Conclusion: Embedded Security by Separation
Security is critical to the successful and safe deployment of connected devices in the smart home and city, industrial environments, automotive applications, wearables and many other areas. Security fundamentals require that we use a trusted operating environment enabled via a Root of Trust that is impervious to attack – leveraging a root of trust engraved in hardware, which is the basis for establishing a chain of trust for all subsystems.
Security by separation enabled by hardware virtualization provides an additional layer of trust by ensuring that applications and guest OSes are kept separate from each other. Separating the Guests running in VMs from the real hardware and isolating VMs from each other provides a strong foundation for security through enforced isolation, with the hypervisor as the high-privilege base for security services; provisioning security services per VM. This implementation can keep user and application data separate from each other to secure against external hacking, keep certified software away from user edits, and isolate communications interfaces and user application software for better internal security / data privacy.
Such an implementation must go beyond a binary approach (one secure zone/one non-secure zone). The minimum implementation in a connected device would ensure separate, isolated environments for the critical device assets, communication interfaces and the software stack running them, storage and other resources in the system.
Imagination’s OmniShield multi-domain separation-based architecture can scale far beyond a binary world, enabling each secure or non-secure application to exist in its own isolated environment where it operates independently. Implemented in many MIPS CPUs including the MIPS M5100 and M5150 IP cores, OmniShield provides a foundation for trust that is a growing concern in connected devices – including tomorrow’s microcontrollers.
Majid Bemanian is a director of marketing for Imagination, responsible for driving the company’s strategic security initiatives and leading its market strategy for the networking and storage segments. He also co-chairs the prpl Foundation’s security working group, focused on developing open standards and APIs around next-generation embedded security solutions. Prior to joining Imagination in 2013, Mr. Bemanian was director of marketing for the processor business unit at AppliedMicro. He has more than 30 years of industry experience with hands-on engineering, marketing and business management skills. Bemanian has held management positions with Amdahl Communications, Ascom-Timeplex, Encore Video, Raytheon Semi, LSI Logic, AppliedMicro and many early-stage startups. He holds several patents and a B.S. degree in Electrical Engineering from the University of Nevada, Reno.
Related links and articles: