There is no denying that security is the most critical issue facing the IoT industry. However, today there is a confusing array of security claims from a myriad of suppliers, making it hard to know how to implement security successfully. In October 2017, Arm announced the vision of Platform Security Architecture (PSA) – a common framework to allow everyone in the IoT ecosystem to move forward with stronger, scalable security and greater confidence.
PSA aims to provide a holistic set of security guidelines for IoT security to enable everyone in the value chain, from chip manufacturers to device developers, to implement security successfully. When we launched PSA, we provided an overview of what it would aim to deliver to the industry, and we’ve been working hard to progress with that vision.
Threat Models: Establishing the “right” level of security
There are three key stages to the Platform Security Architecture: Analysis, Architecture and Implementation. Today’s announcement supports the first stage of the PSA journey, with the release of the first set of Threat Models and Security Analyses (TMSA) documentation. PSA advises that security implementation should always start with analysis, which considers the assets that need protecting and the threats that are considered in scope. Developers and manufacturers should start their security journey by creating their own TMSA or using existing relevant examples.
By publishing new TMSA examples for some of the most popular IoT devices (a smart water meter, a web camera and an asset tracking device), Arm is delivering a starting point and robust guidelines for those looking to define the security requirements of their IoT product. We would like the industry to build on these examples and carry out similar security analyses for their next commercial IoT products.
Arm wants to make security simpler and more cost effective, by making high quality reference code and documents accessible – as security becomes more complex, all developers need access to these resources. To this end, we are releasing the first open source reference implementation firmware that conforms to the PSA specification, Trusted Firmware-M, which is on target for delivery at the end of March 2018.
A battle is raging to keep systems secure, as we race to realize the immense value data can bring, as recently outlined in the Arm Security Manifesto. Our eyes remain firmly on the prize, securing the next trillion connected devices. The journey for PSA doesn’t end with the release of the TMSA documentation and Trusted Firmware-M, in fact, there is much more to come.
Rhys Chi, PR Manager Arm, ,+886 2 8752 1752 , email@example.com
Lorraine Tsao, PR & Marketing Director Arm, ,+886 2 8752 1705 , firstname.lastname@example.org
|Image Caption : Platform Security Architecture (PSA)||Click for Real Image|