Prove & Run named a 2017 Gartner Cool Vendor

Prove & Run named a Cool Vendor in Gartner’s “Cool Vendors in IoT Security, 2017”.

Paris, France – June 8th, 2017 – Prove & Run, a leading provider of IoT security solutions, has been named a Cool Vendor in Gartner’s May 2017 research “Cool Vendors in IoT Security, 2017” by Earl Perkins et al., Vendors selected as a Cool Vendor are innovative, impactful and intriguing, according to Gartner.

Prove & Run provides off-the-shelf, secure OS microkernel, secure hypervisor and secure solutions, which are intended to elevate the security of large-scale connected IoT devices against cyber attacks. Prove & Run’s microkernel and hypervisor enable high assurance level to security-critical services that are needed for IoT-security use cases. These include secure boot, firmware over the air updates, securing and filtering communications channels, using and managing keys, remote inspection and maintenance, logging events, intrusion detection/protection and isolation of legacy OS and software stacks.

Prove & Run enables OEMs, chipmakers, device makers and solution providers with scalable and secured solutions for all ARM Cortex-A and Cortex-M- based IoT devices, with cost and skill requirements that fall within value chain constraints.

Prove & Run’s President and Founder, Dominique Bolignano says: “Gartner is one of the most trusted and reputable sources for technology insights which are relied on by companies and organizations all over the world. Our security engineers work hard to bring innovation to the emerging IoT security market. We are honored to be named a Cool Vendor by Gartner. We believe this is an important recognition that fully corroborates our vision and strategy.”

 

About Prove & Run

Prove & Run’s mission is to help its customers resolve the security challenges linked to the large-scale deployment of connected devices and of the Internet of Things by providing cost effective off-the-shelf software solutions that dramatically improve the level of security of connected systems so as to protect them against remote cyber-attacks. Further information can be found at www.provenrun.com.

 

Gartner Disclaimer

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

 

Media Contact
Christophe PAGEZY
moc.n1508299381urnev1508299381orp@y1508299381zegap1508299381.ehpo1508299381tsirh1508299381c1508299381

 

Paris, France – March 14th, 2017 – Prove & Run is the winner of the embedded award 2017 in the Software category with ProvenCore-M for ARM® TrustZone® technology on the ARMv8-M architecture. The award, granted by an independent jury of experts, pays tribute to especially innovative products or development that are unique and future oriented.

ProvenCore-M for ARMv8-M is a new version of ProvenCore-M, Prove & Run’s next generation of formally proven ultra-secure RTOS, providing a secure layer running in the TrustZone root of trust in ARMv8-M processors such as ARM Cortex®-M23 and Cortex-M33.

  • ProvenCore-M for ARMv8-M allows extended versatility and provides certified security features for sensitive security services running on top of it such as secure boot, firmware update, secure storage, etc.
  • The security properties of ProvenCore-M have been formally proven. This allows ProvenCore-M to be as close as possible to “zero-bugs” and highly resistant to attacks.

ProvenCore-M for ARMv8-M enables chipmakers, devices makers and solution developers to rely on a scalable secured-by-design platform for all IoT devices based on Cortex-M chips compatible with the ARMv8-M architecture.

“The recognition granted to us by this award is a tremendous encouragement,” explains Dominique Bolignano, President and Founder of Prove & Run. “With ProvenCore-M for ARMv8-M, protecting IoT devices against remote attacks will become very simple and integration of the security services with the application environment almost transparent. This will remove one of the major security barriers that the IoT market is facing today.”

“Now that TrustZone technology is broadly available across both MCUs and application processors, it is vital that high-assurance security solutions such as ProvenCore-M are accessible for partners to incorporate into their designs,” said Marc Canel, vice president of security systems, ARM. “Prove & Run’s secure technologies are highly respected in the industry and their recognition at the Embedded World conference is well-deserved.”

 

About Prove & Run

Prove & Run’s mission is to help its customers resolve the security challenges linked to the large-scale deployment of connected devices and of the Internet of Things by providing cost effective off-the-shelf software solutions that dramatically improve the level of security of connected systems so as to protect them against remote cyber-attacks. Further information can be found at www.provenrun.com or visit us during the exhibition at Booth 4A-431.

Paris, France – March 13th, 2017 – With the advent of IoT, there are very attractive business models for hackers for exploiting vulnerabilities of connected systems, in particular for those attacks that can be exploited remotely. Protecting those devices becomes critical. Prove & Run, a provider of ultra-secure off-the-shelf software solutions for connected systems, announces a one-step solution to protect connected devices against the most sophisticated remote cyber-attacks.

Prove & Run’s one-step security solution builds on the TrustZone® hardware protection of ARM® Cortex®-A processors, that allows executing security services independently of the main operating system (Rich OS) and its applicative environment. The solution is composed of a Secure boot and Secure Firmware Update manager together with OpenVPN/TLS security services:

  • Firmware boot and update are highly sensitive operations, as a hacker can misuse it to brick or disable the device, unlock restricted features, or load a modified version of the firmware with disabled security and/or safety features. The proposed Firmware manager is designed to make sure that that the firmware stays authentic (PKI signature) and cannot be modified or downgraded by an attacker.
  • OpenVPN tunnel with a remote server (over TCP/IP and/or WiFi) allows enforcing that the connection to the device’s control server can be established even in adverse conditions, in particular to get an important update. This is particularly critical for devices integrated in a cloud-based offer. In the proposed solution the OpenVPN sensitive assets are stored and manipulated in a dedicated restricted TrustZone execution environment, protecting these assets even in case of full compromising of the Rich OS.

The one-step security solution relies on ProvenCore, Prove & Run’s highly secure OS kernel. The security properties of ProvenCore have been formally proven, down to generated code. This allows being as close as possible to “zero-bugs” and therefore highly resistant to attacks.

Prove & Run’s one-step security solution is currently available on NXP® Semiconductor i.MX application processors.

“The growth of connected devices and IoT magnifies the importance of strong security from the component level to the cloud,” said Arnaud Van den Bossche, manager for i.MX automotive products at NXP Germany GmbH. “We have been working closely with Prove & Run so they can leverage the exceptional security features of i.MX processors to further strengthen the resistance of their solution.”

“With our one-step security solution, we want to make security easily accessible to security non-specialists. The solution can be integrated into new or existing devices to add the right protective measures without modifying their functional behavior. After integrating our solution, devices will remain under operational control even if the main operating system becomes corrupted by an attack” concludes Dominique Bolignano, President and Founder of Prove & Run.

This one-step solution will be demonstrated at NXP’s booth (4A-220) during Embedded World 2017 in Nuremberg.

About Prove & Run

Prove & Run’s mission is to help its customers resolve the security challenges linked to the large-scale deployment of connected devices and of the Internet of Things by providing cost effective off-the-shelf software solutions that dramatically improve the level of security of connected systems so as to protect them against remote cyber-attacks. Further information can be found at www.provenrun.com.

 

Geneva, Switzerland and Paris, France – March 8, 2017 – STMicroelectronics (NYSE: STM), a global semiconductor leader serving customers across the spectrum of electronics applications, and Prove & Run, a provider of ultra-secure off-the-shelf software solutions for securing connected systems, announced today that they are demonstrating their joint scalable security platform for IoT (Internet of Things) devices at Embedded World, Nuremberg, March 14-16, 2017.

The platform combines Prove & Run’s ProvenCore-M™ highly secure operating system with the advanced security capabilities of ST’s STM32L4™ microcontrollers (MCU), and its Common Criteria-certified STSAFE™-A100 secure element. The platform covers the full range of IoT security needs, from the most basic to the highest level of security requirements with Common Criteria -certified parts.

The new security platform eases the creation of highly secure IoT products, allowing customers to concentrate on the development of the functional part of their application. Product developers without any special skills in security will benefit from already validated and proven security services, including application isolation, secure boot, secure firmware update, and key-storage resistant to physical attacks.

The platform components include:

  • The STM32L4 MCUs combine ST’s ultra-low-power microcontroller technology with ARM® Cortex®-M4 core, targeting next-generation energy-conscious consumer, industrial, medical, and metering applications. STM32L4 devices achieve up to 100 DMIPS at just 37µA/MHz of active power consumption. In addition to a large set of smart peripherals, advanced and low-power analog circuits, and up to 1 MB of Flash and 320 KB of SRAM, STM32L4 MCUs integrate numerous security mechanisms (MPU, debug life-cycle, execute-only protection) that allow development of highly secure, robust, and reliable embedded solutions.
  • ProvenCore-M, a highly secure RTOS with proven properties for enforcing the isolation of applications and stability of the platform. Conceived as a micro-kernel, it aims at having a minimal impact on integrating existing code as an application, while providing strong security services and enforcing state-of-the-art secure coding recipes. It also includes dedicated secure boot and secure application-update mechanisms that can optionally be integrated with STSAFE-A100 platform integrity services.
  • The STSAFE-A100 Secure Element, a Common Criteria EAL5+ -certified turnkey state-of-the-art security solution for preventing counterfeiting, cloning, and stealing information, and helping to fight against denials of service. The STSAFE-A100 features a secure embedded operating system that provides authentication, secure communication, secure data-management and platform integrity services, such as secure boot and firmware upgrade. It is personalized with keys and secrets at ST facilities.

The ST/Prove & Run platform will be showcased on ST’s booth (Hall 4A/138) at Embedded World 2017 in Nuremberg, March 14-16, in a robotic demo that highlights the solution robustness, its RTOS capabilities, as well as the secure boot and secure application update.

Technical Notes to Editors:

The combination of ProvenCore-M running inside the STM32L4 with the external features of the STSAFE-A100 provides a scalable level of security:

  • The ProvenCore-M RTOS delivers the market-unique level of security by enforcing strict isolation between each application, relying on the STM32L4 hardware mechanisms. It guarantees proper system behavior, even in case of bugs or attacks, and strict integrity and confidentiality of the assets of each task. It also allows the control of which peripheral can be accessed by each application, thus limiting the attack surface of existing drivers, and ensuring platform stability by detecting a denial of service and unresponsive application that can be relaunched automatically.
  • The STSAFE-A100 completes the STM32L4 and ProvenCore-M platform by providing a tamper-proof device with secure storage and cryptographic coprocessor to execute secure boot, firmware updates, and ProvenCore-M applications, e.g. TLS key storage and negotiations. The high level of resistance to attacks, including physical ones, of the STSAFE-A100 guarantees that the most sensitive secrets of the platform are safe from divulgation or cloning. The protection provided by the STSAFE-A100 against physical attacks, fault injection, and side channel attacks is very effective. By enforcing direct and exclusive control of the STSAFE-A100, ProvenCore-M is capable of enforcing strict usage of its secrets and of preventing any malicious usage by MCU applications, such as when a low-level driver may serve as an entry point for attack due to internal bugs.

About STMicroelectronics

ST is a global semiconductor leader delivering intelligent and energy-efficient products and solutions that power the electronics at the heart of everyday life. ST’s products are found everywhere today, and together with our customers, we are enabling smarter driving and smarter factories, cities and homes, along with the next generation of mobile and Internet of Things devices. By getting more from technology to get more from life, ST stands for life.augmented.

In 2016, the Company’s net revenues were $6.97 billion, serving more than 100,000 customers worldwide. Further information can be found at www.st.com.

About Prove & Run

Prove & Run’s mission is to help its customers resolve the security challenges linked to the large-scale deployment of connected devices and of the Internet of Things by providing cost effective off-the-shelf software solutions that dramatically improve the level of security of connected systems so as to protect them against remote cyber- attacks. Further information can be found at www.provenrun.com.

For more information please contact:

The Internet of Things is bringing forth new security challenges that need to be addressed before deployment reaches a larger scale. In this webinar, Prove & Run and Toradex shows you how you can utilize built-in hardware security features like ARM® TrustZone® and High Assurance Boot in a simpler way. Watch the webinar.

Prove & Run will show how you can add high security features to an otherwise unprotected Linux operating system. We will demonstrate this in the case of adding a secure firewall, secure VPN, and secure firmware update capabilities. We will also briefly explain the security rationale. This involves reducing the scope of the Trusted Computing Base, which can be achieved using a combination of ready-to-use formally proven, secure, and certification COTS. By combining these basic security bricks, one can secure virtually any IoT architecture at a very high level of security with marginal and acceptable costs.

We will further demonstrate solutions on a Colibri i.MX7 System on Module, unitizing ARM TrustZone and the high assurance boot inside NXP®’s i.MX 7 SoC.


Paris, France – March 6th, 2017
– With the advent of the IoT and the growing number of sophisticated cyber-attacks on connected systems, customers need to raise the quality and robustness of their software projects so as to get as close to possible to zero-defects.
To further their existing partnership on tools and services, Prove & Run and TrustInSoft have decided to extend their partnership: TrustInSoft will promote ProvenCore, Prove & Run’s ultra-secure OS, to their customers looking for a platform to run security-critical applications while Prove & Run will promote using TrustInSoft Analyzer for verifying security applications running on top of ProvenCore.

“The security properties of ProvenCore have been formally proven, down to generated code,” explains Fabrice Derepas, TrustInSoft’s CEO. “This creates the best security foundation for highly secure applications.”

“With TrustInSoft Analyzer, the security applications running on top of ProvenCore can be brought to the highest level of confidence in the most cost-effective manner“ concludes Dominique Bolignano, President and Founder of Prove & Run.

 

About Prove & Run

Prove & Run’s mission is to help its customers resolve the security challenges linked to the large-scale deployment of connected devices and of the Internet of Things by providing cost effective off-the-shelf software solutions that dramatically improve the level of security of connected systems so as to protect them against remote cyber-attacks. Further information can be found at www.provenrun.com.

 

About TrustInSoft

TrustInSoft’s mission is to empower its customers to guarantee the quality of critical software assets. Its advanced source code analyzer provides mathematical guarantees and can be used efficiently on existing legacy, proprietary or open source software applications. Further information can be found at trust-in-soft.com.


Thorigné-Fouillard and Paris, France – 28 February 2017, 6:00 PM CET – Kerlink (ALKLK – FR0013156007), a specialist and global leader in network solutions dedicated to the Internet of Things (IoT), and Prove & Run, a leading supplier of cost effective software solutions to secure connected devices and IoT deployments, today announce their partnership to embed ProvenCore solution in LoRaWan™ Wirnet™ Stations.

ProvenCore is an off-the-shelf certifiable and ultra-secure microkernel designed to deal with the security challenges of sensitive software running on distant equipment. Installed on the device microprocessor itself, ProvenCore is formally checked and proven, down to the generated code in order to comply with the key security properties of supported security applications. ProvenCore is being used to safely manage certificates to initiate secure communications through VPNs.

ProvenCore concretely acts as a Trusted Execution Environment (TEE), a kind of safe, that securely isolates applications running on the device not only from each other, but also from the applications running elsewhere on the same device, or even from those interacting with the outer world. This solution drastically reinforces the security architecture of network elements like stations, gateways, routers or connected end-points.

“Security design in the booming IoT market is a key challenge, and sometimes seen as a potential barrier. Applying standard security-by-design solutions for secure boot, secure update and upgrade, or secure isolation of sensitive application and security parameters, is a way to natively protect devices from remote attacks, while at the same time keeping remote devices and application management simple and transparent for the customer”, details Dominique Bolignano, President and Founder of Prove & Run. “Partnering with a leading edge IoT network solution provider like Kerlink was a natural move for Prove & Run”.

“Embedding ProvenCore product deep in our Wirnet™ Stations is for us another step forward to grant our customer a state-of-the art level of integrity and security for their LoRaWan™ network elements”, comments Yannick Delibie, Kerlink CTIO and co-founder. “This certified environment handles software keys for firmware download and upgrade, to ease and secure remote stations maintenance and monitoring. Its certificates management capability also enables the trusted set-up of widespread VPN solutions, like OpenVPN and IPSec, to ensure safe end-to-end communications between our gateways and network server”.

About Kerlink

Kerlink specialises in network solutions for the Internet of Things (IoT). Its mission is to provide its clients—telecom carriers, businesses and public authorities—with network solutions (equipment, software and services) dedicated to the Internet of Things.

About Prove & Run

Further information can be found at www.provenrun.com

About LoRaWAN™

The technology utilized in a LoRaWAN™ network is designed to connect low-cost, battery-operated sensors over long distances in harsh environments that were previously too challenging or cost prohibitive to connect. With its unique penetration capability, a LoRaWAN™ gateway deployed on a building or tower can connect to sensors more than 10 miles away or to water meters deployed underground or in basements. The LoRaWAN™ protocol offers unique and unequalled benefits in terms of bi-directionality, security, mobility and accurate localization that are not addressed by other LPWAN technologies. These benefits will enable the diverse use cases and business models that will enable deployments of large-scale LPWAN IoT networks globally.

embedded_Award_2017_nominee_software_farbig_positiv_RGB

Paris, France – February 7th, 2017 – Prove & Run has been nominated for the embedded award 2017 in the Software category with ProvenCore-M for ARM® TrustZone® technology on the ARMv8-M architecture. The award nominees have been selected by an independent jury of experts. The award pays tribute to especially innovative products or development that are unique and future oriented and will be presented at the embedded world 2017 exhibition to be held 14-16 of March 2017 in Nuremberg, Germany.

ProvenCore-M for ARMv8-M is a new version of ProvenCore-M, Prove & Run’s next generation of formally proven ultra-secure RTOS, providing a secure layer running in the TrustZone root of trust in ARMv8-M processors such as ARM Cortex®-M23 and Cortex-M33.

  • ProvenCore-M for ARMv8-M allows extended versatility and provides certified security features for sensitive security services running on top of it such as secure boot, firmware update, secure storage, etc.
  • The security properties of ProvenCore-M have been formally proven. This allows ProvenCore-M to be as close as possible to “zero-bugs” and highly resistant to attacks.

ProvenCore-M for ARMv8-M enables chipmakers, devices makers and solution developers to rely on a scalable secured-by-design platform for all IoT devices based on Cortex-M chips compatible with the ARMv8-M architecture.

“The recognition granted to us by this nomination is a tremendous encouragement,” explains Dominique Bolignano, President and Founder of Prove & Run. “With ProvenCore-M for ARMv8-M, protecting IoT devices against remote attacks will become very simple and integration of the security services with the application environment almost transparent. This will remove one of the major security barriers that the IoT market is facing today.”

 “Now that TrustZone technology is broadly available across both MCUs and application processors, it is vital that high-assurance security solutions such as ProvenCore-M are accessible for partners to incorporate into their designs,” said Marc Canel, vice president of security systems, ARM. “Prove & Run’s secure technologies are highly respected in the industry and their recognition at the upcoming Embedded World conference is well-deserved.”

 

About Prove & Run

Prove & Run’s mission is to help its customers resolve the security challenges linked to the large-scale deployment of connected devices and of the Internet of Things by providing cost effective off-the-shelf software solutions that dramatically improve the level of security of connected systems so as to protect them against remote cyber-attacks. Further information can be found at www.provenrun.com or visit us during the exhibition at Booth 4A-431.

Download Press Release

Paris, December 8, 2016 – Organized jointly by the National Gendarmerie, CEIS and EuraTechnologies, and co-financed by the Regional Council of Hauts de France, the International Cybersecurity Forum (FIC), helped by a jury of experts, awards the Innovative SME Award every year to a particularly innovative company in the cybersecurity sector. Sponsored by Airbus Defense and Space, the Innovative SME Award will be presented to Prove & Run at the 9th edition of the FIC.

This award distinguishes the innovation brought by ProvenCore, Prove & Run’s next generation of ultra secure OS that must be used to protect connected systems against remote attacks.

ProvenCore’s primary goal is to offer proven protection of security-critical services (boot, authentication, update) almost transparently to the software used on the connected system. The security properties of ProvenCore have been formally proven, down to generated code. This allows being as close as possible to “zero-bugs” and therefore highly resistant to attacks.

With ProvenCore, chip makers, devices makers and solution developers can rely on a scalable secured-by-design platform for all ARM® Cortex®-A and Cortex-M based devices.

“The innovation, energy and agility of innovative start-ups and SMEs in the cyber domain is spectacular,” explains François Lavaste, president of the jury and CEO of Airbus Defense and Space CyberSecurity. “This 2017 edition is particularly rich in innovation. In addition, the quality of the applications is exceptional. All this shows a very positive evolution of the whole ecosystem.”

“Recognition and trust are essential within the cybersecurity industry. The recognition granted to us by the prestigious FIC 2017 jury with this Innovative SME Award is a tremendous encouragement for all the customers who already trust us,” concluded Dominique Bolignano, President and Founder of Prove & Run.

About Prove & Run

Prove & Run aims at providing cost effective off-the-shelf software solution that dramatically improve the level of security of connected systems so as to protect them against remote cyber-attacks.

About the International Cybersecurity Forum (FIC)

The FIC adopts an approach consisting of assessment and exchange with the aim of promoting a European vision of cybersecurity, the continuation of a single digital market and the regulatory proposal on the protection of personal data.

The FIC is the key European cybersecurity event that gathers all players in the digital trust chain. To coordinate this approach, the FIC relies on:

  • The tradeshow, to communicate, increase visibility, recruit, make new contacts & keep in touch with old ones,
  • The forum, to exchange with experts, improve skills and share feedback,
  • The Observatory to continue exchanging during the rest of the year, develop on themes covered and keep the network alive.

The 2017 edition of the FIC is jointly organized by the National Gendarmerie, CEIS and EuraTechnologies, and co-financed by the Regional Council of Hauts-de-France.

As part of the UbiMobility program sponsored by Business France and BpiFrance, Prove & Run has been selected by a judging panel from the US automotive industry with recognized experts representing major automakers, Tier 1 manufacturers, world-renowned universities and tech companies to participate in a 2-week tour in the US. This tour will give Prove & Run the opportunity to meet the major players of the US automotive market, and to kickstart its US automotive business.