OS and platform security


Stuart Yoder
 

All,

To follow up in writing with my comments on the call today...

In addition to the northbound and southbound interfaces there should be a statement about what assumptions and/or requirements there are with respect to the OS and hardware platform security.

The hardware platform is the system hardware, firmware, bootloaders.  The hardware platform security would include things like hardware root-of-trust, secure boot, secure storage for secrets, and hardware-based attestation mechanisms.  The OS would provide security interfaces based on those mechanisms.

What assumptions, if any, will EdgeX have about the underlying OS and system it is running on?

Potential places where EdgeX may intersect with hardware platform security:
  • How will the EdgeX stack know if it is running on a system with a compromised OS or firmware?
  • Will there be attestation requests from the northbound direction that the EdgeX system must reply to?  How will that be done and what OS and hardware platform security support is needed?
  • Is there data that EdgeX must sign?  If so, where are the keys kept?  Is secure storage needed?
Last week Tony pointed out that there will be systems running EdgeX without a hardware root of trust.  It may be that some kind of differentiation is needed between systems that are fully secure (with a hardware root of trust) and ones that are not.  Perhaps there should be 'secure' and 'non-secure' profiles.

In the end the security of the software stack is only going to be as good as the security of the platform it is running on.

Thanks,
Stuart Yoder
System Architect, ARM

Join EdgeX-TSC-Security@lists.edgexfoundry.org to automatically receive all group messages.