BY SIMON DAVIDMANN, IMPERAS SOFTWARE
Most of the public discussion about security presents various aspects of the problems, or a high level view of risks/solutions, or an individual company’s solution to their slice of the problem. The prpl Foundation’s Security Working Group is taking a pragmatic, cross-functional approach to security in embedded devices and systems.
What do I mean by pragmatic and cross-functional? Let’s start by looking at the two primary approaches to security in systems. The first is a layer by layer approach, where the working assumption is that if each layer of the system is secure, then the system will be secure. The second approach is to take a “world view” of security, and try to solve the complete system security problem. With the first approach, it is unclear that the layer security assumption is correct, and even if it were correct, this would be expensive (in dollars, power, performance) to deploy on billions of IoT devices. With the second approach, it is impossible to start from a world view and arrive in a reasonable time at a set of security practices that can be implemented.
With this in mind, the Security Working Group has brought together companies and individuals with expertise in various aspects of embedded systems and security to document current best practices and derive a set of recommended new security practices for embedded systems. This cross-functional group includes representatives from processor IP vendors, embedded hypervisor/OS developers, secure application developers, semiconductor vendors, software/systems tool vendors, systems companies and security experts. Each brings their own experience and expertise to the group, hopefully enabling whole-is-greater-than-the-sum-of-the-parts results.
Imperas is a developer of software debug, analysis and verification tools based on virtual platform technology. Virtual platforms in general bring a number of advantages to work in this area, including the ability to develop software and systems before the hardware is available, and controllability, observability and repeatability of simulations including both hardware and software.
Imperas specifically brings to this party the largest library of processor core models from our Open Virtual Platforms (OVP) initiative, and a simulation infrastructure that enables non-intrusive tools to be built with low overhead. Also, we bring to the group our experience working with nearly 20 different hypervisor, OS and secure application developers, and our understanding of the tools and analytical capabilities they need. Our contribution will be to enable the prototyping and testing of new hardware, software and system approaches to embedded security, and to provide demo platforms to both group members and the larger embedded community.
Here are three examples of areas where Imperas expects to contribute to, and collaborate with, the group:
1) Porting of security practices to a variety of processor cores and devices. While Imagination Technologies is a member of the Security Working Group, and initial work will focus on their MIPS cores, the Imperas OVP Fast Processor Model library includes over 150 models of different processor cores. Virtual platforms will be used to port and bring up a secure software stack on new virtual hardware, and demonstrate that the recommendations resulting from the group’s efforts apply broadly to embedded systems.
2) Development of tools to test the software stack and the security of systems. These tools could provide insight and optimization for hypervisors or secure applications taking advantage of the new hardware virtualization instruction extensions in MIPS and other cores. Or the development of assertions in the virtual platform simulation environment to test that guest operating systems and applications running on hypervisors stay strictly in their assigned “containers.” Or the development of specific fault injection tools to test system recovery from a security breach. Or …
3) Development of Extendable Platform Kits (EPKs) as demonstration and test vehicles for security best practices. EPKs are virtual platforms, including processor models plus peripheral models necessary to boot an operating system or run bare metal applications. The platform and peripheral models included in the EPKs are open source, so that users can easily add new models to the platform as well as modify the existing peripheral models. The example software stack also included. A block diagram of a MIPS-Linux EPK is shown in Figure 1.
At Imperas, we’re excited about the practical approach to security being taken by the prpl Foundation’s Security Working Group, and look forward to contributing our own unique skills and technology to the team.