prpl Foundation Forms Security Working Group for Multi-domain Virtualization-based Security

By Peter Bernstein March 23, 2015

There is no doubt that the soft underbelly of the Internet of Things (IoT) is security. 

The use cases for evil are unfortunately easy to conjure.  A popular one is bad guys using the expanded attack plane of sensors in sensitive surroundings to bring down the electric grid. And, while this is not meant to create nightmares, more than one technology guru has expressed concern to me about somebody who bears them ill will programming their no longer manually operated car into a bridge abutment.  Let’s face it, the trustworthiness of the entire IoT ecosystem will literally make or break it. 

Based on the recognition of why security is crucial to the rollout of IoT,  the prpl Foundation (pronounced purple like the color), an open-source non-profit foundation focused on enabling next-generation datacenter-to-device portable software and virtualized architectures, has announced the formal organization of its Security PEG (prpl Engineering Group).  As prpl noted in publically introducing its Security PEG, it was created by a subset of prpl members, “dedicated to defining an open security framework for deploying secured and authenticated virtualized services in the IoT and related emerging markets. “

The founding members of the Security PEG are impressive.  It includes:  Broadcom, CUPP Computing, Elliptic Technologies, Ikanos, Imagination Technologies, Imperas Software, Ingenic, Kernkonzept, Lantiq (recently acquired by Intel, subject to customary regulatory approvals), Qualcomm Atheros, Inc., a subsidiary of Qualcomm Incorporated, Seltech, and others.

The group’s mission is significant and involves lots of moving parts.  As outlined its goal is to define a security roadmap to get from today’s software-virtualized solutions to full hardware-supported virtualization, enabling multi-domain security across processors (CPUs, GPUs, NPUs), heterogeneous SoCs and systems built on these technologies including connected devices, routers and hubs. In addition, the Security PEG will define necessary open APIs (application programming interfaces) for various levels of the security stack. They certainly have their work cut out.

“There is keen interest from companies in a variety of vertical segments in the concept of using hardware-assisted virtualization to provide multiple independent secure domains that are isolated from one another for security, reliability, and ease-of development and deployment purposes,” said Art Swift, president of the prpl Foundation.

Swift said there are “several use cases” that could see immediate benefit from multi-domain virtualization-based security, including:

  • Isolating the broadcast stack from the Android UI and over-the-top streamed content in home gateways and set top boxes
  • Provisioning secure services for home IoT, to enable ease of development and deployment of cloud- and end-point implementations
  • Hardware-assisted isolation of multiple secure data types (health, payments, multimedia content, profiles) in rich operating systems such as Linux and Android in smartphones, tablets, wearables, automobiles, set-top boxes, and IPTV
  • Combining infotainment and instrument cluster functionality on a single chip for connected cars
  • Any system involving highly integrated system-on-chip (SoC) designs that require advanced virtualization technologies

The formation of the prpl Security PEG closely follows the formation of the prplWrt PEG, which is committed to a close collaboration between

Image via Shutterstock

users, hardware manufacturers, semiconductor companies, and the broader OpenWrt ecosystem to create technology enhancements that support a robust, flexible open source platform suitable for mission critical, highly reliable products using a wide variety of hardware platforms.

The revelation of the Security PEG as could be expected was greeted by those who will be participating with significant enthusiasm with comments from executives from Broadcom, Elliptic Technologies, Imagination Technologies, Imperas Software and others.   Dan Artusi, CEO, Lantiq, nicely summed up the group’s support and commitment to the effort saying: “Lantiq is strongly committed to developing and delivering technologies that provide high value to carriers around the world. The development of an open and secure virtualization framework for the Internet of Things will mark a significant step forward in the rush to deploy this exciting new technology. We believe hardware based security and virtualization along with true quality of service are key in delivering best in class and ultra-fast broadband solutions…”

As with so many other areas at the moment, the embrace of open source to work on all of the challenges of moving to a software-centric world is putting the wisdom of the crowd to work on extremely complicated challenges.  Indeed, a way to think about this is it is elastic computing on a human level obviously as enabled by technology. 

The concentration on security for the software and data in the IoT world as to how it can be optimally protected where it resides, when it is on the move, where and how it is manipulated, accessed and stored, is admirable to say the least.  How well such a framework can lead to solutions that keep the good guys ahead of the bad guys is always the imponderable. 

That said, joining organizations such as the prpl Foundation is like the current March Madness bracket craziness now engulfing offices and homes across the U.S., you do have to be in it to win it, and prpl Foundation is tackling an area which the industry desperately need to get right. 

Related Articles

Pai Makes His Case for Title II Repeal

By: Paula Bernier    11/21/2017

FCC Chairman Ajit Pai today made clear his plans to repeal Title II net neutrality rules. The commission is expected to pass his proposal at its Dec. …

Read More

Mist Applies AI to Improve Wi-Fi

By: Paula Bernier    11/9/2017

Mist has created an AI-driven wireless platform that puts the user and his or mobile device at the heart of the wireless network. Combining machine le…

Read More

International Tech Innovation Growing, Says Consumer Technology Association

By: Doug Mohney    11/8/2017

The Consumer Technology Association (CTA) is best known for the world's largest trade event, but the organization's reach is growing far beyond the CE…

Read More

Broadcom Makes Unsolicited $130B Bid for Qualcomm

By: Paula Bernier    11/6/2017

In what could result in the biggest tech deal in history, semiconductor company Broadcom has made an offer to buy Qualcomm for a whopping $130 billion…

Read More

How Google's 'Moonshot' Could Benefit Industrial Markets

By: Kayla Matthews    10/30/2017

The term "moonshot" encapsulates the spirit of technological achievement: an accomplishment so ambitious, so improbable, that it's equivalent to sendi…

Read More