Koff koff koff sniffle snort. Wheeze. Achoo! —yours truly I am writing to you today from the comfort of my living room sofa, deciding not to spread my germs to the rest of my colleagues, but I worry about the damage I might have already done before I knew that I was getting sick. That’s the most contagious time for getting a cold, you know; it’s before the symptoms start to manifest. This is one of the reasons why colds are so insidious. (Despite my cold, I smell a metaphor brewing…) One of the things I did before my cold got the better of me, though, was to attend a day at the Arm TechCon Conference and Expo at the Santa Clara Convention Center, where the theme of the day was security. Simon Segars, the CEO of Arm, was the keynote speaker of the morning. On every chair was a shiny brochure (and YOU get a brochure, and YOU get a brochure… you all get a brochure!) entitled, “Security Manifesto”. Aside from the weird cultish associations of using the word “manifesto”, this statement went into detail about how Arm will be approaching the challenges of security moving forward. It was a good piece of interesting reading. The Insecurity of Things, the Other IoT Simon Segars’ keynote followed the content of the manifesto pretty closely. After the first part of his presentation telling us how amazing the future will be, especially regarding machine learning and other forms of AI, he went into detail about the problems of a fully-connected world—including fish tanks becoming hacked (true story, it happened in Vegas, but it sure didn’t stay there). Every time an organization is hacked, trust is eroded. In a world where, if there is a problem with, say, your car, the company issues a recall to fix the problem. But if there’s a problem with your smartphone? You’re on your own, buddy. (I think we need a Ralph Nader of cyber-security.) But this might be changing. How amazing is it that Equifax is getting sued over their security breach, not the company that did the breaching? Who needs to take responsibility for the problem? This is where Arm’s Manifesto comes in. Arm is saying that the buck stops here. Arm's Technology Vision The first essay in Arm’s Security Manifesto was written by Milosch Meriac, Arm’s Principal Security Research Lead. And here is where my cold comes into play. When you get a cold, your body has the most amazing way of automatically targeting the source of the infection, and fighting it—from raising your body temperature so it’s less hospitable to foreign invaders (also known as a fever), to flooding the infection site with white blood cells, the immunoresponse soldiers who do the fighting. Without effective immune systems, and just like security breaches like viruses, the infection can “quickly spiral out of control and affect not only the target but can quickly spread to others nearby.” So a cold can initially infect your nasal mucosal membranes, but then can spread to your sinuses, your throat, your chest… pretty soon you’re wrapped up in blankets, drinking hot tea and wondering if you can actually perish from misery. Same with security breaches. At the highest level, such a system starts with detection at the edge nodes, with sensors looking for unusual behavior. Loopholes are identified by using big data analysis—possibly even using machine learning—which then is used to block known and malicious viruses and traffic patterns. The internal health measures would also perform the following functions: Trigger network immune responses Act on the user’s behalf, such as triggering a software or hardware update Disambiguate security warnings by human operators Enforce policies If the infection becomes too severe, you may have to go to the doctor; in a severe network security breach, eventually, security-as-a-service providers will be able to swoop in and fix the problem. Now here is where Cadence comes in. Sharknado (a.k.a. Danger in the Cloud) So where do this analyses and actions actually happen ? Well, where does the immune system live? These services can be in the cloud and can be used to perform all the tasks required. But there are definite drawbacks; the most obvious is the latency in response. In cyber-attacks, immediate responses are critical, and you don’t have the time to wait for the words “buffering…”. Privacy is also at risk. In the human case, your body’s immune system is local. Herd immunity exists, true (when everyone is inoculated for measles if one person doesn’t get the vaccine, they still won’t get the disease because no one else will get it); but we know from the measles outbreaks of late that herd immunity is not reliable. So to ensure that your device is secure, it must be made secure at the local level. It must: “…guarantee isolation and security across multiple applications and virtual machines running on the same device and in the network. It must protect against users or local attackers tampering with the device to either exfiltrate data/intellectual property or improperly changing device behavior by injecting untrusted code.” —from the Manifesto In other words, embedded processing has to be a thing. It may exist on the edge of the cloud (devices that And Cadence specializes in embedded processing, with all of its IP offerings , from analog to interface IP, from Tensilica customizable processors to verification IP . What Does Arm Have to do, Have to do with It? Stay tuned for my next blog post. —Meera![]()
↧