Prove & Run Supports ARM Cortex-M Soft Processor IPs Certification

April 17, 2020 – Arm has announced that it has successfully certified their Cortex-M33 and Cortex-M35P soft processor IPs and their security features to EAL6+ for the Common Criteria standard. This certification of Cortex-M soft processor IPs is an important step towards enabling the industry to develop cost-effective security solutions that can be trusted. Semiconductor companies now have a clear path towards achieving high-assurance certification of their SoC design.

Prove & Run brings another building block of the complete solution: ProvenCore, its secure operating system that has already received a Common Criteria EAL7 certification for devices based on Cortex-A processors and is also available for Cortex-M processors. 

Further details can be found in this blog post.

Prove & Run is hiring several Research & Development Engineers to develop highly secure embedded software solutions.

Mission

As a Research & Development Engineer, you will join a world-leading team in charge of developing highly secure embedded software solutions that leverage our core security products, e.g. our ProvenCore secure OS and our ProvenVisor hypervisor. ProvenCore is the world most secure OS and has received a Common Criteria EAL7 certification which is a world première (EAL7 is the highest level defined by the Common Criteria certification scheme). This showcases the unique security expertise of Prove & Run’s team for delivering highly secure software components such as OSs and hypervisors.

This is offer is for a permanent, full-time position (“CDI”) and is based at one of our R&D centers in Paris or in Sophia Antipolis (near Nice).

Profile

You have either a Master’s Degree in Computer Science or an equivalent degree, as well as at least 3 years of experience in the field of embedded software development. You are fluent in C or Rust and have a working knowledge of ASM, especially in the context of low-level embedded software development such as embedded applications and device drivers on ARM® Cortex-A, Cortex-M or RISC-V architectures.

An interest in one or more of the following topics will be appreciated positively:

  • Operating systems
  • Security architectures
  • Applied cryptography
  • Software assurance and certification

You are rigorous, independent and have good interpersonal skills.

You are fluent enough in English to work in an international setting.

Your salary will depend on your level of experience and how well your skills match the position. Range: 40k€ to 60k€.

Are you interested in joining Prove & Run and becoming a key part of our team? If so, please apply right away!

Paris, France – February 25th, 2020 – Prove & Run has been nominated for the embedded award 2020 in the Safety & Security category for its Common Criteria (CC) certification of ProvenCore for ARM™ Cortex-A. The award nominees have been selected by an international and independent jury of experts. The award pays tribute to especially innovative products or development that are unique and future oriented and will be presented at the embedded world 2020 exhibition to be held 25-27 of February 2020 in Nuremberg, Germany.

 

ProvenCore is a formally proven secure OS for ARM Cortex-A, ARM Cortex-M and RISC-V processors. It is also a next-generation ultra-secure TEE. This certification is a world première as there is no other OS or Trusted Execution Environment (TEE) at that level of security. As a comparison, the next most secure TEE on the mobile security market – for the very few that have been certified – only reached the EAL2+ level. Providing such a high level of security is a must when willing to withstand remote cyberattacks for devices whose massive compromise would lead to high losses, which is typically the case for connected devices in the automotive, railway, aeronautic, energy, industrial and medical sectors, among others.

 

Receiving a CC EAL7 certification for ProvenCore also showcases the unique security expertise of Prove & Run’s team for delivering highly secure software components such as OSs and hypervisors. 

 

“The recognition granted to us by this nomination is a tremendous encouragement” explains Dominique Bolignano, President and Founder of Prove & Run, ProvenCore is the first OS/TEE to be formally proven down to the generated code. The proof also covers all of the essential parts of the OS/TEE as ProvenCore’s Trusted Computing Base is also proven. Those are two world premières and we are extremely proud to have achieved this outstanding milestone. With ProvenCore, Prove & Run brings to the market a solution that provides a distinctively higher security level and a lower cost of security than any existing solutions for connected and mobile devices”.

 

About Prove & Run

Prove & Run’s mission is to help its customers resolve the security challenges linked to the large-scale deployment of connected devices and of the Internet of Things by providing security consulting services and cost-effective off-the-shelf software solutions that dramatically improve the level of security of connected systems so as to protect them against remote cyberattacks. Further information can be found at www.provenrun.com or by visiting us during the exhibition at Booth 4-180.

 

Media Contact
Christophe PAGEZY

Download as PDF

Prove & Run as a security partner of Xilinx has collaborated to the publication of a whitepaper. Read how to best isolate security-critical applications on Xilinx Zynq UltraScale+ devices using Prove & Run’s products.

Paris, France – September 13th, 2019 – Prove & Run, a leader in embedded security, announces that its flagship product, ProvenCore for ARM™ Cortex-A, has recently obtained a Common Criteria (CC) EAL7 certification. This is a world premiere as there is no other OS or Trusted Execution Environment (TEE) at that level of security. As a comparison, the next most secure TEE on the mobile security market – for the very few that have been certified – only reached the EAL2+ level. 

ProvenCore is a formally proven secure OS for ARM Cortex-A, ARM Cortex-M and RISC-V processors. It is also a next-generation ultra-secure TEE. Receiving a CC EAL7 certification for ProvenCore showcases the unique security expertise of Prove & Run’s team for delivering highly secure software components such as OSs and hypervisors. EAL7 is the highest level defined by the Common Criteria certification scheme and offers an extremely important increase in security assurance compared to EAL2+. Providing such a high level is a must when willing to withstand remote cyberattacks for devices whose massive compromise would lead to high losses.

It is also a key milestone for being able to develop secure-by-design connected devices in many IoT sectors (automotive, railways, aeronautics, energy, industrial, medical, etc.) in a cost-effective way:

  • Even when using other security technologies such as Secure Elements or hypervisors, an OS is still required to execute the sensitive security services on complex hardware such as microcontrollers or microprocessors, and this OS has to be secure because it is part of a device’s Trusted Computing Base. 
  • ProvenCore is the very first OS or kernel to be formally proven for its complete Trusted Computing Base. Formally proving the complete Trusted Computing Base is essential to avoiding situations in which hackers will exploit weaknesses in the part of the Trusted Computing Base that has not been formally proven, and that can still be complex and error prone such as the Process Management for example. 
  • ProvenCore offers a high abstraction level (POSIX-like) to developers of security services. With ProvenCore, the development of security services becomes simpler and cheaper, leading to more security at a lower cost.
  • ProvenCore is formally proven and can therefore claim superior code quality (as close as possible to zero-defects) leaving almost no attack surface to hackers. Use of formal proofs also promotes a much easier maintainability of the ProvenCore code base, a critical factor for a software component as complex as an OS, and consequently a much-reduced Total Cost of Ownership (TCO).  
  • For industries that are subject to certification – or that may be subject to certification in the coming years – ProvenCore brings certainty that certification will be achieved painlessly, whatever the requirement level, for the lowest possible cost.

Dominique Bolignano, President and Founder of Prove & Run: “ProvenCore is the first OS/TEE to be formally proven down to the generated code. The proof also covers all of the essential parts of the OS/TEE as ProvenCore’s Trusted Computing Base is also proven. Those are two world premieres and we are extremely proud to have achieved this outstanding milestone. With ProvenCore, Prove & Run brings to the market a solution that provides a distinctively higher security level and a lower cost of security than any existing solutions for connected and mobile devices.”

PROVE & RUN

Prove & Run’s mission is to help its customers resolve the security challenges linked to the large-scale deployment of connected devices and of the Internet of Things by providing cost effective off-the-shelf software solutions that dramatically improve the level of security of connected systems so as to protect them against remote cyber-attacks. Further information can be found at www.provenrun.com.

Media Contact
Christophe Pagezy, Co-CEO

+33 1 75 77 55 51

Paris, France – May 24th, 2019 – Prove & Run has joined Eurosmart, an industry association that gathers technological experts in the field of digital security.

With more than 25 years of experience, Eurosmart’s roles are to:

  • Provide market analysis and market forecasts related to the area of digital security and analyse the critical technologies enabling EU’s digital sovereignty.
  • Advocate for an increase in the security level of digital interactions in Europe and worldwide, as well as promote “security by design” and “security by default” principles towards policy makers.
  • Provide its expertise and contributes to several fora, consortia, and European and international standardisation organisations, such as EU expert groups and European Public-Private partnerships.

For more information please refer to this press release.

Paris, France – May 14th, 2019 – Prove & Run has been selected as a security technology partner of the EPI project. 

Prove & Run joins as a partner the European Processor Initiative (EPI), a major European initiative whose objective is to design a new family of low-power processors for extreme scale computing, high-performance Big-Data and a range of emerging applications. The EPI project gathers 26 participants and is financed by the European Union under the Horizon 2020 programme.

Dr. Dominique Bolignano (CEO) has also assumed the role of the Global Security Technical Leader for the EPI project.

Further details about the EPI project can be found in this web site

Paris, France – February 25, 2019 – Prove & Run, a leader in embedded security, announces a strategic partnership with Kalray (Euronext Growth Paris: ALKAL), a pioneer in processors for intelligent systems, to bring more security on Kalray’s manycores MPPA™ architectures. This partnership aims to meet the growing security needs of so-called “CPS” (Cyber ​​Physical Systems), e.g. platforms that are in direct interaction with the physical world. As part of this partnership, Prove & Run brings to Kalray a recognized expertise in security architectures and will offer its secure firmware solutions and certified OS to Kalray’s MPPA™ customers for high-end security services.

The rise of artificial intelligence is about to revolutionize markets. Tomorrow’s autonomous cars, future aircraft engines or robots share the same need: access to new CPS platforms to process, via increasingly sophisticated algorithms, an increasing amount of data and functions. These processes must be performed while ensuring that the strict safety and security requirements shared by these different industries are met.

As CPSs become more self-reliant and accountable, the security risks they face or create increase at the same pace. In addition, CPSs must also face a global increase in risks related to the emergence of increasingly sophisticated and especially well funded hackers. CPS designers must address this issue by ensuring that security is integrated into the design of a CPS from the beginning, down to the lowest levels of hardware and software. Merely protecting the perimeter of a CPS, using a firewall for example, is no longer sufficient. This issue is amplified by the constant increase in the level of connectivity available to CPSs with a variety of communication mechanisms both local (WiFi, Bluetooth, V2X, etc.) and remote (LTE, LPWAN, satellite, etc.).

Today’s avionic and automotive platforms do not use the security features as applied, for example, in the computer industry or in the banking sector. According to Frost & Sullivan:

  • “With 85% of vehicles expected to be connected to the Internet by 2020 and more than 50 vulnerabilities per vehicle, cybercrime will pose a real threat to the industry.” Thus, if OEMs are unaware of the cybersecurity aspect, they will compromise their users, risking the value of their brand and will have to answer to their financial and moral obligations.
  • With the digital revolution, modern vehicles are equipped with a high-tech architecture and communication systems that require computer security. “Vehicles today operate millions of lines of code. With an estimate of one security weakness per 1,000 lines of code, this could mean a high risk of being hacked. “

Eric Baissus, Chairman of Kalray’s Management Board: “We are very pleased to partner with Prove & Run to provide our customers with the smart solutions of tomorrow with a very high level of security. Prove & Run’s expertise in security architectures, their secure OS and firmware solutions will enable our MPPA™ intelligent processors to meet the growing needs for high security services. “

Dominique Bolignano, President and Founder of Prove & Run:Prove & Run is pleased to be involved in the development of Kalray and to participate in the success of the MPPA™ platform. This partnership will enable us to combine at best our mutual expertise, share our understanding of the needs of the CPS market and deliver security solutions to meet the most critical security issues.”

ABOUT PROVE & RUN

Prove & Run’s mission is to help its customers resolve the security challenges linked to the large-scale deployment of connected devices and of the Internet of Things by providing cost effective off-the-shelf software solutions that dramatically improve the level of security of connected systems so as to protect them against remote cyber-attacks. Further information can be found at www.provenrun.com.

February 25, 2019 – To support the widespread deployment of secure IoT solutions based on the Platform Security Architecture (PSA) framework, ARM and lead test laboratories have unveiled PSA Certified, an independent security certification scheme for IoT devices. Prove & Run is proud to be part of this initiative and to have played a critical role collecting critical input from other lead partners and the wider ecosystem, and contributing to writing the security scheme documents that will be released as part of the program. Further details can be found in the press release.

Paris, France – February 6th, 2019 – Prove & Run has been selected as the security technology partner of the Kalray’s ES3CAP project.

The main objective of the ES3CAP project is to build around Kalray’s MPPA® (“Massively Parallel Processor Array”) hardware platform an environment for critical applications that require high-performance and highly-secure computing capacity. The project is led by Kalray, with the support of leading automotive, aerospace and defense manufacturers, including Renault-Nissan-Mitsubishi, MBDA and Safran. Prove & Run will contribute in the project with its unique expertise in security architecture, secure OS and development of highly security services. Further details about the ES3CAP project can be found in this press release.