PSA: Next steps toward a common industry framework for secure IoT
By Paul Williamson, VP and GM, IoT Device IP, Arm
February 22, 2018 -- There is no denying that security is the most critical issue facing the IoT industry. However, today there is a confusing array of security claims from a myriad of suppliers, making it hard to know how to implement security successfully. In October 2017, Arm announced the vision of Platform Security Architecture (PSA) - a common framework to allow everyone in the IoT ecosystem to move forward with stronger, scalable security and greater confidence.
PSA aims to provide a holistic set of security guidelines for IoT security to enable everyone in the value chain, from chip manufacturers to device developers, to implement security successfully. When we launched PSA, we provided an overview of what it would aim to deliver to the industry, and we’ve been working hard to progress with that vision.
Threat Models: Establishing the “right” level of security
There are three key stages to the Platform Security Architecture: Analysis, Architecture and Implementation. Today’s announcement supports the first stage of the PSA journey, with the release of the first set of Threat Models and Security Analyses (TMSA) documentation. PSA advises that security implementation should always start with analysis, which considers the assets that need protecting and the threats that are considered in scope. Developers and manufacturers should start their security journey by creating their own TMSA or using existing relevant examples.
By publishing new TMSA examples for some of the most popular IoT devices (a smart water meter, a web camera and an asset tracking device), Arm is delivering a starting point and robust guidelines for those looking to define the security requirements of their IoT product.
We would like the industry to build on these examples and carry out similar security analyses for their next commercial IoT products.
Trusted Firmware-M: Making security more accessible
Arm wants to make security simpler and more cost effective, by making high quality reference code and documents accessible – as security becomes more complex, all developers need access to these resources. To this end, we are releasing the first open source reference implementation firmware that conforms to the PSA specification, Trusted Firmware-M, which is on target for delivery at the end of March 2018.
Arm will continue to have a team of software developers contributing to this project, delivering a Secure Processing Environment (SPE) suitable for connected microcontrollers. Over time we will add new security functions that are easy for non-expert security developers to use, enabling high quality, secure devices. Arm has a successful track record with open source security software, including solutions such as Arm Trusted Firmware for Cortex-A application processors and Mbed TLS (a popular industry solution connecting IoT devices to cloud based services).
What’s next for PSA?
A battle is raging to keep systems secure, as we race to realize the immense value data can bring, as recently outlined in the Arm Security Manifesto. Our eyes remain firmly on the prize, securing the next trillion connected devices. The journey for PSA doesn’t end with the release of the TMSA documentation and Trusted Firmware-M, in fact there is much more to come.
#1 - Trusted Base System Architecture-M (TBSA-M)
To help deliver this scalability, Arm is working hard to deliver the first PSA architectural document, the Trusted Base System Architecture-M (TBSA-M). This document, currently in active review with key partners, provides guidance on hardware security features for silicon designers. It will incorporate multiple templates for commonly used implementations and will propose a checklist of security features.
#2 - PSA Compliance & Certification Program
We’re working to define how we build a developer ecosystem around PSA. We want PSA compliant systems to come with a small set of easy-to-use, high-level security APIs that software developers and OEMs can depend on. We’re helping partners to establish the quality and robustness of their implementations, and prove these features to their respective value chains. We’re working to define a Compliance & Certification Program –which will a big step towards making security easier for developers and OEMs. We will be releasing new details on this in the future.
For more information on PSA, please go our resources.
Visit us at Embedded World and Mobile World Congress 2018
Arm security experts will be available at Embedded World and Mobile World Congress. Visit us at:
Embedded World, Nuremberg: Stand 4 – 10 in Hall 4
Mobile World Congress, Barcelona: Hall 6, stand 6E30
About Arm
Arm technology is at the heart of a computing and connectivity revolution that is transforming the way people live and businesses operate. Our advanced, energy-efficient processor designs are enabling the intelligence in more than 100 billion silicon chips and securely powering products from the sensor to the smartphone to the supercomputer. With more than 1,000 technology partners, including the world's largest consumer brands, we are driving Arm innovation into all areas compute is happening inside the chip, the network and the cloud.
|
Arm Ltd Hot IP
Related News
- It's Here: A Common Industry Framework for Protecting a Trillion Connected Devices
- SEALSQ Introduces QS7001, a Newly Developed Cutting-Edge RISC-V Secure Hardware Platform, Specifically Designed for IoT security in the Post-Quantum Era
- Interview: Arm's SystemReady 2.0 to Secure IoT Devices
- Arm delivers integrated SIM identity to secure next wave of cellular IoT devices
- CENTRI Announces Immediate Availability of IoT Advanced Security for the Arm Mbed IoT Device Platform
Breaking News
- Jolt Capital buys and invests in Dolphin Design's carved-out mixed-signal IP activities
- Tenstorrent Expands Deployment of Arteris' Network-on-Chip IP to Next-Generation of Chiplet-Based AI Solutions
- Siemens' Tessent In-System Test software enables advanced, deterministic testing throughout the silicon lifecycle
- EnSilica plc - Audited Full Year Results for the Year Ended 31 May 2024
- Logic Design Solutions launches Gen4 NVMe host IP
Most Popular
- Arm's power play will backfire
- Siemens strengthens leadership in industrial software and AI with acquisition of Altair Engineering
- Sondrel announces CEO transition to lead next phase of growth
- M31 is partnering with Taiwan Cooperative Bank to launch an Employee Stock Ownership Trust to strengthen talent retention
- ULYSS1, Microcontroller (MCU) for Automotive market, designed by Cortus is available
E-mail This Article | Printer-Friendly Page |