White Paper Series: Trusted Computing for Aerospace and Defense
August 06, 2020Download PDF
Looking for the latest on Trusted Computing for aerospace and defense? Our white paper series, Trusted Computing: The COTS Perspective, examines the technologies and trends protecting today’s critical systems from cybersecurity and physical threats.
Introduction to COTS-based Trusted Computing
This white paper looks at the use of open standards based, commercial off-the-shelf (COTS) technologies to address Trusted Computing requirements in deployable embedded systems for aerospace and defense applications.
Establishing trust in the initial boot process is a critical and foundational step for ensuring an embedded module or system will perform exactly as intended, uncompromised. This white paper explores security mechanism on Intel and NXP processors, such as Intel TXT, Intel Boot Guard, and NXP Trust Architecture, as well as the additional efforts required to ensure a truly trusted boot process.
Hardware Features for Maintaining Security During Operation
After secure boot is implemented, there are a variety of hardware features built into the most popular processor architectures to ensure the continued security of a trusted system during operation. This white paper provides a breakdown of hardware features, such as NXP Trust Architecture, Intel SGX, and Arm TrustZone. Understanding these features, what they protect against, and how to effectively use them is an important step in designing embedded systems to operate securely, even in the face of attacks. Read this paper to learn more.
Considering the Role of Hardware in Securing OS and Hypervisor Operation
Today, most processing hardware included security capabilities that the operating system (OS) or hypervisor must take advantage of in order to be effective. For example, for processor-based trusted boot resources, like Intel SGX or Arm TrustZone, the OS creates and manages security domain access for processes and resources. For a truly trusted solution, the OS and hypervisor must be designed to take advantage of the appropriate security features built into the hardware. Read this paper to learn more about evaluating OS and hypervisor security capabilities to ensure they can leverage hardware features to their fullest.
Application Development, Testing, and Analysis for Optimal Security
Budgets, mission requirements, and time limitations can make it nearly impossible to update application software if vulnerabilities are discovered once it’s in the field. It’s far less costly and time consuming to find, fix, and test software problems prior to deployment. Read this white paper to learn about application development, testing, and analysis for optimal security.
Developing a Secure COTS-Based Trusted Computing System
When it comes to Trusted Computing, system-level protection is not simply the sum of its parts.
Systems designers must understand how each system element integrates with the rest, what interfaces are available to those elements, and how each element communicates with the other parts of the system. Only then can a system be effectively protected from insecure ports of entry that make it vulnerable to malicious attack. Read this white paper to learn about implementing the right architecture for security requirements and securing data in transit.
The Impact of Protecting I/O Interfaces on System Performance
System development often involves several different engineering groups, and the team dealing with security isn’t necessarily the one responsible for performance requirements. The group concerned with security will identify which parts of your system need protection to meet the program’s security plan, while an entirely different team can dictate performance needs involving processor speed, compute power, memory, and I/O bandwidth – all of which affect system hardware.
Understanding the performance trade-offs of implementing security mechanisms is key to keeping all teams in sync and finding a balance to meet your overall program requirements. Learn more about the impact of security on system performance in this white paper.
Decomposing System Security Requirements
A system’s security requirements are determined based on a variety of factors, including (but not limited to) the program and application for which it’s being developed, national regulations, and, sometimes, IP protection procedures. But, once a system’s essential security level is defined, what’s next? How are top-level security requirements then translated into system- and subsystem-level Trusted Computing capabilities? How is a comprehensive security plan developed, implemented, and verified to meet requirements? This white paper discusses the process of decomposing high-level requirements for system security in order to develop an entire system security protection plan.
Establishing a Trusted Supply Chain
There’s more to evaluate than just Trusted Computing capabilities to ensure you’re selecting trusted, secure solutions. Trust must be embedded throughout all stages of the supply chain in order to provide customers, distributors, and suppliers high-quality products in which they can be fully confident. This white paper examines the best practices commercial off-the-shelf (COTS) hardware vendors must employ for establishing a trusted supply chain, including those regarding managing obsolescence, counterfeit parts mitigation, secure manufacturing, and design integrity.
Certification Authorities for Trusted Computing in Military and Avionics Products
With safety and security regulations constantly evolving, it’s important to recognize the standards and certification authorities relevant to your program. Our two new white papers explore the worldwide agencies that perform security accreditation for equipment such as network switches, storage devices, and ruggedized computers used in military applications. Read about their processes and when to get them involved to ensure your embedded systems make the grade.
Optimizing Cybersecurity on Today’s Connected Military and Commercial Aircraft
Cybersecurity has become a significant area of focus for airborne platforms, whether defense or commercial. With multiple cyber threats targeting hardware, software, and sensitive data, implementing the right security strategy has never been more important. In today’s connected environment, it is key to maintain a secure link between ground stations and airborne platforms. In this white paper, we explore the increased opportunities for malicious threats to compromise aircraft connectivity, as well as the countermeasures developed to enhance avionics systems’ cybersecurity and data protection to prevent and mitigate these attacks.
Trends in Network Cybersecurity
Embedded systems need to constantly evolve to handle increasingly sophisticated threats and a growing attack surface, since network security relies on establishing protections against all devices that are connected or might potentially have access to the network. In this white paper, we talk about the challenges in providing network security on embedded systems and how to overcome them, from leveraging modern standards to choosing the right expertise and technology to safeguard your system.