6. Pendulum Swings in Defense Electronics over
Time
Commercial
Military Driven
Proliferation of
Aviation and Auto
Markets Proliferate
IP Protection Market
Performance Concerns
Standards (Anti-Tamper
Dual Use Required)
Components
Custom Proliferate Commercial
Components Full MIL-STD Cryptography
Requirements Proliferates
‘Perry Memo’
COTS and
Open Source Trust
Rise in Intelligence
Concerns
And Cryptography
Defense Open (US Sources
Sources and Required) Defense
Architectures Funding
War-Time Priorities
Mobilization Availability
Concerns
(US Sources
Required)
No Distinct
Military Market
Tech Boom Marginalizes
Military Requirements Commercial Driven
Market
7. Agenda
• CPU Tech Market
• Company Overview
• Product Overview
• Customer Development Cycle
• Flexera Software Licensing to Support Development
8. What We Do: Develop Secure and Compatible
Technology
Understanding
how to build
secure systems
CPU Tech’s Proven Approach
CPU Tech
Founded 1989
Understanding
how to design
secure systems
and eliminate
Understanding System vulnerabilities
Vulnerabilities
1980 1985 1990 1995 2000 2005 2010
9. Who We Are: Products and Services Clients and Partners
• Founded in 1989 with a vision of making compatible System-on-a-
Chip (SoC) technology economically practical
• CPU Tech produces the Acalis® family of
Secure Processors that protect software and
systems from reverse engineering
• CPU Tech offers secure processing implementation services to
assist customers in achieving security goals and certifications
• Veteran Owned, Small Business, Headquartered in Pleasanton, CA
– Rep Firms across America
10. Agenda
• CPU Tech Market
• Company Overview
• Product Overview
• Customer Development Cycle
• Flexera Software Licensing to Support Development
11. Acalis® CPU872 Secure Processor
• Multi-Core Device with Integrated
Security Processor & Offload
Engines
• IBM Trusted Foundry
• Extensive, Multi-Layered Security to
Protect Against Reverse Engineering
• Two Complete PowerPC® Nodes
• Scalable without Additional Devices
• Power Efficient Processing
12. Acalis® Development Environment
H Acalis® CPU872 H Acalis® EB872
Secure Processor Evaluation
Board
S Security Processor API T Acalis®
Software
Development Kit
T Acalis
S Embedded RTOS/OS SentryTM H Hardware: Devices & Boards
S Software: Embedded User Software
T Development Tools: Software Developer & Security Engineer Tools
13. Acalis Sentry™ Advantages
• Graphical User Interface: Offers menu-driven, easy-to-use security
configuration
• Secure Data Transfer: Mocana SSL data security and authentication
• Security Engineer Role: Clearly separates security role from software
developer role
• Access Rules: Provides clear implementation of settings on chip firewalls
between processors, IO, and on-chip/off-chip memory
• Trusted Source Environment: Adds hardware trust to your design environment
in critical areas of encryption key and boot code management
15. The Role of a Security Engineer
• Current Role/Responsibilities
Acalis Sentry™ Management Console – Deeply embedded in software design
– Line-by-line verification
– Constant revision of design practices
With Acalis SentryTM Security Server…
• New Role/Responsibilities
– Security separated from software design
– Menu-defined security decisions
– Clearly defined constraints for software
designers
– Simplifies „what-if‟ scenarios when changing
security requirements
16. Agenda
• CPU Tech Market
• Company Overview
• Product Overview
• Customer Development Cycle
• Flexera Software Licensing to Support Development
18. Phases of Defense Customer Development
Design
System
Requirements System Design and Integration Manufacturing/Support
Test
Prototype
• This Life-Cycle can be 5-10 Years for Defense Programs
• The Full Function of Acalis Sentry not Required in All Phases
• There are sometimes security concerns in design
– Not everyone in integration, test, or manufacturing need to understand sensitive design
details
– Some security settings are „locked down‟ for the remainder of the program
– Some programs „compartmentalized‟, where engineers and users have different accesses
19. Supply Chain Security
• The fact that „Supply Chain‟ pieces are now global is a concern to some
defense officials
• White House Issued „Comprehensive National Cyber Security Initiative‟
(CNCI) and Declassified in 2010
• Part of the CNCI is Supply Chain Security:
– “Risks stemming from both the domestic and globalized supply chain must be managed in a
strategic and comprehensive way over the entire lifecycle of products, systems and services. “
– CNCI Initiative #11
Acalis Sentry is a customer offering by CPU Tech to help secure the
supply chain in the development process through
role and feature based licensing
20. Agenda
• CPU Tech Market
• Company Overview
• Product Overview
• Customer Development Cycle
• Flexera Software Licensing to Support Development
21. Overview of Flexera Software Capabilities
• CPU Tech currently utilizing several Flexera Software products
• For the Acalis Sentry, using:
– FlexNet Embedded
– FlexNet Operations
• This enables us to license several different „subscription
licenses‟ to Acalis Sentry all from the same secure hardware
22. CPU Tech’s Business Challenges
• Both desktop and embedded software provide different levels of
functionality, operations, and security
• Need to offer feature-based and role-based licensing and
pricing models to our customers
• Need to provide embedded-node-locked and floating licensing
capability
• Need to offer both off-line (for machines operating in a classified
area) and web-based activation options to our customers
• Need to be able to automate the activation process
23. CPU Tech’s Evaluation Criteria in Selecting
FlexNet Producer Suite
• Appropriate and adequate cryptographic encryption for license
key protection and storage
• Small memory footprint
• Supported our processor architecture
• Supported embedded OS‟s (OS independent, and easy to port)
• Supported programming language
• Performance and reliability
• Easy to manage and track the license entitlement
• License activation automation
• Integration with other management systems, such as
SalesForce
• Total Cost of Ownership
24. Example Use Case of FlexNet Technology Embedded in
Acalis Sentry
Admin Developer Security
How License
Acalis® EB872
Engineer Works
Evaluation Board
License Resides
in Bootable
Embedded
Software
Determines
Accesses and
Privileges Based
Active on Edition
License
License pre-
installed or
updated by user
Manufacturing
Acalis SentryTM
25. Future Capabilities Enabled by FlexNet Embedded
Admin Developer Security Engineer
Acalis® EB872
Options:
Evaluation Board
Off-line activation
locked to device
Floating license
on a license
server
Provisioning
server to
Provisioning or automate the
Generated License
license update
Web-based
license activation
Acalis SentryTM Acalis SentryTM Manufacturing
26. Role and Mode Rules for Acalis Sentry
Roles Needed in Acalis Sentry: Design Phases for Acalis Sentry:
• Administrator: Sets passwords, • Development: This encompasses all
administrative options, license software development, requires
activities multiple changes and security settings
• Developer: Provides mission • Test/Integration: This phase requires
embedded software, final embedded some controlled code and security
images setting changes
• Security Engineer: Sets security • Manufacturing: This phase requires
settings in secure processor no code changes, but controls sensitive
• Manufacturer: Final distributor of image distribution
encrypted bootable image • Support: This phase typically involves
only documentation, audit, reports
27. Matching Roles/Modes to Customer Design Model
Design
System
Requirements System Design and Integration Manufacturing/Support
Test
Prototype
Full Sentry
Assembly Creation
Results in
Manufacturing
Four
Static
‘Subscription Assembly
Licenses’ Full Sentry Creation Manufacturing Static
• Admin, Developer, • Admin, Developer, • Admin, • Admin, Security
Security Engineer, Security Engineer Manufacturing Engineer
Manufacturing
• New images result • Unchanging • Security audit only –
• Full spectrum of
from debug image(s) being keeps production
design space changes installed floor intact, no other
needed functions
33. Cost Advantages of Flexera Software Licensing
Model in Sentry
• Reduces Manufacturing Cost (Single Version of Hardware)
• Adds a Valuable Security Layer in User Activation
• Operational Savings in Ease up Upgrade/Downgrade
• Flexibility allows CPU Tech to Tailor Subscription Licenses to
Customer
• Protects CPU Tech and Customer Intellectual Property
• Gets us Faster to Market, as we are only limited by hardware
schedule
34. Example Cost Model to Customer
Cost model allows customers to customize their licensing
package and increase design security
Design and System
Requirements System Design Integration Manufacturing/Support
Prototype Test
Full Sentry
Assembly Creation
Manufacturing
Example: Static
– Two Yrs Fully Sentry (2 x $A)
– Two Yrs Assembly Creation (2 x $B)
– Three Yrs Manufacturing (3 x $C)
– Five Yrs Static (5 x $D)
Total Cost: $XYZ
35. Summary
• Flexible Licensing helps customer with life-cycle security
• Allows for cost and revenue model that matches customer
process
• Much of what were security „rules‟ to be enforced through audit
are now enforced by fiat
• Customers can play by our licensing rules within their secure
facilities
• Provides flexibility, cost reduction, and ease of
upgrade/downgrade
• Offers protection for intellectual property and revenue