CEO Jothy Rosenberg explains how CoreGuard Stands out from other hardware security solutions.
Security is confusing to someone who makes or who deploys an embedded or IoT device.
There are literally thousands of vendors selling all kinds of software for embedded devices or network security. Many of these large vendors claim they have a secure processor. Smaller vendors often take these purported security features, add their little twist, and claim what they have created is a also secure processor.
While these features may add some security value, it is vital understand what really make a processor secure so you can focus your efforts on what will get you the right security.
Software Security is Not Secure
First, let’s remember that software security solutions are, well, software.They have the same vulnerability profile that all software has.
That is, on average, about 15 bugs per thousand lines of code (according to Steve McGuire of Writing Solid Code) of which about 2% (according to the FBI) can be turned into vulnerabilities. Even modestly sized security software runs to one million lines of code, while more sophisticated intrusion detection systems are 10 times that. We will revisit how these quite vulnerable defensive software systems can get a new lease on life and provide much higher value in a moment.
When a vendor says they have a “secure processor” what they mean in today’s world is that they have added encryption and maybe key management to a standard processor.They do this in hardware to make it faster than running encryption software on the standard processor.
This is actually “communication security”, meaning they are helping their users make sure any data going to and from their device is encrypted. This makes data theft or exfiltration impossible or very difficult for an attacker. (When we say difficult that means that the attacker may find it not worth his while to work that hard since there are so many easy to attack places).
Encrypting communication is good and in some situations vital. But it doesn’t really warrant calling it a “secure processor” as we will demonstrate.
As we have shown on this blog previously here, our main processors have to be protected or the attackers just find a software vulnerability, do a buffer overflow, inject some code, and take over the processor. Once they have done that, securing communications or having layer after layer of defensive software is meaningless.
Our approach at Dover is aimed squarely at computing security, or, if you prefer, processing security. Our goal is to completely secure computing against all forms of attack that can come over a network.
MITRE breaks down all the network-based attacks and categorizes them by the type of software vulnerability (or weakness). In total there are 705 weaknesses, broken into 7 classes. We have addressed the numerous categories (buffer errors and code injection openings) which already accounts for 90% of all attacks. Further categories will be addressed as our policy set becomes even more robust.
So if we need to call what CoreGuard provides computing security, then to disambiguate what today people are calling a secure processor, we need instead to call that “communications security”. And as I said earlier, many embedded devices, especially if they need to communicate over a network, will need both.
Finally, and here is the really cool part, any defensive layers of software the device builder or user wants to install just suddenly got really useful and will finally live up to its vendors claims. That’s because any vulnerabilities those software systems might have are blocked from being attack vectors due to CoreGuard being a secure computing processor.
For further articles from Dover's CEO, subscribe to the blog.