PSA: Next steps toward a common industry framework for secure IoT

News highlights:

  • First set of PSA Threat Models and Security Analyses (TMSA) documentation to be released at Embedded World 2018 for popular IoT devices
  • First open source reference code, Trusted Firmware-M, to be available end of March

February 22, 2018 - There is no denying that security is the most critical issue facing the IoT industry. However, today there is a confusing array of security claims from a myriad of suppliers, making it hard to know how to implement security successfully. In October 2017, Arm  announced the vision of Platform Security Architecture (PSA) - a common framework to allow everyone in the IoT ecosystem to move forward with stronger, scalable security and greater confidence.

PSA aims to provide a holistic set of security guidelines for IoT security to enable everyone in the value chain, from chip manufacturers to device developers, to implement security successfully. When we launched PSA, we provided an overview of what it would aim to deliver to the industry, and we’ve been working hard to progress with that vision.

Threat Models: Establishing the “right” level of security

There are three key stages to the Platform Security Architecture: Analysis, Architecture and Implementation. Today’s announcement supports the first stage of the PSA journey, with the release of the first set of Threat Models and Security Analyses (TMSA) documentation. PSA advises that security implementation should always start with analysis, which considers the assets that need protecting and the threats that are considered in scope. Developers and manufacturers should start their security journey by creating their own TMSA or using existing relevant examples.

By  publishing new TMSA examples for some of the most popular IoT devices (a smart water meter, a web camera and an asset tracking device), Arm is delivering a starting point and robust guidelines for those looking to define the security requirements of their IoT product.

We would like the industry to build on these examples and carry out similar security analyses for their next commercial IoT products.

Trusted Firmware-M: Making security more accessible

Arm wants to make security simpler and more cost effective, by making high quality reference code and documents accessible – as security becomes more complex, all developers need access to these resources. To this end, we are releasing the first open source reference implementation firmware that conforms to the PSA specification, Trusted Firmware-M, which is on target for delivery at the end of March 2018.

Arm will continue to have a team of software developers contributing to this project, delivering a Secure Processing Environment (SPE) suitable for connected microcontrollers. Over time we will add new security functions that are easy for non-expert security developers to use, enabling high quality, secure devices. Arm has a successful track record with open source security software, including solutions such as Arm Trusted Firmware for Cortex-A application processors and Mbed TLS (a popular industry solution connecting IoT devices to cloud based services).

What’s next for PSA?

A battle is raging to keep systems secure, as we race to realize the immense value data can bring, as recently outlined in the  Arm Security Manifesto. Our eyes remain firmly on the prize, securing the next trillion connected devices. The journey for PSA doesn’t end with the release of the TMSA documentation and Trusted Firmware-M, in fact there is much more to come.

#1 - Trusted Base System Architecture-M (TBSA-M)

To help deliver this scalability, Arm is working hard to deliver the first PSA architectural document, the Trusted Base System Architecture-M (TBSA-M). This document, currently in active review with key partners, provides guidance on hardware security features for silicon designers. It will incorporate multiple templates for commonly used implementations and will propose a checklist of security features.

#2 - PSA Compliance & Certification Program

We’re working to define how we build a developer ecosystem around PSA. We want PSA compliant systems to come with a small set of easy-to-use, high-level security APIs that software developers and OEMs can depend on. We’re helping partners to establish the quality and robustness of their implementations, and prove these features to their respective value chains. We’re working to define a Compliance & Certification Program –which will a big step towards making security easier for developers and OEMs. We will be releasing new details on this in the future.

For more information on PSA, please go our  resources.

Visit us at Embedded World and Mobile World Congress 2018

Arm security experts will be available at Embedded World and Mobile World Congress. Visit us at:
Embedded World, Nuremberg: Stand 4 – 10 in Hall 4
Mobile World Congress, Barcelona: Hall 6, stand 6E30

About Arm

Arm technology is at the heart of a computing and connectivity revolution that is transforming the way people live and businesses operate. Our advanced, energy-efficient processor designs are enabling the intelligence in more than 100 billion silicon chips and securely powering products from the sensor to the smartphone to the supercomputer. With more than 1,000 technology partners, including the world's largest consumer brands, we are driving Arm innovation into all areas compute is happening inside the chip, the network and the cloud.

All information is provided "as is" and without warranty or representation. This document may be shared freely, attributed and unmodified. Arm is a registered trademark of Arm Limited (or its subsidiaries). All brands or product names are the property of their respective holders. © 1995-2018 Arm Group.



Contact:

Alex Harrod
PR Manager, US and EMEA, Arm
+44 7795 363057

Email Contact

Featured Video
Latest Blog Posts
Sanjay GangalGISCafe Guest
by Sanjay Gangal
GISCafe Industry Predictions for 2025 – NV5
Jobs
Business Development Manager for Berntsen International, Inc. at Madison, Wisconsin
Upcoming Events
Consumer Electronics Show 2025 - CES 2025 at Las Vegas Convention Center Las Vegas NV - Jan 7 - 10, 2025
GeoBuiz Summit 2025 at Hyatt Regency Aurora-Denver Conference Center. Denver CO - Jan 13 - 15, 2025
Coastal GeoTools 2025 Conference at 301 North Water Street - Jan 27 - 30, 2025



© 2024 Internet Business Systems, Inc.
670 Aberdeen Way, Milpitas, CA 95035
+1 (408) 882-6554 — Contact Us, or visit our other sites:
AECCafe - Architectural Design and Engineering EDACafe - Electronic Design Automation TechJobsCafe - Technical Jobs and Resumes  MCADCafe - Mechanical Design and Engineering ShareCG - Share Computer Graphic (CG) Animation, 3D Art and 3D Models
  Privacy PolicyAdvertise