With the advent the Internet of Things (IoT), the security of connected devices has become a major issue: most devices perform valuable, sensitive operations and must be able to resist to targeted and relentless attacks by resourceful individuals and organizations.
Many believe that security boils down to properly using a few basic ingredients: cryptographic protocols (such as signature and encryption), secure elements, etc. However this is just a small part of the whole security story. Technologies and know-how to resist logical attacks have actually become the weak link for the security of new IoT architectures and connected devices. Hackers typically exploit logical errors to break into systems: low-level implementation bugs, protocol or specification flaws, design, configuration or initialization errors, violations of organizational security policy, etc.
Resistance to logical attacks becomes even more critical when it comes to operating systems. Public databases provide statistics on public bugs or vulnerabilities on all kinds of software. These databases clearly show that existing OSs and kernels are prone to a great number of errors and weaknesses, no matter who writes them, and no matter how long they have been in the field. For example, new errors are still being reported in the thousands every year on “well-known” systems such as Linux.
For security, the issue boils down to being able to produce and demonstrate that the OSs and kernels that are part of the Trusted Computing Base (TCB) are as close as possible to “zero-bug”, i.e., free from errors, either in their design or implementation, that could be potentially exploited for logical attacks.
At Prove & Run, we believe the challenge of IoT security and resistance against logical attacks in particular can be addressed using a focused combination of principles:
- Use a state-of-the-art security methodology that will in particular clearly set out a complete “security rationale” for the targeted system.
- Design security in your system and apply standard Security-by-Design techniques (secure boot, secure isolation for sensitive application, security perimeters, security in-depth, etc)
- To the extent that the OS and the kernel are to be trusted and included in the TCB, they need to resist hackers who will try to exploit bugs and weaknesses, i.e. errors in the security rationale. These software parts need in particular to be as close as possible to “zero-bug” with proven and auditable compliance with security properties.
In line with this vision, Prove & Run aims at serving a range of industries using a two-pronged approach:
- Our off-the-shelf products, formally proven and ready to use and certify, can be used alone or in combination to secure virtually any IoT architecture at the highest level of security while keeping the cost and time-to-market compatible with your industrial constraints.
- Our services are available to help you secure your new or existing IoT architectures, or to develop secure custom firmwares, OS kernels, TEEs and hypervisors.