Compute Security Across Industries
From the beginning, the Arm ecosystem has been a pioneer in compute security. Arm actively works with our global ecosystem of partners to analyze and counter security threats through the development and implementation of a complete family of architecture security features. Our architectures enable integrated security across all computing platforms, from IoT connected devices to large screen mobile computing devices and cloud server infrastructure.
Arm’s CPU and system architectures are pervasive and underpin the entire technology industry, helping to reduce fragmentation, lower costs and improve security. By incorporating security into the foundational layers of the architecture, we have enabled billions of secure experiences.
As part of the latest Armv9-A architecture release, we have announced the Arm Confidential Compute Architecture (Arm CCA) – an isolation technology that builds on the strong security foundations of TrustZone.
Benefits of Arm Architecture Security Features
To simplify the development of secure products deployed at scale, Arm works with PSA Certified and publishes architecture standards that span industries. The regular release of new Arm security technologies means devices can support the highest levels of security as standard. About 42% of technology decision makers* cite a lack of understanding or expertise as the biggest IoT security challenge, according to the PSA Certified Security Report 2021.
Arm’s architecture security features are created in collaboration with our partners, ensuring specifications are developed with the best security expertise in the industry.
Security is the greatest challenge to reaching computing’s full potential. Strong integrated security built into the CPU architecture and platform, ensures devices can trust one another and their data. This becomes even more critical as we shift to using AI and autonomous platforms.
About 52% of technology decision makers* consider the additional cost of security to be a top barrier to improving IoT security, according to the PSA Certified Security Report 2021. Arm’s freely available specifications and industry collaboration reduces the level of investment required by OEMs and partners to build secure products.
Security Threats and Countermeasures
Arm architecture security features fall into four categories: Defensive execution, isolation technologies, common platform security services and standard security APIs. Arm’s architecture security features work to counter a range of cybersecurity threats.
We have grouped relevant Arm security features and countermeasures alongside some common security threats and requirements.
Defensive Execution Technologies
Gaining access to data and flows exploiting undesirable side-effects of out-of-order execution and speculative execution in modern processors.
Stack-smashing attacks, such as jump- and return-oriented programming, are used to target imperfections in software, such as improper bounds-checking.
Memory Safety Violations
An attacker may attempt to manipulate software to use memory after it’s been freed or to access a memory object in it's boundary.
Protecting Code and Data
Protecting sensitive code and algorithms from the rich OS and Normal world workloads, all while avoiding the cost of separate security processors.
Isolation Between Secure Worlds
Stronger isolation between multiple Secure world trusted applications - TrustZone workloads.
Memory Intensive Workloads
Arm dynamic TrustZone technology enables TrustZone to be used for large, dynamic workloads such as secure media pipelines or machine learning.
Protecting Mainstream Compute Workloads
The Realm Management Extension (RME), part of the Arm Confidential Compute Architecture, brings strong isolation, confidentiality and trust to all workloads.
Meeting PSA Certified Standards
Specifications and guides that describe security requirements that a product design must implement in order to meet the requirements of PSA Certified.
Communication Across Security Boundaries
Standardized communication between different software images.
Open and Standard Device Firmware
Shared, portable and open firmware supporting a pre-rich-OS boot environment with support for secure and measured boot, firmware update and TrustZone.
Confidential Compute Software
Standard reference implementations of the Confidential Compute stack that can be formally proven – helping to reduce the number of different implementations that relying parties must trust.
Verification of Attestation
Standardizing verification of attestation and providing a uniform provisioning API for vendors to publish information on software updates.
Portable Platform Security APIs
Specification and OSS implementation of secure cryptography, storage and attestation APIs that are portable across a wide range of devices.
Language-Independent Security APIs
Implementation of platform and language independent security APIs.
PSA Certified for Security Standards
PSA Certified was established by Arm and six other co-founders to address the security needs of the internet-of-things (IoT) sector. The IoT market has expanded quickly but lacks security standardization, meaning many IoT devices were vulnerable to attack. The PSA Certified scheme provides a framework and methodology for built-in security, enabling silicon manufacturers, system software providers ,and OEMs to develop right-sized security for different devices.
PSA Certified provides a path to certification, enabling vendors to prove they have met all PSA Certified security requirements. Many of the architectural features and frameworks described in the table above can be used to meet the requirements of PSA Certified and build more secure devices. To make it easy to meet PSA Certified requirements on Arm, we provide resources to help developers at every stage of their journey.