Feature Story

prpl Foundation Forms Security Working Group for Multi-Domain Virtualization-Based Security

There is no doubt that the soft underbelly of the Internet of Things (IoT) is security.

The use cases for evil are unfortunately easy to conjure. A popular one is bad guys using the expanded attack plane of sensors in sensitive surroundings to bring down the electric grid. And, while this is not meant to create nightmares, more than one technology guru has expressed concern to me about somebody who bears them ill will programming their no longer manually operated car into a bridge abutment. Let's face it, the trustworthiness of the entire IoT ecosystem will literally make or break it.

Based on the recognition of why security is crucial to the rollout of IoT, the prpl Foundation (pronounced purple like the color), an open-source non-profit foundation focused on enabling next-generation datacenter-to-device portable software and virtualized architectures, has announced the formal organization of its Security PEG (prpl Engineering Group). As prpl noted in publically introducing its Security PEG, it was created by a subset of prpl members, "dedicated to defining an open security framework for deploying secured and authenticated virtualized services in the IoT and related emerging markets. "

The founding members of the Security PEG are impressive. It includes: Broadcom, CUPP Computing, Elliptic Technologies, Ikanos, Imagination Technologies, Imperas Software, Ingenic, Kernkonzept, Lantiq (recently acquired by Intel, subject to customary regulatory approvals), Qualcomm Atheros, Inc., a subsidiary of Qualcomm Incorporated, Seltech, and others.

The group's mission is significant and involves lots of moving parts. As outlined its goal is to define a security roadmap to get from today's software-virtualized solutions to full hardware-supported virtualization, enabling multi-domain security across processors (CPUs, GPUs, NPUs), heterogeneous SoCs and systems built on these technologies including connected devices, routers and hubs. In addition, the Security PEG will define necessary open APIs (application programming interfaces) for various levels of the security stack. They certainly have their work cut out.

"There is keen interest from companies in a variety of vertical segments in the concept of using hardware-assisted virtualization to provide multiple independent secure domains that are isolated from one another for security, reliability, and ease-of development and deployment purposes," said Art Swift, president of the prpl Foundation.

Swift said there are "several use cases" that could see immediate benefit from multi-domain virtualization-based security, including:

Isolating the broadcast stack from the Android UI and over-the-top streamed content in home gateways and set top boxes
Provisioning secure services for home IoT, to enable ease of development and deployment of cloud- and end-point implementations
Hardware-assisted isolation of multiple secure data types (health, payments, multimedia content, profiles) in rich operating systems such as Linux and Android in smartphones, tablets, wearables, automobiles, set-top boxes, and IPTV
Combining infotainment and instrument cluster functionality on a single chip for connected cars
Any system involving highly integrated system-on-chip (SoC) designs that require advanced virtualization technologies

The formation of the prpl Security PEG closely follows the formation of the prplWrt PEG, which is committed to a close collaboration between users, hardware manufacturers, semiconductor companies, and the broader OpenWrt ecosystem to create technology enhancements that support a robust, flexible open source platform suitable for mission critical, highly reliable products using a wide variety of hardware platforms.

The revelation of the Security PEG as could be expected was greeted by those who will be participating with significant enthusiasm with comments from executives from Broadcom, Elliptic Technologies, Imagination Technologies, Imperas Software and others. Dan Artusi, CEO, Lantiq, nicely summed up the group's support and commitment to the effort saying: "Lantiq is strongly committed to developing and delivering technologies that provide high value to carriers around the world. The development of an open and secure virtualization framework for the Internet of Things will mark a significant step forward in the rush to deploy this exciting new technology. We believe hardware based security and virtualization along with true quality of service are key in delivering best in class and ultra-fast broadband solutions…"

As with so many other areas at the moment, the embrace of open source to work on all of the challenges of moving to a software-centric world is putting the wisdom of the crowd to work on extremely complicated challenges. Indeed, a way to think about this is it is elastic computing on a human level obviously as enabled by technology.

The concentration on security for the software and data in the IoT world as to how it can be optimally protected where it resides, when it is on the move, where and how it is manipulated, accessed and stored, is admirable to say the least. How well such a framework can lead to solutions that keep the good guys ahead of the bad guys is always the imponderable.

That said, joining organizations such as the prpl Foundation is like the current March Madness bracket craziness now engulfing offices and homes across the U.S., you do have to be in it to win it, and prpl Foundation is tackling an area which the industry desperately need to get right.

Return to: 2015 Feature Stories