Prpl Foundation tackles how to secure the Internet of Things at Embedded World 2017

Not for profit and its members showcase innovation and push the limits of embedded computing

Santa Clara, Calif. – 9 March 2017 – At Embedded World in Nuremburg, 14-16 March 2017, prpl Foundation and several of its member companies will address of the security concerns presented by embedded computing systems as they become more intertwined in our lives.

During two separate presentations on March 14 at the show, prpl’s chief security strategist, Cesare Garlati, will outline and demonstrate how a new separation-based approach anchored in hardware can create the trust needed across the IoT from node to cloud. How We Can Fix Embedded Computing Through an Open Source, Silicon-Layer Approach will take place at 9:30-10:00 and the Interactive Session: How a New Hardware-Based Approach Can Fix Critical Areas of Embedded Computing Security will take place at 14:30 – 15:00.

“prpl Foundation is delighted to have such a strong presence this year at Embedded World from not only prpl itself, but its innovative members, from small start-ups to large corporations,” said Art Swift, president of the prpl Foundation. “It’s all about raising awareness about the inherit security issues in the Internet of Things where, in a worst case scenario, these flaws can result in human fatalities. prpl’s proposed new hardware-security model based on open source APIs, interoperable standards and hardware virtualization demonstrates a real life application of these principles to control an embedded device connected to the Internet.”

prpl will be putting into practice its highly acclaimed Securing Critical Areas of Embedded Computing guidance with a ground-breaking demonstration of the prplSecurity™ framework that helps developers, service providers and manufacturers design security for embedded systems from the ground-up. The prplSecurity™ framework is a comprehensive collection of open source APIs providing hardware-level security controls such as secure boot, secure hypervisor, secure inter-vm communications and PUF (Physically Unclonable Functions). Garlati will show the application of the prplSecurity™ framework to a real word scenario: a MIPS 5150 microcontroller (MCU) that controls the movement of a robotic arm connected to the Internet.

“Security is becoming increasingly important to the IoT,” said Rich Hoefle, MCU32 director of marketing at Microchip, the company behind PIC32 microcontrollers. “We are pleased the prpl Foundation security framework has been able to successfully leverage the hardware capabilities of the PIC32MZ platform showcasing that strong security starts at the hardware level.”

“IoT and automotive electronics in particular are placing increasing stringent demands on software and system reliability, safety and security,” said Larry Lapides from Imperas Software. “Embedded World presents an ideal opportunity for end users, vendors and the open source community to come together to collaborate on the critical aspects of embedded computing such as software testing and technology that make up the embedded software ecosystem.”

David Harold, VP Marketing Communications, Imagination Technologies, said: “I expect this year’s Embedded World will be a continuation of the themes of last year; how do we make devices safe and secure; how do we keep pushing capability up while keeping power low; how do we embed ‘smartness’ and then connect that to the cloud? I’m delighted to see that the prpl Foundation and its members are starting to have a broad and credible answer to the fundamental issue of IoT security.”

Other prpl members will be making their mark at the event with their own presentations tackling the advancement of embedded computing systems including:

For a full line up of presentations, including those given by prpl and its Members, please visit: http://www.embedded-world.eu/program.html

To arrange a briefing with Art Swift, president of the prpl Foundation or Cesare Garlati, chief security strategist, or if you’re interested in speaking to any of the companies highlighted above, please contact:

Beth Smith
beth@eskenzipr.com

About prpl Foundation

prpl (pronounced “Purple”), is an open-source, community-driven, collaborative, non-profit foundation targeting and supporting the MIPS architecture – and open to others – with a focus on enabling next-generation datacenter-to-device portable software and virtualised architectures. prpl represents leaders in the technology industry investing in innovation in efficiency, portability and compatibility for the good of a broad community of developers, businesses and consumers. Initial domains targeted by prpl include datacenter, networking & storage, connected consumer and embedded/IoT.

For more information about the prpl Foundation, please visit: https://prpl.works.

prpl Press Contact:
Beth Smith
beth@eskenzipr.com
+44(0)2071832843

Integrate dynamic voltage and frequency scaling into instruction-accurate virtual platforms

New article in Embedded Computing Design: Integrate dynamic voltage and frequency scaling into instruction-accurate virtual platforms.

In embedded systems, extra-functional requirements, such as power consumption, have been increasing in importance. In a cooperative effort between OFFIS and Imperas Software, the Open Virtual Platforms (OVP) technology has been equipped with support to express and execute dynamic voltage and frequency scaling (DVFS) compatible power models. Software on the virtual platform can access the actual power consumption and perform power management through DVFS. The technology has been successfully demonstrated for an ARM-based multi-core platform, running a synthetic bare-metal DVFS test application and Linux power management.

Read the full article at 

fig1

prplwrt Weekly Meeting – February 23, 2017

Interested in getting involved in prplwrt? Everyone is welcome to join our meetings, every Thursday at 9AM PT. Learn more here!


LEDE

OpenWrt/LEDE merger discussion

ADB update

  • Emanuele Bovisio will be leading the prpl participation from ADB now that Matteo is moving on. Sorry to see you go Matteo but welcome Emanuele!

SCAL Milestone Wrapup

  • Felix is looking forward to the feedback and feature suggestions for future milestones
  • Interested parties should provide a prioritized list of features and changes on Basecamp

CIG Update

Low-level API

  • Eric is finalizing language of the Wifi recommendation
  • Imagination’s Ensigma Wifi group is interested in participating
  • Open question: Should we evaluate IEEE 1905.1 as part of the common API efforts?
  • Wojtek suggests we hold off on sending the final recommendation to the chipmakers until he gets back from the RDK meeting and gets a sense of the RDK-B interest in working together on these efforts.

Software Stack Independent API update

  • On the CIG Basecamp, Eric will post a set of features for a SSI Wifi API he’s compiled from participants.
  • Eric sent out a Doodle for next CIG meeting

prpl Feed for OpenWrt/LEDE

Boardfarm

  • Joao from Altran is looking into Boardfarm and interested in putting their in-house tests into Boardfarm

OpenWrt Summit

  • Summit Committee had a meeting on February 22
  • Split out summit responsibilities between all of the participants
  • Location recommendation report will be made to the Summit Committee at the next meeting
  • Next meeting is March 8, 7AM PT

prpl IoT Conference in Berkeley

  • Initial plan was for middle of May (prior to these notes coming out, the event was delayed until at least June)
  • Co-organized by prpl Foundation, IoTSF and Tech in Business club from Business School at Berkeley
  • Will be a chance for us all to meet face to face
  • Chance to highlight all of the work in prpl
  • Sent out survey to get feedback from folks
  • Looking for speakers and sponsors!

Next meeting is March 2, 9AM PT

(Not so) Random Musings from RSA Conference 2017

Cesare Garlati, Chief Security Strategist, prpl Foundation

cesare-garlati-rsa-sf-2017The world’s great and good of the information security industry descended on San Francisco this week for RSA Conference 2017. On the surface, it looked like more of the same this year.  There weren’t a huge amount of new companies exhibiting this year and the traditional vendors all seemed to be consolidating and streamlining their product lines in attempt to demystify buyers.  It even saw the McAfee brand back this year after a noticeable absence in the previous “Intel Security” era.

What was extremely apparent, however, was a return to the future.  By this I mean the return of focus on securing  the endpoint.  From laptops, desktops and mobile phones, BYOD reared its head again under a different guise – Bring Your Own Anything.  The reason for this is likely the shift to the cloud and away from traditional on-premises offerings, where RSA vendors have typically focused in the past.  This trend has meant that as applications, services and virtual workloads move to the cloud and third parties, the corporate data centre is becoming less and less central to IT budgets.  As such, we are now seeing a trend where established vendors are following suit and looking once again the endpoint as a source of revenue, albeit from a slightly different perspective this time.

This difference comes in the form of Internet of Things (IoT) – which, based on the amount of presentations at RSA this year, is clearly of major significance within the industry.  Kaspersky jumped on the bandwagon and announced its platform for IoT and AT&T, IBM, Symantec and others announced an IoT Cybersecurity Alliance.

RSA Conference 2017
RSA Conference 2017

But is IoT just another buzzword? The scepticism comes from the fact that traditionally, RSA has been a datacenter/network security event.  Granted, network perimeters are changing significantly with the advent of things like the cloud and IoT, but I’m still unconvinced that people can define IoT successfully in this context.  It simply isn’t a problem that traditional network security is going to fix, as evidenced in prpl’s extensive research into how to secure the IoT. We know that security IoT has to start at the hardware level, and that traditional RSA conference vendors have little understanding of this space

It was encouraging to see a large presence by the not for profit Cloud Security Alliance that was poised to tackle the IoT issues and the crowd for the CSA seminar exceeded 1,400 – with queues out of the door for attendance.  Its approach, which advocates open standards, is one which prpl aligns itself with and it is heartening to see everyone coming together in an organised manner to undertake the problems associated with IoT security.

Finally, the last significant observation for me at RSA was the emerging role of identity  as it relates to securing corporate data.  There was a lot of innovation happening around the idea of making passwords obsolete and start-up UnifyID even took the RSA Innovation Sandbox contest with its implicit authentication platform that combines machine learning and the array of devices around us to match our bodies, and more specifically the way we move, to our identities.

It’s innovations like these and the group mentality of coming together to face security issues head on that mean RSA will be successful for years to come. It just needs scratching away at the surface to get to the real innovation: end to end security cloud to silicon.

prplwrt Weekly Meeting – February 16, 2017

Check out the meeting recording on YouTube

Attendees: Eric, Bruce, Felix, Joao, Kathy, Luka, Matteo, Paul, Pedro, Wojtek, and a couple more

SCAL API improvements

  • Felix — project scope implemented and now just awaiting comments and feedback on the implementation
  • handling events and add/remove objects API was last implementation to be completed
    • events: not fancy on system integration; goal to keep first milestone simple
    • json plug-in still caches things that it shouldn’t, but is just an example (i.e., not yet polished, but demonstrates API) — a restart will fix
    • contract will be complete end of this month
  • everyone should begin implementation now so that feedback comes in asap
  • Luka’s team — hasn’t taken a look yet but will soon

Continue reading

prpl is Pragmatic for Security

RTC MagazineWithin the prpl Foundation Security Working Group, Imperas is providing solutions for embedded hypervisor/OS developers. Simon Davidmann, Imperas CEO, wrote a guest blog for RTC Magazine, which focusses on embedded computing, including information for both hardware and software developers of embedded systems.

The article is about the security of embedded systems, what the prpl Foundation is doing about it, and what its Virtualization and Security PEG is focused on.

“Most of the public discussion about security presents various aspects of the problems, or a high level view of risks/solutions, or an individual company’s solution to their slice of the problem. The prpl Foundation’s Security Working Group is taking a pragmatic, cross-functional approach to security in embedded devices and systems. What do I mean by pragmatic and cross-functional?…”

Read the full article here.