prpl is Pragmatic for Security

RTC MagazineWithin the prpl Foundation Security Working Group, Imperas is providing solutions for embedded hypervisor/OS developers. Simon Davidmann, Imperas CEO, wrote a guest blog for RTC Magazine, which focusses on embedded computing, including information for both hardware and software developers of embedded systems.

The article is about the security of embedded systems, what the prpl Foundation is doing about it, and what its Virtualization and Security PEG is focused on.

“Most of the public discussion about security presents various aspects of the problems, or a high level view of risks/solutions, or an individual company’s solution to their slice of the problem. The prpl Foundation’s Security Working Group is taking a pragmatic, cross-functional approach to security in embedded devices and systems. What do I mean by pragmatic and cross-functional?…”

Read the full article here.

The Internet of Things: Life-changing tech or a disaster waiting to happen?

Reposting from Tech City News NOV 02, 2016 http://techcitynews.com/2016/11/02/the-internet-of-things-life-changing-tech-or-a-disaster-waiting-to-happen/

By Cesare Garlati, chief security strategist at the prpl Foundation, an organisation working to make the IoT safer, explains how startups can get IoT security right to avoid being subjected to harm.

miraiThe Internet of Things (IoT) is exciting new territory for many startups and innovative companies looking to push boundaries and connect even the smallest devices to attempt to simplify and enhance our lives. But the security of these devices is fundamentally flawed for a number of reasons.

Continue reading

Open source and virtualization provide a powerful combination for wireless routers

By , Imagination Technologies

Back in March 2015, the Federal Communications Commission (FCC) – a government agency tasked with regulating interstate communications in the United States – issued a security document that included a series of provisions related to the use of wireless devices that operate in the U-NII radio bands.

In essence, the FCC wanted the manufacturers of routers and other networking equipment to provide tightly defined access paths to all wireless transmission devices. Unfortunately, the FCC proposal is likely to result in OEMs locking down the whole firmware of their routers and thus preventing consumers from installing the open source operating system or software of their choice (e.g. OpenWrt or DD-WRT.)

Continue reading

How to Stop our Smart Homes from Turning Against Us

Tech Target IoT Agenda, May 31, 2016 – Art Swift, President prpl Foundation

The Internet of Things is transforming our homes into data centers before our very eyes. Yet unlike in the data center, we don’t have IT professionals on call to manage, patch and secure these systems. Already in 2016, there are reports of LG Smart TVs being targeted by scareware.samsung-smartthings-iot-security And just recently, new research has highlighted serious flaws in the Samsung SmartThings platform which could allow remote hackers to unlock doors, trigger false fire alarms and reprogram security settings inside our smart homes. Many home users are unfortunately unprepared to deal with such events. They need to wake up to the fact their innocuous-looking domestic IT could be hijacked by cybercriminals or government spooks, with potentially serious consequences. But industry and regulators also need to take action — to force manufacturers to improve the security of consumer electronics products.

Read the full article at IoT Agenda.

Imperas, OVP and prpl

OVP diagramThe prpl Foundation recently published its first newsletter, as a way of extending communications with the embedded systems community.  Imperas CEO and Open Virtual Platforms™ (OVP™) founder Simon Davidmann wrote an article for the newsletter, titled “prpl Security Group and Imperas Address IoT Security Challenges via Multi-Domain Virtualization.”  That’s quite the long title.  What was Simon saying?

The full article has more detail, but here’s a summary:

The prpl Security PEG is defining a security roadmap to get from today’s software-virtualized solutions to full hardware supported virtualization, enabling multi-domain security across processors, heterogeneous SoCs and systems built on these technologies including connected devices, routers and hubs. As a provider of tools for embedded software development, Imperas’ unique perspective and added value to the collaborative PEG is in the tools for developing, testing and demonstrating the secure software stack.  Imperas is cooperating with the embedded software providers in the PEG to build Extendable Platform Kits™ (EPKs™) to accelerate development of the individual elements of the secure stack, and enable the easy analysis and verification of these elements in isolation as well as integrated into the complete stack.

The first product of this collaboration is an Extendable Platform Kit (EPK) using an Imperas Open Virtual Platforms (OVP) virtual platform based on the OVP model of the MIPS M5150, with SELTECH’s FEXER OX hypervisor and the Toppers (Tron) real time operating system (RTOS) as three individual guest operating systems (see Figure 2).  EPKs are designed to help users accelerate embedded software development, debug and test.  The platform and peripheral models included in the EPKs are open source, so that users can easily add new models to the platform as well as modify the existing peripheral models.

Enjoy reading the article!

prpl Foundation demonstrates security by separation at Mobile World Congress 2016

prpl Foundation demonstrates security by separation for IoT and other connected embedded devices at Mobile World Congress 2016

Hall 6 Stand 6E30 (Imagination Technologies), Barcelona, 22-25 February 2016

London, UK – 18 February 2016 – The prpl Foundation is demonstrating how an open, hardware based approach provides an ideal foundation for securing Internet of Things (IoT) and other connected embedded devices. After detailing the concept in its recently released Security Guidance for Critical Areas of Embedded Computing, prpl is showing a groundbreaking proof-of-concept demonstration on the MIPS-based Baikal-T1 SoC at Mobile World Congress in Barcelona.

Continue reading

Your boss yells ‘build a secure IoT gadget’ and you don’t know where to start. Take a look at this

Tech foundation publishes gentle guide

A 101 introduction to designing secure Internet-of-Things devices and similar systems has been published today by the MIPS-cheerleading Prpl Foundation.

The illustrated guidebook is not tied to the aforementioned processor architecture: it can be understood by anyone dabbling in ARM, x86 and MIPS-based embedded engineering.

It’s aimed at people designing internet-connected gadgets and gizmos who want to make sure malicious code doesn’t end up compromising devices. If you’re an engineering sage, this 55-page document isn’t going to flip your control register bits, but if you’re new to this space, it will give you a good steer.

Continue reading