ProvenCore is a trusted operating system (OS), primarily designed to run alongside a conventional OS (or rich OS) in embedded systems. Many processors are designed with this dual OS architecture in mind – a technology called TrustZone by ARM and SGX by Intel. The privileged situation of trusted OSs in what is called a trusted execution environment (TEE) allows them to execute security features and exert control over the conventional OS.
A dual-OS architecture is a valuable design for security and has been widely adopted in the mobile phone industry. However, the trusted OSs that have been developed so far for the mobile industry do not offer the necessary protection against remote attacks targeting connected devices. Moreover, most trusted OSs do not possess the features that would make them capable of executing all the functions that should be performed in a TEE for security reasons. ProvenCore offers a solution to the two issues identified.
- Developed using formal methods and backed by a Common Criteria EAL7 certification, ProvenCore can claim superior code quality (as close as possible to zero-defects) leaving almost no attack surface to hackers. Use of formal proofs also promotes much easier maintainability of the ProvenCore code base, a critical factor for a software component as complex as an OS, and consequently a much-reduced Total Cost of Ownership (TCO).
- ProvenCore offers a high level of abstraction for developing security services. ProvenCore checks all the interactions between the security services, as well as all the interactions between the security services and the outside world. With ProvenCore, the development of security services becomes simpler and cheaper, leading to more security at a lower cost.
For those industrial sectors that are subject to certification – or may be subject to certification in the coming years – ProvenCore brings certainty that certification will be met with no pain – whatever the requirement level – for the lowest possible cost.
Examples of security functions that can run on ProvenCore
- Fully autonomous firmware update over-the-air (FOTA)
- Secure VPN
- Secure storage and use of keys and certificates
- Intrusion detection and protection systems (IDPS)
- Filters, firewalls
- Remote maintenance
- Trusted user interface (TUI)
- Recovery OS (implementing the most necessary features of the rich OS when it fails)
ProvenCore runs on:
- ARM Cortex-A microprocessors compliant with the ARMv7-A and ARMv8-A architectures,
- ARM Cortex-M microcontrollers compliant with the ARMv7-M and ARMv8-M architectures,
- RISC-V processors.
ProvenCore on Cortex-M v7
ProvenCore can run on ARM Cortex-M v7 processors that do not support the TrustZone technology. In this case, one Cortex-M chip is dedicated to security as shown in the following figure while the other microcontrollers or microprocessors host conventional OSs.
In addition to ready-made security COTS such as ProvenCore and ProvenVisor, Prove & Run offers a range of professional services to:
- Help our customers design/build/develop secure software and/or integrate our COTS,
- Help our customers secure their existing architectures:
- Performing security analyses
- Revamping existing architectures for security with ad-hoc solutions: Secure Boot, secure Over-the-Air firmware update, firewalling, intrusion detection/protection solutions, authentication, secure storage, etc…