Compute Security Across Industries

From the beginning, the Arm ecosystem has been a pioneer in compute security. Arm actively works with our global ecosystem of partners to analyze and counter security threats through the development and implementation of a complete family of architecture security features. Our architectures enable integrated security across all computing platforms, from IoT connected devices to large screen mobile computing devices and cloud server infrastructure.

Arm recognizes the need for better security and has designed a range of architecture security features for different use cases.

PSA Certified was established by Arm and six other co-founders to address the security needs of the internet-of-things (IoT) sector.

Arm Confidential Compute Architecture (Arm CCA) is part of the Armv9-A architecture and builds on the strong security foundations of TrustZone.

Security Threats and Countermeasures

We have grouped some common security threats and countermeasures into four key areas – defensive execution technologies, isolation technologies, common platform security services and standard security APIs – with links to Arm’s architecture security features on our Developer website.

 

Defensive Execution Technologies
Side-Channel Attacks

Side-Channel Attacks

Gaining access to data and flows exploiting undesirable side-effects of out-of-order execution and speculative execution in modern processors.

Stack-Smashing Attacks

Stack-Smashing Attacks

Stack-smashing attacks, such as jump- and return-oriented programming, are used to target imperfections in software, such as improper bounds-checking.

Memory Safety Violations

Memory Safety Violations

An attacker may attempt to manipulate software to use memory after it’s been freed or to access a memory object in it's boundary.

Isolation Technologies
Isolation Between Secure Worlds

Isolation Between Secure Worlds

Stronger isolation between multiple Secure world trusted applications - TrustZone workloads.

Protecting Code and Data

Protecting Code and Data

Protecting sensitive code and algorithms from rich OS and workloads, all while avoiding the cost of separate security processors.

Protecting Mainstream Compute Workloads

Protecting Mainstream Compute Workloads

Part of Arm's Confidential Compute Architecture, the Realm Management Extension (RME) brings the benefits of TrustZone to all workloads.

Common Platform Security Services
Meeting PSA Certified Standards

Meeting PSA Certified Standards

Specifications and guides that describe security requirements that a product design must implement in order to meet the requirements of PSA Certified.

Communication Across Security Boundaries

Communication Across Security Boundaries

Standardized communication between different software images.

Open and Standard Device Firmware

Open and Standard Device Firmware

Shared, portable and open firmware supporting a pre-rich-OS boot environment with support for secure and measured boot, firmware update and TrustZone.

Confidential Compute Software

Confidential Compute Software

Standard reference implementations of the Confidential Compute stack that can be formally proven – helping to reduce the number of different implementations that relying parties must trust.

Standard Security APIs
Verification of Attestation

Verification of Attestation

Standardizing verification of attestation and providing a uniform provisioning API for vendors to publish information on software updates.

Portable Platform Security APIs

Portable Platform Security APIs

Specification and OSS implementation of secure cryptography, storage and attestation APIs that are portable across a wide range of devices.

Language-Independent Security APIs

Language-Independent Security APIs

Implementation of platform and language independent security APIs.

The Need for Better Security

Security is becoming more complex and harder to understand. As global cybercrime costs are expected to grow by 15 percent per year over the next five years (reaching $10.5 trillion annually by 2025, up from $3 trillion in 2015), Arm recognizes the need for better security and has designed its architecture security features with the following in mind:

  • Arm’s CPU and system architectures are pervasive and underpin the entire technology industry, helping to reduce fragmentation, lower costs and improve security.
  • By incorporating security into the foundational layers of the architecture, Arm has enabled billions of secure experiences.
  • Many of our security specifications are free to download on the Developer website and Arm system security architecture specifications are freely licensed for use, helping to remove all barriers to adoption.
  • Through standardization and providing solutions at every level in the stack, we simplify the deployment and adoption of fundamental security, enabling the ecosystem to focus on innovation and differentiation.
  • Arm has a program of continual investment in security; by tracking the latest releases you can be sure your products will keep pace with the latest defences.

Arm Architecture Security Features 

Arm architecture security features fall into four categories: Defensive execution technologies, isolation technologies, common platform security services and standard security APIs.

 


Defensive Execution Isolation Technologies Common Platform Security Services Standard Security APIs
Arm security features
  • PAN
  • PAC
  • BTI
  • MTE
  • Speculation barriers
  • Arm TrustZone
  • Secure-EL2
  • Arm Confidential Compute Architecture (Realm Management Extension and Arm Confidential Compute Firmware Architecture)
  • Arm’s dynamic TrustZone technology
  • 4 privilege or exception levels (EL3 to EL0)
Specifications:
  • Platform security specification
  • FF-A
  • FF-M
Reference implementations:
  • Trustedfirmware.org (TF-A/TF-M, OP-TEE, Trusted Services, Hafnium, Mbed)
  • Linux Kernel
  • Android
  • Attestation – Project Veraison
  • PSA Functional APIs
  • PARSEC
What are these used for? Creating a robust processing environment that is resistant to increasingly sophisticated attacks. eg: Buffer overflows, ROP, JOP, Spectre, etc. A spectrum of technologies to allow engineers to choose the optimal mechanism to implement a security boundary around their critical algorithms or entire workload to enhance a systems robustness and data protection. Platform transparency, reduce fragmentation, simplify adoption of security technologies. Software portability, so any software can run on any platform and use the best security services that each platform supports.
Purpose of architecture security features
  • Reduce the risk that vulnerabilities in imperfect software can be exploited.
  • Run-time protection for existing code – recompile rather than re-write.
  • Mitigation against “side-channel” attacks across security boundaries
  • Prevent an attacker taking control of the software control flow.
  • Strong hardware enforcement of security boundaries
  • Protection of critical system security services
  • Reduced exposure to hypervisor / kernel vulnerabilities and bugs
  • Democratisation of secure compute – extending secure compute beyond silicon manufacturers and OEMs to third-party developers
  • Support for workloads running within TrustZone that have variable and demanding memory requirements
  • Arm Confidential Compute Architecture extends robust secure isolation to third party apps and general-purpose workloads.
  • Reference implementations of trustworthy pre-regular-OS firmware
  • Standardised interfaces across trust boundaries
  • A strong per device root of trust
  • Secure, reliable boot and updates
  • Support for local and remote attestation
  • Platform security services improve system development by providing the frameworks for working within and across isolated boundaries and privilege levels
  • APIs for crypto, storage and attestation – Our goal is that developers writing the firmware application should be able to rely on these APIs on any PSA-compliant platform, regardless of the underlying implementations.
  • Standard plugin APIs for cryptographic hardware
  • Standard transport for root of trust services for A- and M-class systems
  • Bindings for system and application programming environments
  • PSA Functional API certification assesses the implementation to ensure interoperability and compliance
  • Easily adapted to match the available security technologies

Benefits of Arm Architecture Security Features

Ease of Deployment and Adoption

To simplify the development of secure products deployed at scale, Arm works with PSA Certified and publishes architecture standards that span industries. The regular release of new Arm security technologies means devices can support the highest levels of security as standard. About 42% of technology decision makers* cite a lack of understanding or expertise as the biggest IoT security challenge, according to the PSA Certified Security Report 2021.

Collaborative Development Across the Arm Ecosystem

Arm’s architecture security features are created in collaboration with our partners, ensuring specifications are developed with the best security expertise in the industry.

Economic Gain Through Integrated Security

Security is the greatest challenge to reaching computing’s full potential. Strong integrated security built into the CPU architecture and platform, ensures devices can trust one another and their data. This becomes even more critical as we shift to using AI and autonomous platforms.

Reduced Cost of Security Implementation

About 52% of technology decision makers* consider the additional cost of security to be a top barrier to improving IoT security, according to the PSA Certified Security Report 2021. Arm’s freely available specifications and industry collaboration reduces the level of investment required by OEMs and partners to build secure products.

*The core of this report’s findings originate from a November 2020 survey, conducted among 628 technology decision makers across Europe, USA and APAC by Sapio Research.

PSA Certified for Security Standards

PSA Certified was established by Arm and six other co-founders to address the security needs of the internet-of-things (IoT) sector. The IoT market has expanded quickly but lacks security standardization, meaning many IoT devices were vulnerable to attack. The PSA Certified scheme provides a framework and methodology for built-in security, enabling silicon manufacturers, system software providers ,and OEMs to develop right-sized security for different devices.

 

PSA Certified provides a path to certification, enabling vendors to prove they have met all PSA Certified security requirements. Many of the architectural features and frameworks described in the table above can be used to meet the requirements of PSA Certified and build more secure devices. To make it easy to meet PSA Certified requirements on Arm, we provide resources to help developers at every stage of their journey.

Confidential Compute: A New Model of Trust

Computing has become a distributed utility where computing sessions can be run on any platform that meets the required security policy. In this environment, the ability to trust this computing utility infrastructure is a crucial element in ensuring that people are confident about the security and privacy of their information. This computing infrastructure is a very attractive target for cybercriminals, intent on stealing our data and code.

 

The volume and range of sensitive data held on devices is also increasing. New techniques are required to protect this data, and the integrity of applications that process data, from vulnerabilities in privileged software, such as operating system kernels.

 

For these reasons, we see a growing interest in Confidential Computing, by which we mean the protection of data in use by performing computation within a hardware-backed secure environment. This shields code and data from observation and modification by privileged software and hardware agents. Today, the traditional model of computing places a huge amount of trust in the operating systems and hypervisors that the applications run on. Confidential Computing removes the assumption that the privileged software, responsible for running the computing infrastructure, needs to be able to see or manipulate the data of those running sessions in use.

 

Later this year, we plan to release the Arm Confidential Compute Architecture (Arm CCA) as part of the Armv9-A architecture, which builds on the strong security foundations of TrustZone.

Arm Confidential Compute Architecture

The Arm Confidential Compute Architecture (Arm CCA) introduces the concept of dynamically created “realms.” Realms provide additional execution environments to ordinary programs for the secure processing of confidential data. Realms are isolated from the existing Normal and Secure worlds that we have today in TrustZone. The security policy of a realm is configured using a small amount of trusted and attestable software. This software is inherently separated from the Normal-world operating system and hypervisor, and any Secure-world hypervisor and trusted OS.

 

The Arm Confidential Compute Architecture will be available with the Armv9-A CPU architecture and includes the Realm Management Extension (RME) and a number of supporting software specifications and reference implementations.

 

For technical updates to Arm Confidential Compute Architecture, sign up to our mailing list.