An introduction to the prpl foundation

1. Introduction to prpl Art Swift, president prpl Foundation Embedded Linux Conference Europe (ELCE) 2014 10/15/2014

2. Mission ‘prpl’ is an open-source, community-driven, collaborative, non-profit foundation targeting and supporting the MIPS architecture – and open to all – with a focus on enabling next-generation datacenter-to-device portable software and virtualized architectures Introduction October 14, 2014 to prpl – ELCE 2014 2

3. Our founding members Introduction October 14, 2014 to prpl – ELCE 2014 3

4. prpl core strategies Introduction October 14, 2014 to prpl – ELCE 2014 4

5. Why open-source? • Enabling the IoT and Big Data revolution needs collaborative minds • Fragmentation will slow down innovation • More eyeballs = more secure • Community benefits – Large ROI benefit – up to 4x gain – Time-to-Market & lower TCO – Stronger ecosystem – Faster innovation through focus on core competency Introduction October 14, 2014 to prpl – ELCE 2014 5

6. Our initial PEGs (prpl Engineering Groups) Introduction October 14, 2014 to prpl – ELCE 2014 6

7. What’s coming next? Tools and Tool Chains Secure Hypervisors Prpl Stamp Hardware Certification Program Fully tested, open source supported, development HW from prpl partners for different markets CI20 – a great example from Imagination! Introduction October 14, 2014 to prpl – ELCE 2014 7

8. prpl engineering work ▪ Virtualization Ecosystem ▪ Hypervisors (eg KVM, Fiasco.oc) ▪ OS ▪ Data Center – Redhat, Ubuntu, Debian, CentOS ▪ Networking –Montavista, OpenWrt ▪ Embedded/IoT & Mobile - Android, Chromium, Tizen, WebOS, RTOSs, Yocto ▪ Kernel (device tree, power mgmt, multi-threading) ▪ Portability ▪ JITs (V8, openJDK, etc) ▪ Emulation (QEMU) ▪ Tools (SDK, IDE) ▪ Platform ▪ UEFI and boot loaders ▪ Optimization ▪ Intrinsics (eg SIMD) and libraries (eg memcpy) – ■ Multimedia - video, audio, speech ■ Networking ■ Security ■ Networking (multi-core friendly and aynchronous) ■ e.g. BGP, OVS, snort, routing protocols, DPI Introduction October 14, 2014 to prpl – ELCE 2014 8

9. Introduction October 14, 2014 to prpl – ELCE 2014 9

10. Portability, Virtualization, and Compute Context: What is the vision for prpl and what is driving our decisions? Introduction October 14, 2014 to prpl – ELCE 2014 10

11. The diverse and insecure IOT world! Which will generate and transmit Mountains of Data! Introduction October 14, 2014 to prpl – ELCE 2014 11

12. Diversity and Big Data: The Internet of Cow 1.5B cows 200MB/yr/cow = 300,000 GB (0.3 petabytes) per year Introduction October 14, 2014 to prpl – ELCE 2014 12

13. Diversity and Big Data: Turbines 12,000 turbines 500GB/day each = 6 million GB (6 petabytes) per day Introduction October 14, 2014 to prpl – ELCE 2014 13

14. Little Data  Big Data  Huge Data • Each successive node in the IoT chain adds – Data and Storage requirements – Processing Requirements – Multi-tenant Requirements (i.e. security) Bytes Megabytes Terabytes Petabytes Exabytes ZETTABYTES (1000^7) Introduction October 14, 2014 to prpl – ELCE 2014 14

15. Key Enablers for IoT • Processing power • Networking infrastructure and connectivity • Low cost, secure devices • Storage • Loads and loads of secure, portable software • A way to make money Introduction October 14, 2014 to prpl – ELCE 2014 15

16. IoT Market Challenges • Scale – Billions of devices (identity & authentication management, in-field updates, dynamic interactions, big data, real time data mgmt.) • Multiple technologies and standards – Creation of technology silos – Established / emerging / competing – Standardization is a key enabler • Solutions are highly fragmented – Need for common/flexible platforms – Applications environments with multiple PKIs or Roots of Trust • Low power requirements – Operate for 2 years on a coin battery • Cost limitation • Long life cycles Security Introduction October 14, 2014 to prpl – ELCE 2014 16

19. More connected homes, more problems • “Smart refrigerators and TVs hacked to send out spam …” – NBC news • If hackers can exploit a weakness in a single type of Internet-connected home appliance or system—such as an Internet-connected door lock—they may be able to harm thousands of people at once. Introduction October 14, 2014 to prpl – ELCE 2014 19

20. Target Breach: an anatomy $200M cost, CEO ousted 1 HVAC systems Compromised credentials from HVAC vendor monitor temp. changes for seeing how long customers stay 2 Malware programs installed on HVAC systems 3 Unified backend systems at store (and most retailers) 4 PoS system breached 5 Millions of credit card numbers start flowing out 6 Breach detected! Manual intervention was needed 7 Introduction October 14, 2014 to prpl – ELCE 2014 20

21. IoT Security Chain (device-to-datacenter) Sensors Nodes Aggregation Points Routers /Gateways STBs Cloud HW Root of Trust + Secure Boot => Secure Over The Air/Wired Field Updates Secure sensor data for sensitive applications (e.g. medical, industrial, enterprise) Enable in field device personalization (add/remove features) Future proof designs with flexible programmable architecture Private Data Disposal Secure Server + Secure Network => Secure Services Secure Remote Monitoring Protect Intellectual Property against SW cloning (e.g. proprietary algorithms) Intellectual Property Tampering Detection Intrusion Detection and Secure Remote Monitoring Introduction October 14, 2014 to prpl – ELCE 2014 21

22. Platform security – one approach Through hardware virtualization support and secure hypervisors • Secure boot process starts out in ROM • After bootloader, the root of trust (hypervisor) is verified and loaded • Iteratively verifies next stage of boot until HLOS (optionally inclusive) • Secure partition(s) able to access full memory map. Non-secure can access only its partition. Non-Secure App Non-Secure App Non-Secure App Non-secure HLOS (e.g. Android) Secure App 1 Secure App 2 Secure OS 1 Secure App 3 Secure & Protected Hypervisor Virtualized N-core MIPS i6400 CPU Virtualized I/O and Memory thru entire SoC Complex Secure OS 2 Introduction October 14, 2014 to prpl – ELCE 2014 22

23. Exploring Virtualization Multiple Secure Domains More Reliable & Predictable Secure Hypervisor CPU 1 CPU 2 CPU 3 CPU 4 CPU 1 Secure Monitor CPU 2 CPU 3 CPU 4 Secure Hypervisor CPU 1 CPU 2 CPU 3 CPU 4 CPU 2 CPU 3 CPU 4 More Powerful & Efficient Safer! CPU 1 • Global Platform considering certifiable containers Secure Monitor • Secure services can only affect their container, not the overall system CPU 1 Secure Hypervisor CPU 2 CPU 3 CPU 4 CPU 1 Secure Monitor CPU 2 CPU 3 CPU 4 Introduction October 14, 2014 to prpl – ELCE 2014 23

24. Summary: what will prpl do? • Focus on the software “glue” necessary to carry secure structured and unstructured data from the device to the datacenter • Example: – Secure hypervisors for multiple tenants – Portable software, such as JITs – SaaS, PaaS, IaaS OTA secure – Programming models to enable big data processing (eg hadoop) over heterogeneous processors Embedded nodes OpenWrt hub Networking backbone Datacenter Introduction October 14, 2014 to prpl – ELCE 2014 24

25. How to Get Involved in prpl Mailing list lists.prplfoundation.org Wiki wiki.prplfoundation.org Forums forum.prplfoundation.org Code github.com/prplfoundation Introduction October 14, 2014 to prpl – ELCE 2014 25

26. Resources • http://prplfoundation.org • http://www.cisco.com/web/about/ac79/docs/in nov/IoE_Economy.pdf • http://theinstitute.ieee.org/benefits/standards/s etting-the-stage-for-the-internet-of-things • FTC Workshop on IoT and Security (Nov ‘13) • art (at) prplfoundation (dot) org Introduction October 14, 2014 to prpl – ELCE 2014 26

27. Thanks! Art Swift, president

An introduction to the prpl foundation

You are reading a preview.

Check these out next

An introduction to the prpl foundation

More Related Content

Slideshows for you (20)

Similar to An introduction to the prpl foundation (20)

Recently uploaded (20)