0
May 4, 2011 1
Evolving
Trusted
Platforms
Haydn Povey
Director Marketing
Processor Division
ARM
May 4, 2011 2
Evolving the Mobile Internet
“More people in the world will have
their first interaction with the
Internet w...
May 4, 2011 3
The Issue
Over 350,000 Android handset are shipped every day
Approaching 350,000 apps on Android store
Open ...
May 4, 2011 4
Mobile Client of 2010
OEM/Operator “Store front
Web 2.0 apps mashups
OpenGL ES 2.0 graphics
Content and its ...
May 4, 2011 5
Mobile Client of 2013
Console gaming performance
Advanced video capability
Fast broadband
Enterprise applica...
May 4, 2011 6
Security - Foundation of the Future
Integrated security is the key capability to enable the
next generation ...
May 4, 2011 7
Traditional Security Solutions
Security traditionally seen as separate and distinct
Enables the development ...
May 4, 2011 8
SoC Platform Security Challenges
Definitions – Are we fighting the same battles?
Advanced threat models
Devi...
May 4, 2011 9
SoC Platform Security Challenges
Software
Lack of standards & low portability of code restricts ecosystem
Mo...
May 4, 2011 10
Who Cares About Mobile Security?
Security is a Continuous Evolution – not a one time task
AppMNO ServiceOSO...
May 4, 2011 11
Building Secure Platforms
Three fundamental alternatives
#1–Integration of separate secure element
Very low...
May 4, 2011 12
Delivering A Trusted Virtual Processor
TrustZone has major advantages
over separate secure processor
soluti...
May 4, 2011 13
TrustZone Enabled Processors
TrustZone is in the DNA of all ARM Application Processors
Cortex-A5 MPCore
Cor...
May 4, 2011 14
Enabling Payment Solutions
On-Chip Secure RAM area protected with TrustZone Memory Adaptor
Keyboard and scr...
May 4, 2011 15
Enabling Fully Secured Platforms
Addition of Crypto, Media Accelerators & DMA Controller for media handling...
May 4, 2011 16
TrustZone “Virtual” Secure Processor
Certification is traditionally a very lengthy and expensive process
fo...
May 4, 2011 17
TrustZone “Virtual” Secure Processor
TrustZone provides a smaller virtual processor significantly
reducing ...
May 4, 2011 18
Virtualization and Security
Virtualization often offered as a solution for security
Virtualization focused ...
May 4, 2011 19
P0 P1 P2 P3
SMP OS
Multi-Core Software Model
All cores in multi-core processors inherently contain TrustZon...
May 4, 2011 20
SEPIA – EU Funded research program
Secure, Embedded Platform with advanced Process Isolation and Anonymity
...
May 4, 2011 21
Delivering Secure Applications
Tamper Resist Storage
Secure Crypto Exe
EAL 5+ Certification
Trusted Periphe...
May 4, 2011 22
Conclusion
Security must be a major focus for the entire SoC industry
In an increasingly connected world, a...
May 4, 2011 23
And Finally.....
Upcoming SlideShare
Loading in...5
×

Track f evolving trusted platforms - arm

1,253

Published on

Published in: Education, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,253
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
49
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Track f evolving trusted platforms - arm"

  1. 1. May 4, 2011 1 Evolving Trusted Platforms Haydn Povey Director Marketing Processor Division ARM
  2. 2. May 4, 2011 2 Evolving the Mobile Internet “More people in the world will have their first interaction with the Internet with mobile than with laptop” Vinton Cerf, Google “In mobile computing, the opportunities for innovation are particularly exciting.... The fact that more than 3 billion people around the world are connected is unbelievable, yet that is less than half the world’s population. Steve Ballmer, Microsoft ... and malware and software threats are increasing exponentially
  3. 3. May 4, 2011 3 The Issue Over 350,000 Android handset are shipped every day Approaching 350,000 apps on Android store Open mobile OS’s are a blessing... and a curse Over 350,000 Android handset are shipped every day Approaching 350,000 apps on Android store Open mobile OS’s are a blessing... and a curse
  4. 4. May 4, 2011 4 Mobile Client of 2010 OEM/Operator “Store front Web 2.0 apps mashups OpenGL ES 2.0 graphics Content and its usage in all forms is driving consumer demand Internet Games Music Books Video Cortex™-A8/A9 45/32nm OpenGL ES 2.0 GPU (Mali-400MP( HD video DVC TrustZone® LTE 50Mbps DL Multimode 40nm Cortex-R4 WVGA AMOLED screen HDMI out Apps processorDevice trends Modem Basic security concepts introduced
  5. 5. May 4, 2011 5 Mobile Client of 2013 Console gaming performance Advanced video capability Fast broadband Enterprise applications Advanced multi- processing drives new consumer paradigms and use Fast battery charge New technologies appear in batteries for the first time New generation MP 22nm New generation GPU HD video DVC: 60fps+ TrustZone and advanced security LTE 100Mbps DL 28nm New generation processor Device trends Apps processor Modem Advanced system security capabilities
  6. 6. May 4, 2011 6 Security - Foundation of the Future Integrated security is the key capability to enable the next generation of services and applications across many market segments Seamless Payment Services Integrated Content Management The Internet of Things
  7. 7. May 4, 2011 7 Traditional Security Solutions Security traditionally seen as separate and distinct Enables the development of physical and electrical countermeasures These applications remain vitally important, however the technology significantly limit the functionality of those high performance applications which demand security In excess of 4 Billion devices per year Secure Elements are shippedIn excess of 4 Billion devices per year Secure Elements are shipped
  8. 8. May 4, 2011 8 SoC Platform Security Challenges Definitions – Are we fighting the same battles? Advanced threat models Device-centric Malware vs. Class Breaks (iOS cracking( Social engineering viruses vs significant Lab Attacks Attack goals – gifted amateur or $$$mulit-million threat Varying definitions of “security” creates significant market fragmentation Hardware Guidance & standard HW foundations required to enable SW ecosystem Secure boot integration with UEFI, etc. Processor requirements to enable best-in-class trust and security System IP to deliver holistic security across the SoC Role of secure element Certification methodology
  9. 9. May 4, 2011 9 SoC Platform Security Challenges Software Lack of standards & low portability of code restricts ecosystem Move to standard HW framework promotes code reuse Enables the development of standard API within industry groups, e.g. Global Platform (www.globalplatform.org( Simplifies integration into rich OS WM, Android, etc. Who cares about security? End users are typically ignorant of security risks Hence it falls to the content owners or banks to cover the risk The stakeholder differ by market segment but have some common members
  10. 10. May 4, 2011 10 Who Cares About Mobile Security? Security is a Continuous Evolution – not a one time task AppMNO ServiceOSOEMSoC User SECURITY ATTENTION METER
  11. 11. May 4, 2011 11 Building Secure Platforms Three fundamental alternatives #1–Integration of separate secure element Very low risk as SE are well trusted (EAL 5(+ Limited integration and low speed make them of limited use #2–Integration of secondary secure processor Provides a higher performance and focused alternative Challenges around area cost, HW design, and separate SW code base and integration with main application processor, OS and apps #3–Leverage existing application processor High performance and naturally integrated
  12. 12. May 4, 2011 12 Delivering A Trusted Virtual Processor TrustZone has major advantages over separate secure processor solutions: Performance Security at full core MHz All resources dynamically shared Cost The two isolated domains are implemented in the same machine with no HW duplication System Approach Security extends to entire memory and peripheral systems
  13. 13. May 4, 2011 13 TrustZone Enabled Processors TrustZone is in the DNA of all ARM Application Processors Cortex-A5 MPCore Cortex-A8 & Cortex-A9 MPCore Cortex-A15 MPCore Cortex-A15 Cortex-A9 Cortex-A5
  14. 14. May 4, 2011 14 Enabling Payment Solutions On-Chip Secure RAM area protected with TrustZone Memory Adaptor Keyboard and screen secured dynamically to protect PIN entry Example solution based on ARM IP
  15. 15. May 4, 2011 15 Enabling Fully Secured Platforms Addition of Crypto, Media Accelerators & DMA Controller for media handling Protection of RAM and off-chip decode Example solution based on ARM IP
  16. 16. May 4, 2011 16 TrustZone “Virtual” Secure Processor Certification is traditionally a very lengthy and expensive process for complex SoC designs Certification is traditionally a very lengthy and expensive process for complex SoC designs Picture courtesy of Texas Instruments
  17. 17. May 4, 2011 17 TrustZone “Virtual” Secure Processor TrustZone provides a smaller virtual processor significantly reducing complexity & cost TrustZone provides a smaller virtual processor significantly reducing complexity & cost Picture courtesy of Texas Instruments
  18. 18. May 4, 2011 18 Virtualization and Security Virtualization often offered as a solution for security Virtualization focused on sharing of resources across many threads TrustZone solutions focus on simplicity to enable certification Future systems will require Virtualization and TrustZone Hypervisor Secure Kernel Secure Boot SecureApp Normal Secure Host OS Secure Driver Secure Driver Guest OS Secure Driver App App App Guest OS Secure Driver App App App Guest OS Secure Driver App App App SecureApp SecureApp Monitor App App App
  19. 19. May 4, 2011 19 P0 P1 P2 P3 SMP OS Multi-Core Software Model All cores in multi-core processors inherently contain TrustZone H/W Simplicity equals security – reduced attack vectors Single implementation of SecureOS on P0 – small footprint & blocking operation P1, P2, P3 implement simple stub to redirect secure requests to P0 It is possible to have multiple SecureOS instantiations however certification complexity grows exponentially. Normal World SecureOSSecure World TrustZone Device Driver Applications Stub Stub Stub
  20. 20. May 4, 2011 20 SEPIA – EU Funded research program Secure, Embedded Platform with advanced Process Isolation and Anonymity capabilities EU-funded research project in the 7th FRP 5Research Partners: Hardware & Infrastructure Lead Software & Security Lead Certification Lead Secure Element & Systems Lead Threat Analysis & Project Lead http://www.sepia-project.eu/
  21. 21. May 4, 2011 21 Delivering Secure Applications Tamper Resist Storage Secure Crypto Exe EAL 5+ Certification Trusted Peripherals GPS, UI, Clock etc Authenticated Debug Trusted Boot TrustedAppsProcessor+SecureElement M obile Advertising Loyalty applications Em ailEncryption D R M SuperD istribution O ne Tim e Passw ord D ata Protection Access C ontrol Secure FO TA License M anagem entTicketingM obile TV M obile Paym ent M obile B anking “EMV” Certification Trusted RTE
  22. 22. May 4, 2011 22 Conclusion Security must be a major focus for the entire SoC industry In an increasingly connected world, and the Internet of Things it is critical to focus on the “who” as well as the “how” In power constrained devices we have to build security in from the ground up – not as an afterthought with layers of anti- virus software All platforms in the future are power constrained – from the connected washing machine to the green cloud-server
  23. 23. May 4, 2011 23 And Finally.....
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×