prpl Foundation Forms Security Working Group for Multi-domain Virtualization-based Security


There is no doubt that the soft underbelly of the Internet of Things (IoT) is security. 

The use cases for evil are unfortunately easy to conjure.  A popular one is bad guys using the expanded attack plane of sensors in sensitive surroundings to bring down the electric grid. And, while this is not meant to create nightmares, more than one technology guru has expressed concern to me about somebody who bears them ill will programming their no longer manually operated car into a bridge abutment.  Let’s face it, the trustworthiness of the entire IoT ecosystem will literally make or break it. 

Based on the recognition of why security is crucial to the rollout of IoT,  the prpl Foundation (pronounced purple like the color), an open-source non-profit foundation focused on enabling next-generation datacenter-to-device portable software and virtualized architectures, has announced the formal organization of its Security PEG (prpl Engineering Group).  As prpl noted in publically introducing its Security PEG, it was created by a subset of prpl members, “dedicated to defining an open security framework for deploying secured and authenticated virtualized services in the IoT and related emerging markets. “

The founding members of the Security PEG are impressive.  It includes:  Broadcom, CUPP Computing, Elliptic Technologies, Ikanos, Imagination Technologies, Imperas Software, Ingenic, Kernkonzept, Lantiq (recently acquired by Intel, subject to customary regulatory approvals), Qualcomm Atheros, Inc., a subsidiary of Qualcomm Incorporated, Seltech, and others.

The group’s mission is significant and involves lots of moving parts.  As outlined its goal is to define a security roadmap to get from today’s software-virtualized solutions to full hardware-supported virtualization, enabling multi-domain security across processors (CPUs, GPUs, NPUs), heterogeneous SoCs and systems built on these technologies including connected devices, routers and hubs. In addition, the Security PEG will define necessary open APIs (application programming interfaces) for various levels of the security stack. They certainly have their work cut out.

“There is keen interest from companies in a variety of vertical segments in the concept of using hardware-assisted virtualization to provide multiple independent secure domains that are isolated from one another for security, reliability, and ease-of development and deployment purposes,” said Art Swift, president of the prpl Foundation.

Swift said there are “several use cases” that could see immediate benefit from multi-domain virtualization-based security, including:

  • Isolating the broadcast stack from the Android UI and over-the-top streamed content in home gateways and set top boxes
  • Provisioning secure services for home IoT, to enable ease of development and deployment of cloud- and end-point implementations
  • Hardware-assisted isolation of multiple secure data types (health, payments, multimedia content, profiles) in rich operating systems such as Linux and Android in smartphones, tablets, wearables, automobiles, set-top boxes, and IPTV
  • Combining infotainment and instrument cluster functionality on a single chip for connected cars
  • Any system involving highly integrated system-on-chip (SoC) designs that require advanced virtualization technologies

The formation of the prpl Security PEG closely follows the formation of the prplWrt PEG, which is committed to a close collaboration between

Image via Shutterstock

users, hardware manufacturers, semiconductor companies, and the broader OpenWrt ecosystem to create technology enhancements that support a robust, flexible open source platform suitable for mission critical, highly reliable products using a wide variety of hardware platforms.

The revelation of the Security PEG as could be expected was greeted by those who will be participating with significant enthusiasm with comments from executives from Broadcom, Elliptic Technologies, Imagination Technologies, Imperas Software and others.   Dan Artusi, CEO, Lantiq, nicely summed up the group’s support and commitment to the effort saying: “Lantiq is strongly committed to developing and delivering technologies that provide high value to carriers around the world. The development of an open and secure virtualization framework for the Internet of Things will mark a significant step forward in the rush to deploy this exciting new technology. We believe hardware based security and virtualization along with true quality of service are key in delivering best in class and ultra-fast broadband solutions…”

As with so many other areas at the moment, the embrace of open source to work on all of the challenges of moving to a software-centric world is putting the wisdom of the crowd to work on extremely complicated challenges.  Indeed, a way to think about this is it is elastic computing on a human level obviously as enabled by technology. 

The concentration on security for the software and data in the IoT world as to how it can be optimally protected where it resides, when it is on the move, where and how it is manipulated, accessed and stored, is admirable to say the least.  How well such a framework can lead to solutions that keep the good guys ahead of the bad guys is always the imponderable. 

That said, joining organizations such as the prpl Foundation is like the current March Madness bracket craziness now engulfing offices and homes across the U.S., you do have to be in it to win it, and prpl Foundation is tackling an area which the industry desperately need to get right. 

Related Articles

How Your Business Can Reorient Content Delivery to Be More Inclusive

By: Contributing Writer    1/25/2022

As a company owner, it's your responsibility to ensure that your business can realize its full potential, even in a competitive industry. It might not…

Read More

11 Highest Paying Technology Jobs in Data Analytics and Science

By: Contributing Writer    1/24/2022

The art of data science and analytics is being able to find relevant relationships and connections within large amounts of data sets. It is a sector o…

Read More

Microsoft to Become Third Ranked Gaming Company with Activision Buyout

By: Laura Stotler    1/19/2022

Microsoft is poised to become the third largest global gaming company with its announcement that it will purchase Activision Blizzard in a $68.7 billi…

Read More

What Is an XS-Leak Attack?

By: Contributing Writer    1/19/2022

The "same-site" origin policy (SOP) is a critical piece of online security. While it's not an internet standard, but rather a rule enforced by interne…

Read More

Interactive Displays For Education- Here's What You Should Know

By: Contributing Writer    1/19/2022

Undoubtedly, the amount of attention and enthusiasm kids show in their studies significantly impacts their depth of understanding and retention level.…

Read More