SlideShare a Scribd company logo

Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-Gross-Amazon-Web-Services.pptx

Download as PPTX, PDF
A
AAnt87

Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-Gross-Amazon-Web-Services.pptx

Data & Analytics
1 of 23
© 2023, EasyPeasyCloud. All rights reserved. Why SESIP™ Certification for FreeRTOS Matters Daniel Gross Senior Developer Advocate IoT Ecosystem Services
© 2023, EasyPeasyCloud. All rights reserved. Why SESIP™ Certification for FreeRTOS Matters Daniel Gross Senior Developer Advocate IoT Ecosystem Services
© 2023, EasyPeasyCloud. All rights reserved. Agenda What is FreeRTOS? Why SESIP™ excites the FreeRTOS project Target of Evaluation (TOE) assumptions Considerations for your future SESIP certified product Call to action 3
© 2023, EasyPeasyCloud. All rights reserved. What is FreeRTOS? 18+ years trusted, widely distributed (downloaded every 170 seconds) 40+ supported architectures, including Armv8-M (Cortex-M33) and RISC-V Broad partner ecosystem support Permissive MIT open source license Kernel plus modular libraries SESIP Assurance Level 2 https://freertos.org https://github.com/freertos
© 2023, EasyPeasyCloud. All rights reserved. Why SESIP™ Certification excites the FreeRTOS project 5
© 2023, EasyPeasyCloud. All rights reserved. Certification prior to the SESIP™ model ↓ Certification of all layers occur at the end of development ↓ Certification duration is uncertain due to breadth of potential issues ↓ Certification process resets in whole if any layer is modified ↓ IoT product delivery risk is always high 6 Application FreeRTOS Middleware Drivers / Bootloader Hardware
© 2023, EasyPeasyCloud. All rights reserved. Certification using the SESIP™ model ↑ Certification of individual layers occur outside of IoT product developer’s cycle ↑ Certification duration is more certain due to focus on application ↑ Certification process discretely reset if any layer is modified ↑ IoT product delivery risk is greatly reduced 7 Application FreeRTOS Middleware Drivers / Bootloader Hardware
© 2023, EasyPeasyCloud. All rights reserved. FreeRTOS test areas and Target of Evaluation (TOE) assumptions 8
© 2023, EasyPeasyCloud. All rights reserved. Basic assumptions • Physical attacks not in scope • The TOE must have a Memory Protection Unit (MPU) • Tests do not add any hostile code to the TOE  Development teams need to be trusted and must implement development team rules that constrain FreeRTOS source code modification • Firmware Over-the-Air (FOTA) function uses AWS IoT OTA Update Manager • SESIP™ Project for FreeRTOS on GitHub:  https://github.com/FreeRTOS/Lab-Project-FreeRTOS-SESIP  FreeRTOS 202012.00 LTS kernel + libraries used for certification 9
© 2023, EasyPeasyCloud. All rights reserved. Users can verify that they have a secure product only if they can obtain the identifications of the product parts (application and Connected Platform). Security Evaluation Standard for IoT Platforms (SESIP) Public Release v1.1 Section 3.1.1
© 2023, EasyPeasyCloud. All rights reserved. Test: Identity verification • Implementers can verify software versions included in their products by the LTS manifest file • Environment condition: the implementer is trusted and would not modify any SESIP™ certified FreeRTOS source code • Identity verification for the connected platform relates to the runtime identification under device operation • The MQTTConnectInfo structure is coded to use unique client ID according to application requirements 11
© 2023, EasyPeasyCloud. All rights reserved. Addressing security flaws, functional bugs, or improvements may require an update of the platform in the field. Composite developers and evaluators can be assured that the update mechanism itself will not enable an attack. Security Evaluation Standard for IoT Platforms (SESIP) Public Release v1.1 Section 3.2.3
© 2023, EasyPeasyCloud. All rights reserved. Test: system update via Over-the-Air update (OTA) • An Over-the-Air update makes it possible to update device firmware without an expensive recall or technician visit • Quick response to security vulnerabilities and software bugs that are discovered after the devices are deployed in field • FreeRTOS OTA client library enables update notifications, downloads, and cryptographic verification • The OTA library is continuously verified using formal methods. See ‘Using Formal Methods to validate OTA Protocol’ for more:  https://freertos.org/2020/12/using-formal-methods-to-validate-ota-protocol.html 13
© 2023, EasyPeasyCloud. All rights reserved. The platform developer can separate the critical assets in different parts of the platform, and thus safeguard them from compromises of other parts of the platform. Security Evaluation Standard for IoT Platforms (SESIP) Public Release v1.1 Section 3.4.4
© 2023, EasyPeasyCloud. All rights reserved. Test: software isolation • Software isolation helps protect against attackers modifying memory • Two parts: hardware and software.  Hardware requires a Memory Management Unit (MMU) or a Memory Protection Unit (MPU)  Software: kernel port implements capabilities to work with the MMU and MPU. • For more information on this topic, see Gaurav Aggarwal's blog section relating to ARMv8-M features:  https://freertos.org/2020/04/using-freertos-on-armv8-m- microcontrollers.html#FREERTOS_WITH_MPU 15
© 2023, EasyPeasyCloud. All rights reserved. Considerations for your future SESIP™ certified product 16
© 2023, EasyPeasyCloud. All rights reserved. Application with no modified layers Everythingisfine,nothingtoseehere,resultsinexpectedbenefits 17
© 2023, EasyPeasyCloud. All rights reserved. Application with modified layers “Letmetweakthekerneljustalittlebit” 18
© 2023, EasyPeasyCloud. All rights reserved. FreeRTOS long-term support Covers: FreeRTOS kernel Connectivity/other libraries: FreeRTOS+TCP, coreMQTT, coreHTTP, coreJSON Security library: corePKCS11 AWS library: AWS IoT Device Shadow, AWS IoT Jobs, AWS IoT OTA, AWS IoT Device Defender Libraries receive security updates and critical bug fixes but no new features for at least two years Maintained by AWS Free and open source under the MIT license Get predictability and feature stability for two years with FreeRTOS LTS libraries
© 2023, EasyPeasyCloud. All rights reserved. FreeRTOS extended maintenance plan Reduce product liability risks Save operating system upgrade costs Improve device security for the long term Reduce the risk of delayed updates by receiving timely notification of upcoming patches Annual subscription plan per FreeRTOS LTS version and use on single/multiple products Continue to renew subscriptions annually for a duration up to 10 years Receive security patches and critical bug fixes on your chosen LTS version for up to 10 years beyond the expiry of the initial LTS period
© 2023, EasyPeasyCloud. All rights reserved. Call to action 21
© 2023, EasyPeasyCloud. All rights reserved. Call to action • Where is your business on the stack? • What layers do you depend on? Are they certified? • Learn which SESIP specification areas are important to you • Do a gap analysis on your layer • Get certified  • Check out Richard Elberger’s excellent blog on freertos.org:  https://freertos.org/2021/03/why-sesip-certification-for-freertos-matters.html 22
Thank you! © 2023, EasyPeasyCloud. All rights reserved. Daniel Gross @dangross

Recommended

Software update for embedded systems
Software update for embedded systemsSoftware update for embedded systems
Software update for embedded systems
SZ Lin
 
HKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionHKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: Introduction
Linaro
 
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
Weaveworks
 
2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil
NASA Open Government Initiative
 
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
Amazon Web Services
 
Plataforma DevOps en OpenShift
Plataforma DevOps en OpenShiftPlataforma DevOps en OpenShift
Plataforma DevOps en OpenShift
Juan Carlos García Peláez
 
Time is ready for the Civil Infrastructure Platform
Time is ready for the Civil Infrastructure PlatformTime is ready for the Civil Infrastructure Platform
Time is ready for the Civil Infrastructure Platform
Yoshitake Kobayashi
 
PSA Certified – building trust in IoT
PSA Certified – building trust in IoTPSA Certified – building trust in IoT
PSA Certified – building trust in IoT
Duncan Purves
 

Recommended

Software update for embedded systems
Software update for embedded systemsSoftware update for embedded systems
Software update for embedded systems
SZ Lin
 
HKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionHKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: Introduction
Linaro
 
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
Weaveworks
 
2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil
NASA Open Government Initiative
 
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
Amazon Web Services
 
Plataforma DevOps en OpenShift
Plataforma DevOps en OpenShiftPlataforma DevOps en OpenShift
Plataforma DevOps en OpenShift
Juan Carlos García Peláez
 
Time is ready for the Civil Infrastructure Platform
Time is ready for the Civil Infrastructure PlatformTime is ready for the Civil Infrastructure Platform
Time is ready for the Civil Infrastructure Platform
Yoshitake Kobayashi
 
PSA Certified – building trust in IoT
PSA Certified – building trust in IoTPSA Certified – building trust in IoT
PSA Certified – building trust in IoT
Duncan Purves
 
Zephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfZephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdf
ibramax
 
SOSCOE Overview
SOSCOE OverviewSOSCOE Overview
SOSCOE Overview
Joshua L. Davis
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
Microsoft Tech Community
 
Zephyr Introduction - Nordic Webinar - Sept. 24.pdf
Zephyr Introduction - Nordic Webinar - Sept. 24.pdfZephyr Introduction - Nordic Webinar - Sept. 24.pdf
Zephyr Introduction - Nordic Webinar - Sept. 24.pdf
AswathRangaraj1
 
Your CODESYS Applications, Protected and Licensed
Your CODESYS Applications, Protected and LicensedYour CODESYS Applications, Protected and Licensed
Your CODESYS Applications, Protected and Licensed
team-WIBU
 
SLTS kernel and base-layer development in the Civil Infrastructure Platform
SLTS kernel and base-layer development in the Civil Infrastructure PlatformSLTS kernel and base-layer development in the Civil Infrastructure Platform
SLTS kernel and base-layer development in the Civil Infrastructure Platform
Yoshitake Kobayashi
 
Intel_IoT_gateway.pdf
Intel_IoT_gateway.pdfIntel_IoT_gateway.pdf
Intel_IoT_gateway.pdf
FitzgeraldSungkyungP
 
Workshop 16 october 2015 paris
Workshop 16 october 2015 parisWorkshop 16 october 2015 paris
Workshop 16 october 2015 paris
Marcel Hartgerink
 
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Yoshitake Kobayashi
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-V
RISC-V International
 
stackconf 2023 | Bringing Order to Chaos: Make Your Systems More Resilient wi...
stackconf 2023 | Bringing Order to Chaos: Make Your Systems More Resilient wi...stackconf 2023 | Bringing Order to Chaos: Make Your Systems More Resilient wi...
stackconf 2023 | Bringing Order to Chaos: Make Your Systems More Resilient wi...
NETWAYS
 
MicroEJ, the OS for IoT
MicroEJ, the OS for IoTMicroEJ, the OS for IoT
MicroEJ, the OS for IoT
MicroEJ
 
MicroEJ OS for IoT devices
MicroEJ OS for IoT devicesMicroEJ OS for IoT devices
MicroEJ OS for IoT devices
charlotte75009
 
Cozystack: Free PaaS platform and framework for building clouds
Cozystack: Free PaaS platform and framework for building cloudsCozystack: Free PaaS platform and framework for building clouds
Cozystack: Free PaaS platform and framework for building clouds
Andrei Kvapil
 
Introducing the Civil Infrastructure Platform Project
Introducing the Civil Infrastructure Platform ProjectIntroducing the Civil Infrastructure Platform Project
Introducing the Civil Infrastructure Platform Project
Yoshitake Kobayashi
 
Software update for IoT: the current state of play
Software update for IoT: the current state of playSoftware update for IoT: the current state of play
Software update for IoT: the current state of play
Chris Simmonds
 
Azure Sphere - GAB 2019
Azure Sphere - GAB 2019Azure Sphere - GAB 2019
Azure Sphere - GAB 2019
Mirco Vanini
 
Solving the IoT Challenge
Solving the IoT ChallengeSolving the IoT Challenge
Solving the IoT Challenge
FIDO Alliance
 
LOUCA23 Yusuf Hadiwinata Linux Security BestPractice
LOUCA23 Yusuf Hadiwinata Linux Security BestPracticeLOUCA23 Yusuf Hadiwinata Linux Security BestPractice
LOUCA23 Yusuf Hadiwinata Linux Security BestPractice
Yusuf Hadiwinata Sutandar
 
PSOCLD 1007 Cisco Hybrid Cloud Platform for Google Cloud
PSOCLD 1007 Cisco Hybrid Cloud Platform for Google CloudPSOCLD 1007 Cisco Hybrid Cloud Platform for Google Cloud
PSOCLD 1007 Cisco Hybrid Cloud Platform for Google Cloud
Rohit Agarwalla
 
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night StandCall Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
amitlee9823
 
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get CytotecAbortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Riyadh +966572737505 get cytotec
 

More Related Content

Similar to Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-Gross-Amazon-Web-Services.pptx

Your CODESYS Applications, Protected and Licensed
Your CODESYS Applications, Protected and LicensedYour CODESYS Applications, Protected and Licensed
Your CODESYS Applications, Protected and Licensed
team-WIBU
 
SLTS kernel and base-layer development in the Civil Infrastructure Platform
SLTS kernel and base-layer development in the Civil Infrastructure PlatformSLTS kernel and base-layer development in the Civil Infrastructure Platform
SLTS kernel and base-layer development in the Civil Infrastructure Platform
Yoshitake Kobayashi
 
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Yoshitake Kobayashi
 
Introducing the Civil Infrastructure Platform Project
Introducing the Civil Infrastructure Platform ProjectIntroducing the Civil Infrastructure Platform Project
Introducing the Civil Infrastructure Platform Project
Yoshitake Kobayashi
 

Similar to Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-Gross-Amazon-Web-Services.pptx (20)

Zephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfZephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdf
 
SOSCOE Overview
SOSCOE OverviewSOSCOE Overview
SOSCOE Overview
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
 
Zephyr Introduction - Nordic Webinar - Sept. 24.pdf
Zephyr Introduction - Nordic Webinar - Sept. 24.pdfZephyr Introduction - Nordic Webinar - Sept. 24.pdf
Zephyr Introduction - Nordic Webinar - Sept. 24.pdf
 
Your CODESYS Applications, Protected and Licensed
Your CODESYS Applications, Protected and LicensedYour CODESYS Applications, Protected and Licensed
Your CODESYS Applications, Protected and Licensed
 
SLTS kernel and base-layer development in the Civil Infrastructure Platform
SLTS kernel and base-layer development in the Civil Infrastructure PlatformSLTS kernel and base-layer development in the Civil Infrastructure Platform
SLTS kernel and base-layer development in the Civil Infrastructure Platform
 
Intel_IoT_gateway.pdf
Intel_IoT_gateway.pdfIntel_IoT_gateway.pdf
Intel_IoT_gateway.pdf
 
Workshop 16 october 2015 paris
Workshop 16 october 2015 parisWorkshop 16 october 2015 paris
Workshop 16 october 2015 paris
 
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-V
 
stackconf 2023 | Bringing Order to Chaos: Make Your Systems More Resilient wi...
stackconf 2023 | Bringing Order to Chaos: Make Your Systems More Resilient wi...stackconf 2023 | Bringing Order to Chaos: Make Your Systems More Resilient wi...
stackconf 2023 | Bringing Order to Chaos: Make Your Systems More Resilient wi...
 
MicroEJ, the OS for IoT
MicroEJ, the OS for IoTMicroEJ, the OS for IoT
MicroEJ, the OS for IoT
 
MicroEJ OS for IoT devices
MicroEJ OS for IoT devicesMicroEJ OS for IoT devices
MicroEJ OS for IoT devices
 
Cozystack: Free PaaS platform and framework for building clouds
Cozystack: Free PaaS platform and framework for building cloudsCozystack: Free PaaS platform and framework for building clouds
Cozystack: Free PaaS platform and framework for building clouds
 
Introducing the Civil Infrastructure Platform Project
Introducing the Civil Infrastructure Platform ProjectIntroducing the Civil Infrastructure Platform Project
Introducing the Civil Infrastructure Platform Project
 
Software update for IoT: the current state of play
Software update for IoT: the current state of playSoftware update for IoT: the current state of play
Software update for IoT: the current state of play
 
Azure Sphere - GAB 2019
Azure Sphere - GAB 2019Azure Sphere - GAB 2019
Azure Sphere - GAB 2019
 
Solving the IoT Challenge
Solving the IoT ChallengeSolving the IoT Challenge
Solving the IoT Challenge
 
LOUCA23 Yusuf Hadiwinata Linux Security BestPractice
LOUCA23 Yusuf Hadiwinata Linux Security BestPracticeLOUCA23 Yusuf Hadiwinata Linux Security BestPractice
LOUCA23 Yusuf Hadiwinata Linux Security BestPractice
 
PSOCLD 1007 Cisco Hybrid Cloud Platform for Google Cloud
PSOCLD 1007 Cisco Hybrid Cloud Platform for Google CloudPSOCLD 1007 Cisco Hybrid Cloud Platform for Google Cloud
PSOCLD 1007 Cisco Hybrid Cloud Platform for Google Cloud
 

Recently uploaded

Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night StandCall Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
amitlee9823
 
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get CytotecAbortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Riyadh +966572737505 get cytotec
 
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
amitlee9823
 
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
amitlee9823
 
Abortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get CytotecAbortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Riyadh +966572737505 get cytotec
 
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
amitlee9823
 
Call Girls In Bellandur ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bellandur ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bellandur ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bellandur ☎ 7737669865 🥵 Book Your One night Stand
amitlee9823
 
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
amitlee9823
 
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
amitlee9823
 
CHEAP Call Girls in Rabindra Nagar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Rabindra Nagar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Rabindra Nagar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Rabindra Nagar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Call Girls In Shivaji Nagar ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Shivaji Nagar ☎ 7737669865 🥵 Book Your One night StandCall Girls In Shivaji Nagar ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Shivaji Nagar ☎ 7737669865 🥵 Book Your One night Stand
amitlee9823
 
Just Call Vip call girls roorkee Escorts ☎️9352988975 Two shot with one girl ...
Just Call Vip call girls roorkee Escorts ☎️9352988975 Two shot with one girl ...Just Call Vip call girls roorkee Escorts ☎️9352988975 Two shot with one girl ...
Just Call Vip call girls roorkee Escorts ☎️9352988975 Two shot with one girl ...
gajnagarg
 
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night StandCall Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
amitlee9823
 
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
amitlee9823
 
Predicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science ProjectPredicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science Project
Boston Institute of Analytics
 
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
amitlee9823
 
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
amitlee9823
 

Recently uploaded (20)

Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night StandCall Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
 
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get CytotecAbortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
 
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
 
Abortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get CytotecAbortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get Cytotec
 
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
 
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...
 
Call Girls In Bellandur ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bellandur ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bellandur ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bellandur ☎ 7737669865 🥵 Book Your One night Stand
 
Aspirational Block Program Block Syaldey District - Almora
Aspirational Block Program Block Syaldey District - AlmoraAspirational Block Program Block Syaldey District - Almora
Aspirational Block Program Block Syaldey District - Almora
 
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
 
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
 
CHEAP Call Girls in Rabindra Nagar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Rabindra Nagar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Rabindra Nagar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Rabindra Nagar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Call Girls In Shivaji Nagar ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Shivaji Nagar ☎ 7737669865 🥵 Book Your One night StandCall Girls In Shivaji Nagar ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Shivaji Nagar ☎ 7737669865 🥵 Book Your One night Stand
 
Just Call Vip call girls roorkee Escorts ☎️9352988975 Two shot with one girl ...
Just Call Vip call girls roorkee Escorts ☎️9352988975 Two shot with one girl ...Just Call Vip call girls roorkee Escorts ☎️9352988975 Two shot with one girl ...
Just Call Vip call girls roorkee Escorts ☎️9352988975 Two shot with one girl ...
 
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night StandCall Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
 
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
 
Predicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science ProjectPredicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science Project
 
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
 
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
 
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
 

Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-Gross-Amazon-Web-Services.pptx

  • 1. © 2023, EasyPeasyCloud. All rights reserved. Why SESIP™ Certification for FreeRTOS Matters Daniel Gross Senior Developer Advocate IoT Ecosystem Services
  • 2. © 2023, EasyPeasyCloud. All rights reserved. Why SESIP™ Certification for FreeRTOS Matters Daniel Gross Senior Developer Advocate IoT Ecosystem Services
  • 3. © 2023, EasyPeasyCloud. All rights reserved. Agenda What is FreeRTOS? Why SESIP™ excites the FreeRTOS project Target of Evaluation (TOE) assumptions Considerations for your future SESIP certified product Call to action 3
  • 4. © 2023, EasyPeasyCloud. All rights reserved. What is FreeRTOS? 18+ years trusted, widely distributed (downloaded every 170 seconds) 40+ supported architectures, including Armv8-M (Cortex-M33) and RISC-V Broad partner ecosystem support Permissive MIT open source license Kernel plus modular libraries SESIP Assurance Level 2 https://freertos.org https://github.com/freertos
  • 5. © 2023, EasyPeasyCloud. All rights reserved. Why SESIP™ Certification excites the FreeRTOS project 5
  • 6. © 2023, EasyPeasyCloud. All rights reserved. Certification prior to the SESIP™ model ↓ Certification of all layers occur at the end of development ↓ Certification duration is uncertain due to breadth of potential issues ↓ Certification process resets in whole if any layer is modified ↓ IoT product delivery risk is always high 6 Application FreeRTOS Middleware Drivers / Bootloader Hardware
  • 7. © 2023, EasyPeasyCloud. All rights reserved. Certification using the SESIP™ model ↑ Certification of individual layers occur outside of IoT product developer’s cycle ↑ Certification duration is more certain due to focus on application ↑ Certification process discretely reset if any layer is modified ↑ IoT product delivery risk is greatly reduced 7 Application FreeRTOS Middleware Drivers / Bootloader Hardware
  • 8. © 2023, EasyPeasyCloud. All rights reserved. FreeRTOS test areas and Target of Evaluation (TOE) assumptions 8
  • 9. © 2023, EasyPeasyCloud. All rights reserved. Basic assumptions • Physical attacks not in scope • The TOE must have a Memory Protection Unit (MPU) • Tests do not add any hostile code to the TOE  Development teams need to be trusted and must implement development team rules that constrain FreeRTOS source code modification • Firmware Over-the-Air (FOTA) function uses AWS IoT OTA Update Manager • SESIP™ Project for FreeRTOS on GitHub:  https://github.com/FreeRTOS/Lab-Project-FreeRTOS-SESIP  FreeRTOS 202012.00 LTS kernel + libraries used for certification 9
  • 10. © 2023, EasyPeasyCloud. All rights reserved. Users can verify that they have a secure product only if they can obtain the identifications of the product parts (application and Connected Platform). Security Evaluation Standard for IoT Platforms (SESIP) Public Release v1.1 Section 3.1.1
  • 11. © 2023, EasyPeasyCloud. All rights reserved. Test: Identity verification • Implementers can verify software versions included in their products by the LTS manifest file • Environment condition: the implementer is trusted and would not modify any SESIP™ certified FreeRTOS source code • Identity verification for the connected platform relates to the runtime identification under device operation • The MQTTConnectInfo structure is coded to use unique client ID according to application requirements 11
  • 12. © 2023, EasyPeasyCloud. All rights reserved. Addressing security flaws, functional bugs, or improvements may require an update of the platform in the field. Composite developers and evaluators can be assured that the update mechanism itself will not enable an attack. Security Evaluation Standard for IoT Platforms (SESIP) Public Release v1.1 Section 3.2.3
  • 13. © 2023, EasyPeasyCloud. All rights reserved. Test: system update via Over-the-Air update (OTA) • An Over-the-Air update makes it possible to update device firmware without an expensive recall or technician visit • Quick response to security vulnerabilities and software bugs that are discovered after the devices are deployed in field • FreeRTOS OTA client library enables update notifications, downloads, and cryptographic verification • The OTA library is continuously verified using formal methods. See ‘Using Formal Methods to validate OTA Protocol’ for more:  https://freertos.org/2020/12/using-formal-methods-to-validate-ota-protocol.html 13
  • 14. © 2023, EasyPeasyCloud. All rights reserved. The platform developer can separate the critical assets in different parts of the platform, and thus safeguard them from compromises of other parts of the platform. Security Evaluation Standard for IoT Platforms (SESIP) Public Release v1.1 Section 3.4.4
  • 15. © 2023, EasyPeasyCloud. All rights reserved. Test: software isolation • Software isolation helps protect against attackers modifying memory • Two parts: hardware and software.  Hardware requires a Memory Management Unit (MMU) or a Memory Protection Unit (MPU)  Software: kernel port implements capabilities to work with the MMU and MPU. • For more information on this topic, see Gaurav Aggarwal's blog section relating to ARMv8-M features:  https://freertos.org/2020/04/using-freertos-on-armv8-m- microcontrollers.html#FREERTOS_WITH_MPU 15
  • 16. © 2023, EasyPeasyCloud. All rights reserved. Considerations for your future SESIP™ certified product 16
  • 17. © 2023, EasyPeasyCloud. All rights reserved. Application with no modified layers Everythingisfine,nothingtoseehere,resultsinexpectedbenefits 17
  • 18. © 2023, EasyPeasyCloud. All rights reserved. Application with modified layers “Letmetweakthekerneljustalittlebit” 18
  • 19. © 2023, EasyPeasyCloud. All rights reserved. FreeRTOS long-term support Covers: FreeRTOS kernel Connectivity/other libraries: FreeRTOS+TCP, coreMQTT, coreHTTP, coreJSON Security library: corePKCS11 AWS library: AWS IoT Device Shadow, AWS IoT Jobs, AWS IoT OTA, AWS IoT Device Defender Libraries receive security updates and critical bug fixes but no new features for at least two years Maintained by AWS Free and open source under the MIT license Get predictability and feature stability for two years with FreeRTOS LTS libraries
  • 20. © 2023, EasyPeasyCloud. All rights reserved. FreeRTOS extended maintenance plan Reduce product liability risks Save operating system upgrade costs Improve device security for the long term Reduce the risk of delayed updates by receiving timely notification of upcoming patches Annual subscription plan per FreeRTOS LTS version and use on single/multiple products Continue to renew subscriptions annually for a duration up to 10 years Receive security patches and critical bug fixes on your chosen LTS version for up to 10 years beyond the expiry of the initial LTS period
  • 21. © 2023, EasyPeasyCloud. All rights reserved. Call to action 21
  • 22. © 2023, EasyPeasyCloud. All rights reserved. Call to action • Where is your business on the stack? • What layers do you depend on? Are they certified? • Learn which SESIP specification areas are important to you • Do a gap analysis on your layer • Get certified  • Check out Richard Elberger’s excellent blog on freertos.org:  https://freertos.org/2021/03/why-sesip-certification-for-freertos-matters.html 22
  • 23. Thank you! © 2023, EasyPeasyCloud. All rights reserved. Daniel Gross @dangross

Editor's Notes

  1. OTA is a critical piece of the IoT value proposition and a key part of the end to end security solution. Our solution provide and end to end solution from device to cloud so fleets of IoT devices can be updated together. FreeRTOS Long Term Support libraries give embedded developers at OEMs and MCU vendors the predictability and feature stability, with assurance from AWS of security updates and critical bug fixes for 2 years from release.   Feature Stability: FreeRTOS LTS libraries are easy to integrate with applications designed for resource constrained MCU-based devices. Security updates and critical fixes: AWS provides ongoing security and maintenance updates for LTS libraries, to ensure devices meet quality standards and are secure. LTS comes with security updates and bug fixes to the FreeRTOS kernel, IoT libraries, and AWS libraries for 2 years. Updateable with secure connectivity: FreeRTOS Long Term Support comes with a complete set of libraries, including IoT libraries and AWS specific libraries (for e.g. Device Shadows) with secure connectivity, and over-the-air update (OTA) functionality.
  2. OTA is a critical piece of the IoT value proposition and a key part of the end to end security solution. Our solution provide and end to end solution from device to cloud so fleets of IoT devices can be updated together. FreeRTOS Long Term Support libraries give embedded developers at OEMs and MCU vendors the predictability and feature stability, with assurance from AWS of security updates and critical bug fixes for 2 years from release.   Feature Stability: FreeRTOS LTS libraries are easy to integrate with applications designed for resource constrained MCU-based devices. Security updates and critical fixes: AWS provides ongoing security and maintenance updates for LTS libraries, to ensure devices meet quality standards and are secure. LTS comes with security updates and bug fixes to the FreeRTOS kernel, IoT libraries, and AWS libraries for 2 years. Updateable with secure connectivity: FreeRTOS Long Term Support comes with a complete set of libraries, including IoT libraries and AWS specific libraries (for e.g. Device Shadows) with secure connectivity, and over-the-air update (OTA) functionality.