia 2017
A Secure and Connected Intelligent Future 1 2017 Arm Copyright Limited Arm 2017 Ian Smythe Senior Director Marketing, Client Business Arm Tech Symposia 2017 Arm: The Industry s Architecture of Choice 50
More informationHow to protect Automotive systems with ARM Security Architecture
How to protect Automotive systems with ARM Security Architecture Thanks to this app You can manoeuvre The new Forpel Using your smartphone! Too bad it s Not my car Successful products will be attacked
More informationTrustzone Security IP for IoT
Trustzone Security IP for IoT Udi Maor CryptoCell-7xx product manager Systems & Software Group ARM Tech Forum Singapore July 12 th 2017 Why is getting security right for IoT so important? When our everyday
More informationDesigning Security & Trust into Connected Devices
Designing Security & Trust into Connected Devices Eric Wang Sr. Technical Marketing Manager Tech Symposia China 2015 November 2015 Agenda Introduction Security Foundations on ARM Cortex -M Security Foundations
More informationDesigning Security & Trust into Connected Devices
Designing Security & Trust into Connected Devices Eric Wang Senior Technical Marketing Manager Shenzhen / ARM Tech Forum / The Ritz-Carlton June 14, 2016 Agenda Introduction Security Foundations on Cortex-A
More informationARM mbed mbed OS mbed Cloud
ARM mbed mbed OS mbed Cloud MWC Shanghai 2017 Connecting chip to cloud Device software Device services Third-party cloud services IoT device application mbed Cloud Update IoT cloud applications Analytics
More informationARM mbed Towards Secure, Scalable, Efficient IoT of Scale
ARM mbed Towards Secure, Scalable, Efficient IoT of Scale Kirsi Maansaari Product Manager, ARM Copenhagen/Embedded Everywhere 2016 Faster route to secure IoT from chip to cloud Announced at ARM TechCon
More informationArm TrustZone Armv8-M Primer
Arm TrustZone Armv8-M Primer Odin Shen Staff FAE Arm Arm Techcon 2017 Security Security technologies review Application Level Security Designed with security in mind: authentication and encryption Privilege
More informationDesigning Security & Trust into Connected Devices
Designing Security & Trust into Connected Devices Rob Coombs Security Marketing Director TechCon 11/10/15 Agenda Introduction Security Foundations on Cortex-M Security Foundations on Cortex-A Use cases
More informationARM mbed Technical Overview
ARM mbed Technical Overview Jerry Wang, FAE, ISG ARM Tech Forum Taipei July 4 th 2017 ARM mbed: Connecting chip to cloud Device software Device services Third-party cloud services IoT device application
More informationBuilding mbed Together: An Overview of mbed OS and How To Get Involved
Building mbed Together: An Overview of mbed OS and How To Get Involved Hugo Vincent / Product Lead mbed OS, Paul Bakker / Product Strategy, mbed IoT Device Platform mbed Sponsored Session/ ARM Tech Con
More informationResilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security models Xiao Sun Senior Application Engineer ARM Tech Symposia China 2015 November 2015 Evolution from M2M to IoT M2M Silos of Things Standards Security
More informationProvisioning secure Identity for Microcontroller based IoT Devices
Provisioning secure Identity for Microcontroller based IoT Devices Mark Schaeffer, Sr. Product Marketing Manager, Security Solutions Synergy IoT Platform Business Division, Renesas Electronics, Inc. May
More informationA New Security Platform for High Performance Client SoCs
A New Security Platform for High Performance Client SoCs Udi Maor, Sr. Product manager, Client Line of Business October 2018 udi.maor@arm.com Agenda What are Client devices? Arm s approach to Trusted Execution
More informationmbed OS Update Sam Grove Technical Lead, mbed OS June 2017 ARM 2017
mbed OS Update Sam Grove Technical Lead, mbed OS June 2017 ARM mbed: Connecting chip to cloud Device software Device services Third-party cloud services IoT device application mbed Cloud Update IoT cloud
More informationARM TrustZone for ARMv8-M for software engineers
ARM TrustZone for ARMv8-M for software engineers Ashok Bhat Product Manager, HPC and Server tools ARM Tech Symposia India December 7th 2016 The need for security Communication protection Cryptography,
More informationDiversity of. connectivity required for scalable IoT devices. Sam Grove Principal Software Engineer Arm. Arm TechCon 2017.
Diversity of connectivity required for scalable IoT devices Sam Grove Principal Software Engineer Arm Arm TechCon 2017 Introduction Mbed introduction Mbed Cloud Connect Addressing the complexity of reliably
More informationAdvanced IP solutions enabling the autonomous driving revolution
Advanced IP solutions enabling the autonomous driving revolution Chris Turner Director, Emerging Technology & Strategy, Embedded & Automotive Arm Shanghai, Beijing, Shenzhen Arm Tech Symposia 2017 Agenda
More informationUsing Virtual Platforms To Improve Software Verification and Validation Efficiency
Using Virtual Platforms To Improve Software Verification and Validation Efficiency Odin Shen Staff FAE Arm Arm Tech Symposia Taiwan 2017 Software complexity and best practices Software Costs Increasing
More informationArm Mbed Edge. Shiv Ramamurthi Arm. Arm Tech Symposia Arm Limited
Arm Mbed Edge Shiv Ramamurthi Arm Arm Tech Symposia 2017 IoT increasing efficiency, yield, and convenience Commercial buildings Better energy & space utilization Precision farming and connected sites Increased
More informationProtecting your system from the scum of the universe
Protecting your system from the scum of the universe Gilad Ben-Yossef gilad@benyossef.com Twitter: @giladby About me My name is Gilad Ben-Yossef. I work on applied cryptography and security of the upstream
More informationConnecting Securely to the Cloud
Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico
More informationBringing Intelligence to Enterprise Storage Drives
Bringing Intelligence to Enterprise Storage Drives Neil Werdmuller Director Storage Solutions Arm Santa Clara, CA 1 Who am I? 28 years experience in embedded Lead the storage solutions team Work closely
More informationAccelerating IoT with ARM mbed
Accelerating IoT with ARM mbed Zach Shelby VP Marketing Internet of Things Business Unit mbed Connect / Shenzhen, China 15 th Dec 2015 Productivity Security Connectivity Management Efficiency 2 Since TechCon
More informationARM mbed Technical Overview
ARM mbed Technical Overview Byungdoo Choi ARM IoTBU FAE Korea June 2017 ARM 2017 ARM knows the world of connected devices >95% market share >85% market share >90% market share >90% market share smartphone
More information#RSAC #RSAC Thing Thing Thing Thing Thing Thing Edge Edge Gateway Gateway Cut costs Create value Find information in data then act Maintain Things Enrol Authorized Users & Things Authentication
More informationConnect your IoT device: Bluetooth 5, , NB-IoT
Connect your IoT device: Bluetooth 5, 802.15.4, NB-IoT Prithi Ramakrishnan Arm TechTalk 2017 IoT connectivity technologies Multiple standards, different applications Throughput Unlicensed >100Mbps Wi-Fi
More informationArm Mbed Edge. Nick Zhou Senior Technical Account Manager. Arm Tech Symposia Arm Limited
Arm Mbed Edge Nick Zhou Senior Technical Account Manager Arm Tech Symposia 2017 IoT increasing efficiency, yield, and convenience Commercial buildings Better energy & space utilization Precision farming
More informationThe Next Steps in the Evolution of Embedded Processors
The Next Steps in the Evolution of Embedded Processors Terry Kim Staff FAE, ARM Korea ARM Tech Forum Singapore July 12 th 2017 Cortex-M Processors Serving Connected Applications Energy grid Automotive
More informationConfessions of a security hardware driver maintainer
Confessions of a security hardware driver maintainer Gilad Ben-Yossef Principal Software Engineer About me My name is Gilad Ben-Yossef. I work on upstream Linux kernel cryptography and security in genera,l
More informationProtecting your system from the scum of the universe
Protecting your system from the scum of the universe Gilad Ben-Yossef gilad@benyossef.com Twitter: @giladby About me My name is Gilad Ben-Yossef. I work on applied cryptography and security of the upstream
More informationManaging & Accelerating Innovation with Open Source at the Edge
Managing & Accelerating Innovation with Open Source at the Edge Bill Hunt, CTO - Dianomic Welcome! The IIoT Opportunity Resolve Complexity & Fragmentation with FogLAMP Use case: Defense Contractor Aircraft
More informationStrong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing LANCEN LACHANCE VICE PRESIDENT PRODUCT MANAGEMENT GLOBALSIGN WHAT YOU WILL LEARN TODAY 1 2 3 Examining of security risks with smart connected products Implementing
More informationAccelerating IoT with ARM mbed
Accelerating IoT with ARM mbed Dr.Krisztián Flautner General Manager / ARM Internet of Things Business Unit ARM Holdings Ltd mbed Sponsored Session / ARM TechCon 2015 11 th Nov 2015 Productivity Security
More informationUnleash the DSP performance of Arm Cortex processors
Unleash the DSP performance of Arm Cortex processors Arm Tech Symposia 2017 Lionel Belnet Senior Product Manager Agenda Unleash the DSP performance of Cortex processors 1 Introducing Arm Cortex technology
More informationAccelerating IoT with ARM mbed
Accelerating IoT with ARM mbed Paul Bakker Product Strategy, IoT BU ARM Tech Symposia China 2015 November 2015 Productivity Security Connectivity Management Efficiency 2 Since TechCon Last Year 60K 2014
More informationDesign Process. in an embedded system. Kasper Ornstein Mecklenburg SW/HW development engineer Arm Limited
Design Process in an embedded system Kasper Ornstein Mecklenburg SW/HW development engineer Arm in Lund Two offices; one at Ideon and one downtown (old Mistbase) Graphics, video and wireless SW, digital
More informationTRESCCA Trustworthy Embedded Systems for Secure Cloud Computing
TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing IoT Week 2014, 2014 06 17 Ignacio García Wellness Telecom Outline Welcome Motivation Objectives TRESCCA client platform SW framework for
More informationCCIX: a new coherent multichip interconnect for accelerated use cases
: a new coherent multichip interconnect for accelerated use cases Akira Shimizu Senior Manager, Operator relations Arm 2017 Arm Limited Arm 2017 Interconnects for different scale SoC interconnect. Connectivity
More informationConnect Your IoT Device: Bluetooth 5, , NB-IoT
Connect Your IoT Device: Bluetooth 5, 802.15.4, NB-IoT Craig Tou Business Development Manager, Arm Arm Tech Symposia 2017, Taipei IoT Devices - Everything Connects New classes of connectivity for a new
More informationBringing the benefits of Cortex-M processors to FPGA
Bringing the benefits of Cortex-M processors to FPGA Presented By Phillip Burr Senior Product Marketing Manager Simon George Director, Product & Technical Marketing System Software and SoC Solutions Agenda
More informationServerReady and Open Standards Accelerating Delivery
ServerReady and Open Standards Accelerating Delivery Dong Wei Senior Director and Lead Architect, DE Arm #Arm Tech Symposia Copyright 2018 Arm Tech Symposia, All rights reserved. The Cloud to Edge Infrastructure
More informationCortex-A75 and Cortex-A55 DynamIQ processors Powering applications from mobile to autonomous driving
Cortex-A75 and Cortex- DynamIQ processors Powering applications from mobile to autonomous driving Lionel Belnet Sr. Product Manager Arm Arm Tech Symposia 2017 Agenda Market growth and trends DynamIQ technology
More informationBeyond Hardware IP An overview of Arm development solutions
Beyond Hardware IP An overview of Arm development solutions 2018 Arm Limited Arm Technical Symposia 2018 Advanced first design cost (US$ million) IC design complexity and cost aren t slowing down 542.2
More informationPractical real-time operating system security for the masses
Practical real-time operating system security for the masses Milosch Meriac Principal Security Engineer github.com/armmbed/uvisor ARM TechCon 25 th October 2016 Why is microcontroller security so hard?
More informationDelivering High-mix, High-volume Secure Manufacturing in the Distribution Channel
Delivering High-mix, High-volume Secure Manufacturing in the Distribution Channel Steve Pancoast Vice President, Engineering Secure Thingz Inc Rajeev Gulati Vice President and CTO Data IO Corporation 1
More informationAzure Sphere Transformation. Patrick Ward, Principal Solutions Specialist
Azure Sphere Transformation Patrick Ward, Principal Solutions Specialist IoT @_pdubya pward@microsoft.com Microcontrollers (MCUs) LOW-COST, SINGLE CHIP COMPUTERS TMS1100: 300 KHz core, 2KB ROM, 64B RAM,
More informationSecurity and Performance Benefits of Virtualization
Security and Performance Benefits of Virtualization Felix Baum mentor.com/embedded Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions. Linux is the registered
More informationGlobalPlatform Trusted Execution Environment (TEE) for Mobile
GlobalPlatform Trusted Execution Environment (TEE) for Mobile Kevin Gillick Executive Director, GlobalPlatform @GlobalPlatform_ www.linkedin.com/company/globalplatform GlobalPlatform Overview GlobalPlatform
More informationResilient IoT Security: The end of flat security models. Milosch Meriac IoT Security Engineer
Resilient IoT Security: The end of flat security models Milosch Meriac IoT Security Engineer milosch.meriac@arm.com Securing a computer system has traditionally been a battle of wits: the penetrator tries
More informationIntroduction to Standards based approach to Server
Introduction to Standards based approach to Server Winnie Shao Server & Ecosystem Director Arm Copyright 2018 Arm, All rights reserved. Why do we need a standards-based approach? Arm architecture supports
More informationCreating the Complete Trusted Computing Ecosystem:
FEBRUARY 2018 Creating the Complete Trusted Computing Ecosystem: An Overview of the Trusted Software Stack (TSS) 2.0 Trusted Computing Group 3855 SW 153rd Drive Beaverton, OR 97003 Tel (503) 619-0562 Fax
More informationBuilding secure devices on the intelligent edge with Azure Sphere. Paul Foster, Microsoft Dr Hassan Harb, E.On
Building secure devices on the intelligent edge with Azure Sphere Paul Foster, Microsoft Dr Hassan Harb, E.On Microcontrollers (MCUs) low-cost, single chip computers 9 BILLION new MCU devices built and
More informationThe Open Application Platform for Secure Elements.
The Open Application Platform for Secure Elements. Java Card enables secure elements, such as smart cards and other tamper-resistant security chips, to host applications, called applets, which employ Java
More informationWindows 10 IoT Core Azure Connectivity and Security
Windows 10 IoT Core Azure Connectivity and Security Published July 27, 2016 Version 1.0 Table of Contents Introduction... 2 Device identities... 2 Building security into the platform... 3 Security as a
More informationTZMP-1 Software Reference Implementation. Ken Liu 2018-Mar-12
TZMP-1 Software Reference Implementation Ken Liu 2018-Mar-12 2018 Arm Limited Content DRM Applications and Secure Video Path Regular Secure Video Path Design with Trustzone TZMP1 Design Concepts Reference
More informationArm crossplatform. VI-HPS platform October 16, Arm Limited
Arm crossplatform tools VI-HPS platform October 16, 2018 An introduction to Arm Arm is the world's leading semiconductor intellectual property supplier We license to over 350 partners: present in 95% of
More informationDynamIQ Processor Designs Using Cortex-A75 & Cortex-A55 for 5G Networks
DynamIQ Processor Designs Using Cortex-A75 & Cortex-A55 for 5G Networks Jeff Maguire Senior Product Manager Infrastructure IP Product Management Arm 2017 Arm Limited Arm Tech Symposia 2017 Agenda 5G networks
More informationBuild the unified end to end IoT solution on ARM LEADING COLLABORATION IN THE ARM ECOSYSTEM
Build the unified end to end IoT solution on ARM LEADING COLLABORATION IN THE ARM ECOSYSTEM Agenda Linaro Linaro s IoT efforts Demo Business Models Design and sell x86 chips 2016 $59.5Bn Revenue Sells
More informationARM Trusted Firmware Evolution HKG15 February Andrew Thoelke Systems & Software, ARM
ARM Trusted Evolution HKG15 February 2015 Andrew Thoelke Systems & Software, ARM 1 ARM Trusted for 64-bit ARMv8-A A refresher Standardized EL3 Runtime For all 64-bit ARMv8-A systems Reducing porting and
More informationSecurity for Secure IoT: Advanced Architectures for IoT Gateways. Simon Forrest Director of Segment Marketing, Consumer Electronics
Security for Secure IoT: Advanced Architectures for IoT Gateways Simon Forrest Director of Segment Marketing, Consumer Electronics www.imgtec.com Imagination Technologies Company overview A world leader
More informationModern security for microcontrollers
The challenge of scaling IoT Modern security for microcontrollers Gaining user-trust & keeping it Milosch Meriac Principal Security Research Lead milosch.meriac@arm.com About me & my projects Principal
More informationCortex-A75 and Cortex-A55 DynamIQ processors Powering applications from mobile to autonomous driving
Cortex-A75 and Cortex-A55 DynamIQ processors Powering applications from mobile to autonomous driving Stefan Rosinger Director, Product Management Arm Arm TechCon 2017 Agenda Market growth and trends DynamIQ
More informationThe Future of Security is in Open Silicon Linux Security Summit 2018
The Future of Security is in Open Silicon Linux Security Summit 2018 Joel Wittenauer - Embedded Software Architect Rambus Cryptography Research August 28, 2018 Agenda About Rambus Cryptography Research
More informationEDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE PUBLIC
EDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE 6 2018 PUBLIC PUBLIC 2 Key concerns with IoT.. PUBLIC 3 Why Edge Computing? CLOUD Too far away Expensive connectivity
More informationIoT It s All About Security
IoT It s All About Security Colin Walls colin_walls@mentor.com Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions. Linux is the registered trademark of Linus Torvalds
More informationUEFI and the Security Development Lifecycle
presented by UEFI and the Security Development Lifecycle Spring 2018 UEFI Seminar and Plugfest March 26-30, 2018 Presented by Tim Lewis (Insyde Software) Agenda The Threat Is Real The Security Development
More informationLecture 3 MOBILE PLATFORM SECURITY
Lecture 3 MOBILE PLATFORM SECURITY You will be learning: What techniques are used in mobile software platform security? What techniques are used in mobile hardware platform security? Is there a common
More informationSSG Platform Security Division & IOTG Jan Krueger Product Manager IoT Security Solutions
SSG Platform Security Division & IOTG Jan Krueger Product Manager IoT Security Solutions THIS SLIDE MUST BE USED WITH ANY SLIDES REMOVED FROM THIS PRESENTATION Legal Disclaimers Intel technologies features
More information智能互联推动嵌入式系统创新. March 2015
智能互联推动嵌入式系统创新 March 2015 1 ARM is a Semiconductor IP Company IDM Foundry Financial Tools/Technology Silicon Partners Equipment Manufacturer ARM Software Platforms CPU GPU Operators + Developers Networking
More informationNon-Trusted. software. data. hardware. Open Source Secure World Software Trusted Firmware. Trusted. software. data. Update October 2018
data software Non-Trusted Trusted Open Source Secure World Software Trusted Firmware software Update October 2018 data hardware SPONSORED BY: HOSTED BY: Trusted Firmware with Open Governance Membership
More informationSoftware Ecosystem for Arm-based HPC
Software Ecosystem for Arm-based HPC CUG 2018 - Stockholm Florent.Lebeau@arm.com Ecosystem for HPC List of components needed: Linux OS availability Compilers Libraries Job schedulers Debuggers Profilers
More informationARM mbed: Internet of Possible
ARM mbed: Internet of Possible Bill Woo Director ISG Sales El Tower / 2017 Tech Forum June 28, 2017 Introduction Today enterprises are under pressure to unlock the value in the Internet of Things. Our
More informationImprove the container image compatibility on Arm
Improve the container image compatibility on Arm Wei.Chen@arm.com Penny.Zheng@arm.com Edinburgh, UK / Open Source Summit Europe 2018 2018-10-24 Agenda Background Why image compatibility on Arm is an issue
More informationFundamentals of HW-based Security
Fundamentals of HW-based Security Udi Maor CryptoCell-7xx Product Manager Systems and SW Group ARM Tech Forum 2016 - Korea Jun. 28, 2016 What is system security design? Every system design will require
More informationARM instruction sets and CPUs for wide-ranging applications
ARM instruction sets and CPUs for wide-ranging applications Chris Turner Director, CPU technology marketing ARM Tech Forum Taipei July 4 th 2017 ARM computing is everywhere #1 shipping GPU in the world
More informationSecuring IoT applications with Mbed TLS Hannes Tschofenig Arm Limited
Securing IoT applications with Mbed TLS Hannes Tschofenig Agenda Theory Threats Security services Hands-on with Arm Keil MDK Pre-shared secret-based authentication (covered in webinar #1) TLS Protocol
More informationPresentation's title
3 rd April 2017 B03 -In-vehicle technology enabler Presentation's title Dominique Bolignano CEO Prove & Run dominique.bolignano@provenrun.com Introducing myself and Prove & Run Dominique Bolignano, previously
More informationSo you think developing an SoC needs to be complex or expensive? Think again
So you think developing an SoC needs to be complex or expensive? Think again Phil Burr Senior product marketing manager CPU Group NMI - Silicon to Systems: Easy Access ASIC 23 November 2016 Innovation
More informationThe Next Steps in the Evolution of ARM Cortex-M
The Next Steps in the Evolution of ARM Cortex-M Joseph Yiu Senior Embedded Technology Manager CPU Group ARM Tech Symposia China 2015 November 2015 Trust & Device Integrity from Sensor to Server 2 ARM 2015
More informationEasy Incorporation of OPTIGA TPMs to Support Mission-Critical Applications
Infineon Network Use Case Easy Incorporation of OPTIGA TPMs to Support Mission-Critical Applications Providing Infineon customers with an easy path to integrating TPM support into their products and systems
More informationMicrosoft Azure Sphere Overview Martin Grossen, Line Manager Microsoft Embedded / IoT Europe 5. June 2018
Microsoft Azure Sphere Overview Martin Grossen, Line Manager Microsoft Embedded / IoT Europe martin.grossen@avnet.eu 5. June 2018 Prepare for the 2nd wave of Digital Transformation Wave 1: The Microcontroller
More informationDynamIQ Processor Designs Using Cortex-A75 & Cortex- A55 for 5G Networks
DynamIQ Processor Designs Using Cortex-A75 & Cortex- A55 for 5G Networks 2017 Arm Limited David Koenen Sr. Product Manager, Arm Arm Tech Symposia 2017, Taipei Agenda 5G networks Ecosystem software to support
More informationTHE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS
THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS By Bill Graham and Michael Weinstein WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Driven by the convergence of cloud technology, rapidly
More informationENABLING HARDWARE SECURITY FOR THE INTERNET OF THINGS
ENABLING HARDWARE SECURITY FOR THE INTERNET OF THINGS SAFE HARBOR NASDAQ: DAIO The matters that we discuss today will include forwardlooking statements that involve risks factors that could cause Data
More informationBack To The Future: A Radical Insecure Design of KVM on ARM
Back To The Future: A Radical Insecure Design of KVM on ARM Abstract In ARM, there are certain instructions that generate exceptions. Such instructions are typically executed to request a service from
More informationWhy PartnerDirect. Choice, flexibility, simplicity
Why PartnerDirect Choice, flexibility, simplicity What you will learn today Dell s Channel business PartnerDirect program Journey, success, analysts and beyond Performance Experience Action 2 Why PartnerDirect
More information