EEMBC and Prpl partner on IoT security by separation
April 6, 2017
Two industry trade bodies are partnering to advance the use of security-by-separation in IoT edge devices. The Prpl Foundation and the EEMBC aim to develop a hypervisor benchmark with the goal of shattering the perception that the use of hardware virtualisation in low-power embedded devices comes with big performance and energy overheads.
Prpl is a community driven, non-profit organisation with a focus on enabling the security and interoperability of embedded devices for the IoT and smart society of the future. The EEMBC is an industry alliance that develops benchmarks to help system designers select the optimal processors and understand the performance and energy characteristics of their systems.
The partnership will see the EEMBC’s president Markus Levy alongside Art Swift, president of the Prpl Foundation, co-chair the joint HyperBench Working Group. The aim of the group will be to assess the performance of new lightweight embedded hypervisors paired with systems on chip (SoCs) with hardware support for virtualisation.
Hardware virtualisation technology coupled with hypervisors can provide improved security through isolation or separation of users, tenants and applications running on a given device. This approach is well understood and widely used in data centres, but not traditionally in deeply embedded, resource-constrained systems such as those in the IoT – primarily due to perceptions of performance limitations or associated overhead. The EEMBC and Prpl hope to demonstrate that any such limitations are mitigated through new developments and techniques.
The way software or firmware gets assembled today, the maker of the device often has little control over all the components as a whole. By using hypervisors at the hardware level to create security through separation, supply chain security issues could be greatly reduced while preserving the core functionality of the device, even if a security issue arises with another component of the system or it is compromised by malware such as Mirai.
“The EEMBC sees value in HyperBench in two ways,” said Levy. “The first way follows our traditional model of creating benchmarks to help system developers select the most optimal processing for their applications; in this case, HyperBench will allow processor vendors to fairly demonstrate their performance advantages. In the second way, HyperBench will help out the industry in general by demonstrating that with advanced hardware assist for virtualisation, the performance impact of hypervisors will be minimal.”
Prpl and EEMBC members have expertise in virtualisation and hypervisor technologies. Prpl has based its peer-reviewed security framework in large part on this approach, and many of its members are well-versed in deployment of the technology.
The EEMBC and its members have previously spent considerable time and energy on assessing how the performance overhead of virtualisation technologies can be tested or benchmarked. Together the joint working group will create an architecture and operating system neutral benchmark tool to support vendors of processors, hypervisors and operating systems, as well as their customers – the IoT system designers.
“Security of IoT is not a problem that any one company or entity can solve on its own,” said Swift. “It will take cooperation at all levels to work towards best practices and developing universal standards. At Prpl we are delighted to collaborate with the EEMBC to show how a separation-based approach rooted in hardware can create a more secure IoT without significant performance penalties.”
Initial members from Prpl of the benchmarking working group include Kernkonzept and Imagination Technologies.