Creating a Trusted Platform for Embedded Security-critical Applications

October 08, 2020

Creating a Trusted Platform for Embedded Security-critical Applications

Published in Military Embedded Systems
By Richard Jaenicke of Green Hills Software and Steve Edwards of Curtiss-Wright


Security-critical applications, such as cross-domain solutions (CDS), require a secure, trusted platform on which to execute, spanning software, firmware, and hardware. The lowest layer that the application interacts with directly is a trusted operating system (OS). Trust in the OS is dependent on two factors: its robustness from a security perspective, and assurance that the OS was both loaded and configured correctly and never tampered with. OS trust also depends partly on trusted pre-OS functionality, such as secure boot firmware that executes before the OS.

The security robustness of computer hardware and software platforms is often specified by evaluation to the “Common Criteria for Information Technology Security Evaluation” (ISO/IEC 15408). Typically, Common Criteria targets of evaluation (TOE) are evaluated against a government-defined protection profile that includes both functional and assurance requirements. Evaluations can be done to different levels of depth and rigor, called Evaluation Assurance Levels (EAL), with EAL1 being the least rigorous and EAL7 being the most rigorous. Alternatively, a certain level of trust can be achieved through safety certifications. Although safety certifications provide a level of assurance for integrity and availability, they generally do not directly address confidentiality or other trust mechanisms.


Examples of trusted hardware and software solutions

Curtiss-Wright’s CHAMP-XD1S 3U VPX digital signal processing (DSP) module features an Intel Xeon D processor, a Xilinx Zynq UltraScale+ MPSoC FPGA, and a flash-based Microsemi SmartFusion2 FPGA to provide a secure processor board designed for high-performance embedded computing (HPEC). The module’s FPGA and software security features with TrustedCOTS Enhanced Trusted Boot capabilities, including an FPGA-based Root of Security to protect against malicious cyberattacks, probing, and reverse-engineering. The CHAMP-XD1S uses a TPM 2.0 security chip to support Intel TXT secure boot technology. The board also uses a PUF in the Zynq UltraScale+ MPSoC to generate the encryption key used to authenticate the boot code. That authentication can be used as the RoT to extend trust to other portions of the system. The SmartFusion 2 FPGA provides health and management functions and can integrate additional security functions.

Read the full article.

Steve Edwards

Steve Edwards

Director and Technical Fellow

Steve has over 25 years of experience in the embedded system industry. He leads Curtiss-Wright Defense Solutions’ efforts in addressing physical and cyber security on their COTS products and represents the company in defense related security conferences. Steve has worked collaboratively in several standard bodies, including a time chairing the VITA 65 OpenVPX, and as lead for the Sensor Open Systems Architecture (SOSA) Security Subcommittee. Steve lead the design of Curtiss-Wright’s first rugged multiprocessor and FPGA products and was involved in the architecture, management, and evangelization of the industry’s first VPX products. He has a Bachelor of Science in Electrical Engineering from Rutgers University.

Trusted Computing for Defense & Aerospace

Curtiss-Wright goes well beyond standard approaches to Trusted Computing to provide truly secure solutions for air, ground, and sea platforms. We keep cybersecurity and physical protection in mind, from design and testing to supply chain and manufacturing. This comprehensive, end-to-end approach creates an effective mesh of protection layers that integrate to ensure reliability of Curtiss-Wright products in the face of attempted compromise.