PROVENCORE SECURE OS ACHIEVES EAL7 COMMON CRITERIA CERTIFICATION

Paris, France – September 13th, 2019 – Prove & Run, a leader in embedded security, announces that its flagship product, ProvenCore for ARM™ Cortex-A, has recently obtained a Common Criteria (CC) EAL7 certification. This is a world premiere as there is no other OS or Trusted Execution Environment (TEE) at that level of security. As a comparison, the next most secure TEE on the mobile security market – for the very few that have been certified – only reached the EAL2+ level. 

ProvenCore is a formally proven secure OS for ARM Cortex-A, ARM Cortex-M and RISC-V processors. It is also a next-generation ultra-secure TEE. Receiving a CC EAL7 certification for ProvenCore showcases the unique security expertise of Prove & Run’s team for delivering highly secure software components such as OSs and hypervisors. EAL7 is the highest level defined by the Common Criteria certification scheme and offers an extremely important increase in security assurance compared to EAL2+. Providing such a high level is a must when willing to withstand remote cyberattacks for devices whose massive compromise would lead to high losses.

It is also a key milestone for being able to develop secure-by-design connected devices in many IoT sectors (automotive, railways, aeronautics, energy, industrial, medical, etc.) in a cost-effective way:

  • Even when using other security technologies such as Secure Elements or hypervisors, an OS is still required to execute the sensitive security services on complex hardware such as microcontrollers or microprocessors, and this OS has to be secure because it is part of a device’s Trusted Computing Base. 
  • ProvenCore is the very first OS or kernel to be formally proven for its complete Trusted Computing Base. Formally proving the complete Trusted Computing Base is essential to avoiding situations in which hackers will exploit weaknesses in the part of the Trusted Computing Base that has not been formally proven, and that can still be complex and error prone such as the Process Management for example. 
  • ProvenCore offers a high abstraction level (POSIX-like) to developers of security services. With ProvenCore, the development of security services becomes simpler and cheaper, leading to more security at a lower cost.
  • ProvenCore is formally proven and can therefore claim superior code quality (as close as possible to zero-defects) leaving almost no attack surface to hackers. Use of formal proofs also promotes a much easier maintainability of the ProvenCore code base, a critical factor for a software component as complex as an OS, and consequently a much-reduced Total Cost of Ownership (TCO).  
  • For industries that are subject to certification – or that may be subject to certification in the coming years – ProvenCore brings certainty that certification will be achieved painlessly, whatever the requirement level, for the lowest possible cost.

Dominique Bolignano, President and Founder of Prove & Run: “ProvenCore is the first OS/TEE to be formally proven down to the generated code. The proof also covers all of the essential parts of the OS/TEE as ProvenCore’s Trusted Computing Base is also proven. Those are two world premieres and we are extremely proud to have achieved this outstanding milestone. With ProvenCore, Prove & Run brings to the market a solution that provides a distinctively higher security level and a lower cost of security than any existing solutions for connected and mobile devices.”

PROVE & RUN

Prove & Run’s mission is to help its customers resolve the security challenges linked to the large-scale deployment of connected devices and of the Internet of Things by providing cost effective off-the-shelf software solutions that dramatically improve the level of security of connected systems so as to protect them against remote cyber-attacks. Further information can be found at www.provenrun.com.

Media Contact
Christophe Pagezy, Co-CEO
moc.n1571877468urnev1571877468orp@y1571877468zegap1571877468.ehpo1571877468tsirh1571877468c1571877468
+33 1 75 77 55 51

Paris, France – May 24th, 2019 – Prove & Run has joined Eurosmart, an industry association that gathers technological experts in the field of digital security.

With more than 25 years of experience, Eurosmart’s roles are to:

  • Provide market analysis and market forecasts related to the area of digital security and analyse the critical technologies enabling EU’s digital sovereignty.
  • Advocate for an increase in the security level of digital interactions in Europe and worldwide, as well as promote “security by design” and “security by default” principles towards policy makers.
  • Provide its expertise and contributes to several fora, consortia, and European and international standardisation organisations, such as EU expert groups and European Public-Private partnerships.

For more information please refer to this press release.

Paris, France – May 14th, 2019 – Prove & Run has been selected as a security technology partner of the EPI project. 

Prove & Run joins as a partner the European Processor Initiative (EPI), a major European initiative whose objective is to design a new family of low-power processors for extreme scale computing, high-performance Big-Data and a range of emerging applications. The EPI project gathers 26 participants and is financed by the European Union under the Horizon 2020 programme.

Dr. Dominique Bolignano (CEO) has also assumed the role of the Global Security Technical Leader for the EPI project.

Further details about the EPI project can be found in this web site

Paris, France – February 25, 2019 – Prove & Run, a leader in embedded security, announces a strategic partnership with Kalray (Euronext Growth Paris: ALKAL), a pioneer in processors for intelligent systems, to bring more security on Kalray’s manycores MPPA™ architectures. This partnership aims to meet the growing security needs of so-called “CPS” (Cyber ​​Physical Systems), e.g. platforms that are in direct interaction with the physical world. As part of this partnership, Prove & Run brings to Kalray a recognized expertise in security architectures and will offer its secure firmware solutions and certified OS to Kalray’s MPPA™ customers for high-end security services.

The rise of artificial intelligence is about to revolutionize markets. Tomorrow’s autonomous cars, future aircraft engines or robots share the same need: access to new CPS platforms to process, via increasingly sophisticated algorithms, an increasing amount of data and functions. These processes must be performed while ensuring that the strict safety and security requirements shared by these different industries are met.

As CPSs become more self-reliant and accountable, the security risks they face or create increase at the same pace. In addition, CPSs must also face a global increase in risks related to the emergence of increasingly sophisticated and especially well funded hackers. CPS designers must address this issue by ensuring that security is integrated into the design of a CPS from the beginning, down to the lowest levels of hardware and software. Merely protecting the perimeter of a CPS, using a firewall for example, is no longer sufficient. This issue is amplified by the constant increase in the level of connectivity available to CPSs with a variety of communication mechanisms both local (WiFi, Bluetooth, V2X, etc.) and remote (LTE, LPWAN, satellite, etc.).

Today’s avionic and automotive platforms do not use the security features as applied, for example, in the computer industry or in the banking sector. According to Frost & Sullivan:

  • “With 85% of vehicles expected to be connected to the Internet by 2020 and more than 50 vulnerabilities per vehicle, cybercrime will pose a real threat to the industry.” Thus, if OEMs are unaware of the cybersecurity aspect, they will compromise their users, risking the value of their brand and will have to answer to their financial and moral obligations.
  • With the digital revolution, modern vehicles are equipped with a high-tech architecture and communication systems that require computer security. “Vehicles today operate millions of lines of code. With an estimate of one security weakness per 1,000 lines of code, this could mean a high risk of being hacked. “

Eric Baissus, Chairman of Kalray’s Management Board: “We are very pleased to partner with Prove & Run to provide our customers with the smart solutions of tomorrow with a very high level of security. Prove & Run’s expertise in security architectures, their secure OS and firmware solutions will enable our MPPA™ intelligent processors to meet the growing needs for high security services. “

Dominique Bolignano, President and Founder of Prove & Run:Prove & Run is pleased to be involved in the development of Kalray and to participate in the success of the MPPA™ platform. This partnership will enable us to combine at best our mutual expertise, share our understanding of the needs of the CPS market and deliver security solutions to meet the most critical security issues.”

ABOUT PROVE & RUN

Prove & Run’s mission is to help its customers resolve the security challenges linked to the large-scale deployment of connected devices and of the Internet of Things by providing cost effective off-the-shelf software solutions that dramatically improve the level of security of connected systems so as to protect them against remote cyber-attacks. Further information can be found at www.provenrun.com.

February 25, 2019 – To support the widespread deployment of secure IoT solutions based on the Platform Security Architecture (PSA) framework, ARM and lead test laboratories have unveiled PSA Certified, an independent security certification scheme for IoT devices. Prove & Run is proud to be part of this initiative and to have played a critical role collecting critical input from other lead partners and the wider ecosystem, and contributing to writing the security scheme documents that will be released as part of the program. Further details can be found in the press release.

Paris, France – February 6th, 2019 – Prove & Run has been selected as the security technology partner of the Kalray’s ES3CAP project.

The main objective of the ES3CAP project is to build around Kalray’s MPPA® (“Massively Parallel Processor Array”) hardware platform an environment for critical applications that require high-performance and highly-secure computing capacity. The project is led by Kalray, with the support of leading automotive, aerospace and defense manufacturers, including Renault-Nissan-Mitsubishi, MBDA and Safran. Prove & Run will contribute in the project with its unique expertise in security architecture, secure OS and development of highly security services. Further details about the ES3CAP project can be found in this press release.

16th of October 2018 – At ARMTechCon in San Jose, California, Prove & Run demonstrated how ProvenCore-M, its secure RTOS, can leverage the TrustZone hardware security features of the STM32L5, STMicroelectronics’ new Ultra-Low-Power MCU series, to help protect power-conscious connected devices from remote cyberattacks.

More details about the STM32L5 series are available in the full press release.

 

Paris, France – September 25th, 2018 – ARCHOS today announces the launch in January 2019 of the Safe-T Touch, the first secure hardware wallet with a touch screen, featuring an Android interface and an integrated services platform, for those who already hold crypto-currencies or who wish to open an account in crypto-assets.

Designed in partnership with Prove & Run, the Safe-T Touch embeds, in addition to a secure element used for protecting cryptographic keys, a secure, transaction-specific execution area, isolated from the Google Android operating system thanks to ProvenCore, an ultra-secure TEE providing an unrivaled level of security and featuring a trusted display.

For more information about the Safe-T Touch please refer to the complete press-release.

About Prove & Run

Prove & Run’s mission is to help its customers resolve the security challenges linked to the large-scale deployment of connected devices and of the Internet of Things by providing cost effective off-the-shelf software solutions that dramatically improve the level of security of connected systems so as to protect them against remote cyber-attacks. Further information can be found at www.provenrun.com.

Media Contact
Christophe PAGEZY
moc.n1571877468urnev1571877468orp@y1571877468zegap1571877468.ehpo1571877468tsirh1571877468c1571877468

June 19th, 2018 – Europe invests 50 million € in Secure and Safe Automated Systems

69 partners working together to develop future technologies focused on security, safety and privacy across multiple application domains

SECREDAS stands for “Product Security for Cross Domain Reliable Dependable Automated Systems. SECREDAS consortium – 69 partners from 16 European countries – has kicked-off the 50 MEuro ECSEL Joint Undertaking research and innovation project, to build a reference architecture for Secure and Safe Automated systems compliant with the new GDPR Regulation. The focus will be on automotive, rail and personal healthcare, all of which demand high security and safety, covering technologies such as radar, lidar, Vehicle-to-Infrastructure and in-vehicle networks.

The project started on May 1st, 2018 and the kick-off meeting took place on May 16-17 at NXP Semiconductors, coordinator of the project, and it will last for 3 years. First results are expected to be demonstrated at the ITS European Congress on June 3-6, 2019 in Helmond/Eindhoven, Netherlands (see https://2019.itsineurope.com/).

Bert De Colvenaer, Executive Director of the ECSEL JU: “SECREDAS is one of the first ECSEL JU funded projects which looks at security, safety and privacy across multiple application domains. The new European GDPR-regulation provides the opportunity to develop future technologies able to answer to urgent safety, security and privacy concerns. The ECSEL JU programme demonstrates once again its flexibility to take up new challenges”.

Patrick Pype, SECREDAS Project Leader: “We are proud to have gathered together the key European stakeholders with expertise in their respective application domains as well as in the security & privacy area. This will allow to make a giant leap forward in the trust of road users in autonomous transport modes and healthcare. The consortium expects that 25% of all new road vehicles will be fitted with SECREDAS technology by 2030, representing a value of 10B€”.

The intertwining of safety, security & privacy of connected and automated systems is a concern in multiple application domains for many consumers in the European Union. As an example, one in four potential buyers/users in Europe of automated driving is reluctant to do so, mainly due to a lack of trust into its security. Hence industry and research communities need to work on an answer to ensure that these concerns are no longer roadblocks for further evolutions in the transport and personal healthcare sectors.

The high-level goal of SECREDAS is to develop and validate multi-domain architecting methodologies, reference architectures, components and suitable integration and verification approaches for automated systems, as well as taking into account and influencing standardization, certification and qualification in different domains, combining high security and privacy protection while preserving functional-safety and operational performance.With SECREDAS a first important step will be made into the direction of developing “trust”-building components and (sub)systems for, in particular, the European transportation and medical industry of tomorrow.

The vision of SECREDAS is to take an important step forward by providing the means to enhance this trustworthiness. This will assist in making connected and automated vehicles a market reality, to ensure that European OEMs remain competitive and that they remain world leaders, together with embedded system and semiconductor suppliers. In addition, SECREDAS addresses cross-domain cybersecurity, privacy and safety related technologies in the areas of automated systems in the personal healthcare & railway sectors, with strong support to cross-domain actions.

Picture of the SECREDAS Kick-off Meeting at NXP Semiconductors, Munich, Germany

For more information, please contact:

Prove & Run:

Christophe Pagezy, Co-CEO

moc.n1571877468urnev1571877468orp@y1571877468zegap1571877468.ehpo1571877468tsirh1571877468C1571877468

ECSEL JU:

Alun Foster, Head of Plans and Dissemination of the ECSEL JU (Communication related queries)

ue.ap1571877468orue.1571877468lesce1571877468@rets1571877468of.nu1571877468lA1571877468

Yves Gigase, Head of Programmes of the ECSEL JU (Technology related queries)

ue.ap1571877468orue.1571877468lesce1571877468@esag1571877468ig.se1571877468vY1571877468

Partners in the SECREDAS Consortium:

Project Leader: NXP Semiconductors, NL

Austria:

Belgium:

Czech Republic:

Finland:

France:

Germany:

Hungary:

Italy:

Netherlands:

Poland:

Portugal:

Romania:

Spain:

Sweden:

Tunis:

UK:

ARM released three Threat Models and Security Analyses (TMSA, also known as a Protection Profile) prepared by Prove & Run on ARM’s behalf for respectively a network camera, a water meter and an asset tracker. A TMSA is the starting point for assessing the security risk faced by a connected device. From this research, the right level of security can be determined, and then functional requirements established to mitigate the threats for the corresponding devices.

With ProvenCore and ProvenCore-M, Prove & Run’s ultra secure OS kernel for ARM Cortex-A and Cortex-M devices, Prove & Run can help the designers and users of network cameras, water meters and asset trackers to integrate the required security features so as to be protected from cyber-attacks at the right level.