The digitalization of products and services means that the value of data has steadily increased over time – for legitimate uses and for hackers. The proliferation of connected devices and the Internet of Things (IoT) have only intensified the issue, creating more and larger attack surfaces for hackers to exploit. Subsequently, the interest in exploiting devices has grown, with the technology ecosystem working hard to outpace cyber criminals.
For over three decades, Arm has been at the forefront of security advances, and our dedication to evolving security best practices and technologies remains unwavering. We believe that everyone in our ecosystem has a shared responsibility to make deploying data security into designs a priority.
As the industry gathers at important events like Mobile World Congress last week, Embedded World next week and the Game Developer Conference later this month, data security is always an important topic of conversation. We’re also seeing various partners, such as ST Microelectronics, announcing their latest Arm-based security products in line with these industry events. Against that backdrop, I wanted to review just how far the Arm ecosystem has evolved on security.
Arm is focused on delivering a robust approach to security with our partners. We’re well aware that we can’t do this alone, so we’re engaging with our ecosystem on architecture, IP, standards, certification programs, and open-source software. These innovations and collaborations enable data security to be implemented across many products and devices.
Arm’s holistic approach to security: Starting with the foundations
Arm’s architectures have fundamental features that enable devices to be built securely from the ground up. Our architectures enable integrated security across all computing platforms, across three architecture profiles: A-profile, R-profile and M-profile. To have a holistic view of security architecture and necessary counter-measures, we split Arm architecture security features into four categories: Defensive Execution Technologies, Isolation Technologies, Platform Security Services and Standard Security APIs.
The latest Armv9 architecture offers enhancements to help build the trusted devices of tomorrow. For example, in regard to Isolation Technologies, there have been major enhancements, including Realm Management Extensions (RME). RME is an isolation architecture that allows hypervisors to create and manage an execution environment for workloads, in a region that is separate from both the secure and non-secure worlds. We also introduced Arm Confidential Compute Architecture (CCA), which builds on RME to offer an reference firmware and software security architecture to support the security requirements for confidential computing. We’re already working with a number of partners on the first silicon implementations of RME.
Armv9 also includes defensive execution technologies like Memory Tagging Extension (MTE). This allows developers to detect and avoid memory safety vulnerabilities before and after they deploy their applications on Arm-based mobile devices. MTE is already being adopted by Google across the Android stack. And device manufacturer Honor has made its MTE-enabled MagicOS 6.x and MagicOS 7 devices available to developers through Honor SkyNet, with Kuaishou, a leading video-sharing platform with around 630 million monthly average users, incorporating MTE into its development cycles.
Many of the features we deploy in A-profile have equivalents in the M-profile architecture. For example, Arm TrustZone technology which has been around for over two decades offering an efficient, system-wide approach to security with hardware-enforced isolation built into the CPU. It was originally launched into A-profile and is now used in our Armv8-M family of processors. Another example is Pointer Authentication (PAC) and Branch Target Instructions (BTI). These defensive execution technologies are designed to mitigate Return-Oriented Programming (ROP) and Jump-Oriented Programming (JOP) attacks.
These are just a few examples of Arm’s investment into architecture features, part of our track record of delivering security features throughout the A,M and R profiles. We also continuously maintain and update security features, with annual updates to the Arm architecture. These features get deployed into our products and solutions roadmap, including Arm’s Total Solutions for IoT and Total Compute Solutions.
Also important is work in the Platform Security Services and Standard Security APIs categories. Arm’s open-source software team, in collaboration with hundreds of ecosystem partners including TrustedFirmware.org, deliver projects and specifications, including TF-A, TF-M, Firmware Framework and PARSEC, providing developers with fast, easy access to security software and services. Most recently, the new PSA Certified firmware update API was released, which is a key piece of the puzzle to tackle the long-standing challenge of keeping IoT devices up-to-date and secure throughout their life cycle.
Dedicated security IP works alongside these robust foundations to bolster security further. It was recently announced that Rambus, a leading provider of secure silicon IP solutions for over three decades, will offer licenses for the Arm CryptoCell and CryptoIsland security IP portfolio. This collaboration brings two security experts together to improve accessibility to products that have already been widely adopted by the ecosystem, with CryptoCell alone having over 100 licenses worldwide that enable cryptographic services for devices in multiple markets.
From practice to research
To make significant progress on security, we have to collaborate as an ecosystem to ensure scalability between markets and use cases. It’s not just something that Arm believes; the PSA Certified 2022 Security Report found that 96 percent of respondents want security guidelines from industry. This nature of collaboration means that Arm is at the forefront of continued security research and collaborative programs with industry and governments.
Take for example, PSA Certified, the global security certification scheme for IoT devices, which Arm spearheaded in partnership with leading security testing labs in 2019. It provides a security framework for manufacturers to create secure, trustworthy IoT devices that comply with industry security best practices. Manufacturers can work with a PSA Certified independent evaluation lab to assess the security of devices at three different levels of assurance. The certification program helps to build trust in IoT devices and provides a common standard for the industry to follow, which helps to reduce the fragmentation and complexity of the IoT security landscape.
While this is just one example of our work in this space, it’s a powerful one: with nearly 150 Arm-based products from almost 80 companies PSA Certified to date.
Another more recent example of an Arm-led security collaboration is the Arm Morello program. Morello is a joint effort between Arm, the U.K. Industrial Strategy Challenge Fund Digital Security by Design, and several leading UK universities, including the University of Cambridge, the University of Edinburgh, and the University of Manchester. Rather than looking at security best practice, this program is focused on developing a new type of processor architecture – Morello – which is designed to provide enhanced security features at the hardware level.
Morello extends the Arm architecture with unique features that can help mitigate memory safety vulnerabilities, such as buffer overflows, which are a common target for cyber-attacks. The program is part of a broader effort to create a more secure computing infrastructure, which is becoming increasingly important in the face of growing cyber threats.
Over a year has passed since the Morello program celebrated the first availability of prototype system-on-chips (SoCs) in January 2022. Over 500 Morello boards have now been distributed to our ecosystem of security specialists, software companies, tools developers and leading academic institutions who are testing, writing code and collaboratively providing critical feedback to identify whether Morello is a viable security architecture for the future.
Trusted computing built on Arm
Securing the world’s data will be a significant challenge in the next decade, and it requires continued, robust collaboration within the industry. Arm is investing heavily in new architectural features needed to create more secure solutions and in standards and research initiatives to drive progress in the industry.
Cyber criminals are formidable adversaries, but the scale and dedication of the industry and its brightest, most visionary security minds makes the hackers’ jobs increasingly difficult.
Security built on Arm
Arm and our trusted ecosystem enable secure experiences wherever computing happens.