Presentation is loading. Please wait.

Presentation is loading. Please wait.

draft-moran-suit-architecture-03

Published byLaureen George Modified over 5 years ago

Similar presentations

Presentation on theme: "draft-moran-suit-architecture-03"— Presentation transcript:

1 draft-moran-suit-architecture-03

2 Terminology Manifest: Firmware Image (or firmware):
The manifest contains meta-data about the firmware image. The manifest is protected against modification and provides information about the author. Firmware Image (or firmware): The firmware image is a binary that may contain the complete software of a device or a subset of it. … may consist of multiple images. … may consist of a differential update

3 Terminology Author: Device: Untrusted Storage:
The author is the entity that creates the firmware image, signs and/or encrypts it and attaches a manifest to it. Device: The device is the recipient of the firmware image and the manifest. The goal is to update the firmware of the device. Untrusted Storage: Firmware images and manifests are stored on untrusted fileservers or cloud storage infrastructure.

4 Terminology We had a discussion about the ITU-T terminology. Some terms can be mapped but for others there is no related concept since the ITU-T architecture is broader (e.g., tracker concept).

5 Requirements Role of post-quantum secure signature mechanisms?
Agnostic to how firmware images are distributed Friendly to broadcast delivery Uses state-of-the-art security mechanisms Rollback attacks must be prevented. High reliability Operates with a small bootloader Small Parsers Minimal impact on existing firmware formats Robust permissions Role of post-quantum secure signature mechanisms? What should be stated as “state-of-the-art”? Relationship to bootloader Terminology and architecture does not really talk about bootloader.

6 Manifest with attached firmware
/ \ / \ /Manifest with \ /Manifest with \ |attached | |attached | \firmware image/ \firmware image/ \ / \ / | | | |< | Untrusted |< | | | Device | | Storage | | Author | | | | | | |

7 Independent retrieval of the firmware image
/ \ / \ | Manifest | \ / \ / | |< >| | | Device | -- | Author | | |<- --- | | | | -- / \ -- | Untrusted |<- / \ / \ -- | Storage | / \ | Firmware | | | | Firmware | \ / \ / \ / \ /

8 Appendix Contains: Threat Model User Stories Security Requirements and Usability Requirements Made appendix easier to read with forward references.

Download ppt "draft-moran-suit-architecture-03"

Similar presentations

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Key Management And Key Distribution The essential problems addressed by all cryptosystems is how to safely exchange keys and how to easily manage the.

Key Management And Key Distribution The essential problems addressed by all cryptosystems is how to safely exchange keys and how to easily manage the.
Operating System Security

Operating System Security
A Unified Approach to Combat Counterfeiting: Use of the Digital Object Architecture and ITU-T Recommendation X.1255 Robert E. Kahn President & CEO CNRI,

A Unified Approach to Combat Counterfeiting: Use of the Digital Object Architecture and ITU-T Recommendation X.1255 Robert E. Kahn President & CEO CNRI,
Introduction to Database Management  Department of Computer Science Northern Illinois University January 2001.

Introduction to Database Management  Department of Computer Science Northern Illinois University January 2001.
Chapter 1 – Introduction

Chapter 1 – Introduction
DBMS Functions Data, Storage, Retrieval, and Update

DBMS Functions Data, Storage, Retrieval, and Update
Figure 1.1 Interaction between applications and the operating system.

Figure 1.1 Interaction between applications and the operating system.
Cloud Usability Framework

Cloud Usability Framework
Domain Name System Security Extensions (DNSSEC) Hackers 2.

Domain Name System Security Extensions (DNSSEC) Hackers 2.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.

Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.
Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.
Database Management System Lecture 2 Introduction to Database management.

Database Management System Lecture 2 Introduction to Database management.
Database Environment 1.  Purpose of three-level database architecture.  Contents of external, conceptual, and internal levels.  Purpose of external/conceptual.

Database Environment 1.  Purpose of three-level database architecture.  Contents of external, conceptual, and internal levels.  Purpose of external/conceptual.
Wireless and Email Security CSCI 5857: Encoding and Encryption.

Wireless and Security CSCI 5857: Encoding and Encryption.
Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.

Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.
Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Prateek Basavaraj April 9 th 2014.

Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Prateek Basavaraj April 9 th 2014.
General Key Management Guidance. Key Management Policy  Governs the lifecycle for the keying material  Hope to minimize additional required documentation.

General Key Management Guidance. Key Management Policy  Governs the lifecycle for the keying material  Hope to minimize additional required documentation.
SEC835 Practical aspects of security implementation Part 1.

SEC835 Practical aspects of security implementation Part 1.

Similar presentations

Ads by Google