Embedded High Assurance Computing Using NXP Trust Architecture
Military and aerospace system architects and integrators are faced with new challenges from their customers with respect to increasing requirements for safety- and security-critical applications. As military vehicles, ships and aircraft serve as increasingly sophisticated weapons and intelligence gathering platforms, onboard computer systems are becoming more integral to their operation, with an associated increasing consideration for safety and security requirements.
It is becoming evident that embedded computing solutions used in mil/aero applications will need to provide high assurance computing in order to ensure overall mission safety and high availability systems, and specifically safeguard the integrity, confidentiality, and security of the data within and between systems. With increased interest in foreign military sales across the globe, it is also becoming more and more important for integrators to protect their IP from compromise or alteration. This white paper focuses on the hardware aspects of high assurance computing.
What are the attributes of a High Assurance Computer that can be used in an embedded mil/ aero application? The NSA High Assurance Platform (HAP) program, though it is targeted more at enterprise/IT implementations, defines the key technologies for a high assurance computing platform.
These attributes are equally applicable to embedded computing used in mil/aero applications. Attributes that are arguably most directly applicable to an embedded mission computer are:
- Trusted boot code
- Trusted Platform Module/Mobile Platform Module
- Embedded hardware virtualization security
- Trusted I/O
- Secure virtualization software/hypervisor
- Trusted operating system
- Network encryption