PROVENCORE SECURE OS ACHIEVES EAL7 COMMON CRITERIA CERTIFICATION

Paris, France – September 13th, 2019 – Prove & Run, a leader in embedded security, announces that its flagship product, ProvenCore for ARM™ Cortex-A, has recently obtained a Common Criteria (CC) EAL7 certification. This is a world premiere as there is no other OS or Trusted Execution Environment (TEE) at that level of security. As a comparison, the next most secure TEE on the mobile security market – for the very few that have been certified – only reached the EAL2+ level. 

ProvenCore is a formally proven secure OS for ARM Cortex-A, ARM Cortex-M and RISC-V processors. It is also a next-generation ultra-secure TEE. Receiving a CC EAL7 certification for ProvenCore showcases the unique security expertise of Prove & Run’s team for delivering highly secure software components such as OSs and hypervisors. EAL7 is the highest level defined by the Common Criteria certification scheme and offers an extremely important increase in security assurance compared to EAL2+. Providing such a high level is a must when willing to withstand remote cyberattacks for devices whose massive compromise would lead to high losses.

It is also a key milestone for being able to develop secure-by-design connected devices in many IoT sectors (automotive, railways, aeronautics, energy, industrial, medical, etc.) in a cost-effective way:

  • Even when using other security technologies such as Secure Elements or hypervisors, an OS is still required to execute the sensitive security services on complex hardware such as microcontrollers or microprocessors, and this OS has to be secure because it is part of a device’s Trusted Computing Base. 
  • ProvenCore is the very first OS or kernel to be formally proven for its complete Trusted Computing Base. Formally proving the complete Trusted Computing Base is essential to avoiding situations in which hackers will exploit weaknesses in the part of the Trusted Computing Base that has not been formally proven, and that can still be complex and error prone such as the Process Management for example. 
  • ProvenCore offers a high abstraction level (POSIX-like) to developers of security services. With ProvenCore, the development of security services becomes simpler and cheaper, leading to more security at a lower cost.
  • ProvenCore is formally proven and can therefore claim superior code quality (as close as possible to zero-defects) leaving almost no attack surface to hackers. Use of formal proofs also promotes a much easier maintainability of the ProvenCore code base, a critical factor for a software component as complex as an OS, and consequently a much-reduced Total Cost of Ownership (TCO).  
  • For industries that are subject to certification – or that may be subject to certification in the coming years – ProvenCore brings certainty that certification will be achieved painlessly, whatever the requirement level, for the lowest possible cost.

Dominique Bolignano, President and Founder of Prove & Run: “ProvenCore is the first OS/TEE to be formally proven down to the generated code. The proof also covers all of the essential parts of the OS/TEE as ProvenCore’s Trusted Computing Base is also proven. Those are two world premieres and we are extremely proud to have achieved this outstanding milestone. With ProvenCore, Prove & Run brings to the market a solution that provides a distinctively higher security level and a lower cost of security than any existing solutions for connected and mobile devices.”

PROVE & RUN

Prove & Run’s mission is to help its customers resolve the security challenges linked to the large-scale deployment of connected devices and of the Internet of Things by providing cost effective off-the-shelf software solutions that dramatically improve the level of security of connected systems so as to protect them against remote cyber-attacks. Further information can be found at www.provenrun.com.

Media Contact
Christophe Pagezy, Co-CEO
moc.n1571874882urnev1571874882orp@y1571874882zegap1571874882.ehpo1571874882tsirh1571874882c1571874882
+33 1 75 77 55 51

Paris, France – May 24th, 2019 – Prove & Run has joined Eurosmart, an industry association that gathers technological experts in the field of digital security.

With more than 25 years of experience, Eurosmart’s roles are to:

  • Provide market analysis and market forecasts related to the area of digital security and analyse the critical technologies enabling EU’s digital sovereignty.
  • Advocate for an increase in the security level of digital interactions in Europe and worldwide, as well as promote “security by design” and “security by default” principles towards policy makers.
  • Provide its expertise and contributes to several fora, consortia, and European and international standardisation organisations, such as EU expert groups and European Public-Private partnerships.

For more information please refer to this press release.

Paris, France – May 14th, 2019 – Prove & Run has been selected as a security technology partner of the EPI project. 

Prove & Run joins as a partner the European Processor Initiative (EPI), a major European initiative whose objective is to design a new family of low-power processors for extreme scale computing, high-performance Big-Data and a range of emerging applications. The EPI project gathers 26 participants and is financed by the European Union under the Horizon 2020 programme.

Dr. Dominique Bolignano (CEO) has also assumed the role of the Global Security Technical Leader for the EPI project.

Further details about the EPI project can be found in this web site

Paris, France – February 25, 2019 – Prove & Run, a leader in embedded security, announces a strategic partnership with Kalray (Euronext Growth Paris: ALKAL), a pioneer in processors for intelligent systems, to bring more security on Kalray’s manycores MPPA™ architectures. This partnership aims to meet the growing security needs of so-called “CPS” (Cyber ​​Physical Systems), e.g. platforms that are in direct interaction with the physical world. As part of this partnership, Prove & Run brings to Kalray a recognized expertise in security architectures and will offer its secure firmware solutions and certified OS to Kalray’s MPPA™ customers for high-end security services.

The rise of artificial intelligence is about to revolutionize markets. Tomorrow’s autonomous cars, future aircraft engines or robots share the same need: access to new CPS platforms to process, via increasingly sophisticated algorithms, an increasing amount of data and functions. These processes must be performed while ensuring that the strict safety and security requirements shared by these different industries are met.

As CPSs become more self-reliant and accountable, the security risks they face or create increase at the same pace. In addition, CPSs must also face a global increase in risks related to the emergence of increasingly sophisticated and especially well funded hackers. CPS designers must address this issue by ensuring that security is integrated into the design of a CPS from the beginning, down to the lowest levels of hardware and software. Merely protecting the perimeter of a CPS, using a firewall for example, is no longer sufficient. This issue is amplified by the constant increase in the level of connectivity available to CPSs with a variety of communication mechanisms both local (WiFi, Bluetooth, V2X, etc.) and remote (LTE, LPWAN, satellite, etc.).

Today’s avionic and automotive platforms do not use the security features as applied, for example, in the computer industry or in the banking sector. According to Frost & Sullivan:

  • “With 85% of vehicles expected to be connected to the Internet by 2020 and more than 50 vulnerabilities per vehicle, cybercrime will pose a real threat to the industry.” Thus, if OEMs are unaware of the cybersecurity aspect, they will compromise their users, risking the value of their brand and will have to answer to their financial and moral obligations.
  • With the digital revolution, modern vehicles are equipped with a high-tech architecture and communication systems that require computer security. “Vehicles today operate millions of lines of code. With an estimate of one security weakness per 1,000 lines of code, this could mean a high risk of being hacked. “

Eric Baissus, Chairman of Kalray’s Management Board: “We are very pleased to partner with Prove & Run to provide our customers with the smart solutions of tomorrow with a very high level of security. Prove & Run’s expertise in security architectures, their secure OS and firmware solutions will enable our MPPA™ intelligent processors to meet the growing needs for high security services. “

Dominique Bolignano, President and Founder of Prove & Run:Prove & Run is pleased to be involved in the development of Kalray and to participate in the success of the MPPA™ platform. This partnership will enable us to combine at best our mutual expertise, share our understanding of the needs of the CPS market and deliver security solutions to meet the most critical security issues.”

ABOUT PROVE & RUN

Prove & Run’s mission is to help its customers resolve the security challenges linked to the large-scale deployment of connected devices and of the Internet of Things by providing cost effective off-the-shelf software solutions that dramatically improve the level of security of connected systems so as to protect them against remote cyber-attacks. Further information can be found at www.provenrun.com.

February 25, 2019 – To support the widespread deployment of secure IoT solutions based on the Platform Security Architecture (PSA) framework, ARM and lead test laboratories have unveiled PSA Certified, an independent security certification scheme for IoT devices. Prove & Run is proud to be part of this initiative and to have played a critical role collecting critical input from other lead partners and the wider ecosystem, and contributing to writing the security scheme documents that will be released as part of the program. Further details can be found in the press release.

Paris, France – February 6th, 2019 – Prove & Run has been selected as the security technology partner of the Kalray’s ES3CAP project.

The main objective of the ES3CAP project is to build around Kalray’s MPPA® (“Massively Parallel Processor Array”) hardware platform an environment for critical applications that require high-performance and highly-secure computing capacity. The project is led by Kalray, with the support of leading automotive, aerospace and defense manufacturers, including Renault-Nissan-Mitsubishi, MBDA and Safran. Prove & Run will contribute in the project with its unique expertise in security architecture, secure OS and development of highly security services. Further details about the ES3CAP project can be found in this press release.

Prove & Run will be exhibiting at embedded world 2019 in Nuremberg, from the 26th to the 28th of February. Come and meet us at our stand: Hall 4A Stand 102!

If you want to schedule a meeting ahead of time, please send us an email at .moc.1571874882nurne1571874882vorp@1571874882tcatn1571874882oc1571874882

Prove & Run will be exhibiting at CES 2019, January 8-11th 2019, Las Vegas, as part of the “Business France Automotive Pavilion”. Come and meet us at our stand: Las Vegas Convention Center, Stand CP-4!

If you want to schedule a meeting ahead of time, please send us an email at .moc.1571874882nurne1571874882vorp@1571874882tcatn1571874882oc1571874882

Prove & Run will be exhibiting at FIC 2019, January 22-23 2019, Lille, France. Come and meet us at the HEXATRUST stand at Lille Grand Palais.

If you want to schedule a meeting ahead of time, please send us an email at moc.n1571874882urnev1571874882orp@t1571874882catno1571874882c1571874882.

16th of October 2018 – At ARMTechCon in San Jose, California, Prove & Run demonstrated how ProvenCore-M, its secure RTOS, can leverage the TrustZone hardware security features of the STM32L5, STMicroelectronics’ new Ultra-Low-Power MCU series, to help protect power-conscious connected devices from remote cyberattacks.

More details about the STM32L5 series are available in the full press release.