editor's blog
Subscribe Now

Infrastructure for Application Security

Security is becoming an increasingly visible topic in discussions of things embedded and mobile. While the need to be secure isn’t new, there’s more of a push to change architectures to make them intrinsically less open to skullduggery.

One simple embodiment of the notion is to partition execution into two: one running a standard rich OS, which looks very much like what we’re used to – let’s call it the lay environment, the secular world. All kinds of things happen out there, many of which we don’t talk about. Then there’s a second environment running a minimal secure OS which acts as a “trusted” environment – let’s call it the temple. We don’t get to see what’s going on in there (although we can create salacious myths about the their rituals). This is where the Golden Legacy is protected so that, even if the lay world sends itself up in flames, there is a kernel of civilization that can re-seed the lay world anew.

Communication between the two worlds is carefully managed by a messaging system as if through anointed mutes with elaborate credentials and passwords.

This is the kind of world that Elliptic is trying to fit into. They’ve unveiled their new tVault infrastructure for supporting security in applications. This is a capability that’s invisible to the user and even to the application programmer: it supports higher-level security features. For instance, they’ve got it running under Android’s Security Framework. Apps programmers program to the Android API; underlying that, tVault manages the implementation.

tVault helps handle secure data and transactions like encryption key storage and retrieval. Applications and processes get IDs so that only the correct program gets access to its data; no other process can intercede and bugger off with someone else’s key.

The tVault concept is actually a collection of firmware, APIs, hardware support, and hardware acceleration. Their first focus is DRM on Android machines.

You can find more in their release

Leave a Reply

featured blogs
Aug 15, 2018
https://youtu.be/6a0znbVfFJk \ Coming from the Cadence parking lot (camera Sean) Monday: Jobs: Farmer, Baker Tuesday: Jobs: Printer, Chocolate Maker Wednesday: Jobs: Programmer, Caver Thursday: Jobs: Some Lessons Learned Friday: Jobs: Five Lessons www.breakfastbytes.com Sign ...
Aug 15, 2018
VITA 57.4 FMC+ Standard As an ANSI/VITA member, Samtec supports the release of the new ANSI/VITA 57.4-2018 FPGA Mezzanine Card Plus Standard. VITA 57.4, also referred to as FMC+, expands upon the I/O capabilities defined in ANSI/VITA 57.1 FMC by adding two new connectors that...
Aug 15, 2018
The world recognizes the American healthcare system for its innovation in precision medicine, surgical techniques, medical devices, and drug development. But they'€™ve been slow to adopt 21st century t...
Aug 14, 2018
I worked at HP in Ft. Collins, Colorado back in the 1970s. It was a heady experience. We were designing and building early, pre-PC desktop computers and we owned the market back then. The division I worked for eventually migrated to 32-bit workstations, chased from the deskto...
Jul 30, 2018
As discussed in part 1 of this blog post, each instance of an Achronix Speedcore eFPGA in your ASIC or SoC design must be configured after the system powers up because Speedcore eFPGAs employ nonvolatile SRAM technology to store its configuration bits. The time required to pr...