Introduction to prpl
Art Swift, president prpl Foundation
Embedded Linux Conference Europe (ELCE) 201410/15/2014
Introduction to prpl – ELCE 2014 2October 14, 2014
Mission
‘prpl’ is an open-source, community-driven, collaborative, non-profit foundation targeting and supporting the MIPS architecture
– and open to all – with a focus on enabling next-generation datacenter-to-device
portable software and virtualized architectures
Introduction to prpl – ELCE 2014 3October 14, 2014
Our founding members
Introduction to prpl – ELCE 2014 4October 14, 2014
prpl core strategies
Introduction to prpl – ELCE 2014 5October 14, 2014
Why open-source?
• Enabling the IoT and Big Data revolution needs collaborative minds
• Fragmentation will slow down innovation• More eyeballs = more secure• Community benefits
– Large ROI benefit – up to 4x gain– Time-to-Market & lower TCO– Stronger ecosystem – Faster innovation through focus on core
competency
Introduction to prpl – ELCE 2014 6October 14, 2014
Our initial PEGs (prpl Engineering Groups)
Introduction to prpl – ELCE 2014 7October 14, 2014
What’s coming next?
Tools and Tool Chains
Secure Hypervisors
Prpl Stamp
Hardware Certification Program
Fully tested, open source supported,
development HW from prpl partners for
different markets
CI20 – a great example from Imagination!
Introduction to prpl – ELCE 2014 8October 14, 2014
prpl engineering work
▪ Virtualization Ecosystem▪ Hypervisors (eg KVM, Fiasco.oc)
▪ OS▪ Data Center – Redhat, Ubuntu, Debian, CentOS▪ Networking –Montavista, OpenWrt▪ Embedded/IoT & Mobile - Android, Chromium,
Tizen, WebOS, RTOSs, Yocto▪ Kernel (device tree, power mgmt, multi-threading)▪ Portability
▪ JITs (V8, openJDK, etc)▪ Emulation (QEMU)
▪ Tools (SDK, IDE)
▪ Platform▪ UEFI and boot loaders
▪ Optimization▪ Intrinsics (eg SIMD) and libraries (eg memcpy) –
■Multimedia - video, audio, speech■Networking■Security
■Networking (multi-core friendly and aynchronous)■e.g. BGP, OVS, snort, routing protocols, DPI
Introduction to prpl – ELCE 2014 9October 14, 2014
Introduction to prpl – ELCE 2014 10October 14, 2014
Context: What is the vision for prpl and what is driving our decisions?
Portability, Virtualization, and Compute
Introduction to prpl – ELCE 2014 11October 14, 2014
The diverse and insecure IOT world!
Which will generate and transmit Mountains of Data!
Introduction to prpl – ELCE 2014 12October 14, 2014
Diversity and Big Data: The Internet of Cow
1.5B cows200MB/yr/cow
=
300,000 GB(0.3 petabytes)
per year
Introduction to prpl – ELCE 2014 13October 14, 2014
Diversity and Big Data: Turbines
12,000 turbines500GB/day each
=
6 million GB(6 petabytes)
per day
Introduction to prpl – ELCE 2014 14October 14, 2014
Little Data Big Data Huge Data
• Each successive node in the IoT chain adds– Data and Storage requirements– Processing Requirements– Multi-tenant Requirements (i.e. security)
BytesMegabytes
Terabytes
Petabytes
ExabytesZETTABYTES(1000^7)
Introduction to prpl – ELCE 2014 15October 14, 2014
Key Enablers for IoT
• Processing power• Networking infrastructure and connectivity• Low cost, secure devices• Storage• Loads and loads of secure, portable software• A way to make money
Introduction to prpl – ELCE 2014 16October 14, 2014
IoT Market Challenges
• Scale– Billions of devices (identity & authentication management, in-field updates, dynamic interactions, big data, real time
data mgmt.)
• Multiple technologies and standards– Creation of technology silos– Established / emerging / competing– Standardization is a key enabler
• Solutions are highly fragmented– Need for common/flexible platforms– Applications environments with multiple PKIs or Roots of Trust
• Low power requirements– Operate for 2 years on a coin battery
• Cost limitation
• Long life cycles
Security
Introduction to prpl – ELCE 2014 17October 14, 2014
Introduction to prpl – ELCE 2014 18October 14, 2014
Introduction to prpl – ELCE 2014 19October 14, 2014
• “Smart refrigerators and TVs hacked to send out spam …” – NBC news
• If hackers can exploit a weakness in a single type of Internet-connected home appliance or system—such as an Internet-connected door lock—they may be able to harm thousands of people at once.
More connected homes, more problems
Introduction to prpl – ELCE 2014 20October 14, 2014
Target Breach: an anatomy
HACKED
$200M cost, CEO ousted
Compromised credentials from
HVAC vendor
1 HVAC systems monitor temp.
changes for seeing how long customers
stay
2
Malware programs
installed on HVAC systems
3Unified backend systems at store
(and most retailers)
4
PoS system breached
5Millions of credit
card numbers start flowing out
6Breach
detected! Manual intervention was
needed
7
Introduction to prpl – ELCE 2014 21October 14, 2014
IoT Security Chain (device-to-datacenter)
Sensors NodesAggregation Points
Routers /GatewaysSTBs Cloud
HW Root of Trust + Secure Boot => Secure Over The Air/Wired Field Updates
Secure sensor data for sensitive applications (e.g.
medical, industrial, enterprise)
Enable in field device personalization (add/remove features)Future proof designs with flexible programmable architecture
Private Data Disposal
Secure Server + Secure Network => Secure
Services
Secure Remote MonitoringProtect Intellectual Property against SW cloning (e.g. proprietary algorithms)
Intellectual Property Tampering Detection Intrusion Detection and Secure Remote Monitoring
Introduction to prpl – ELCE 2014 22October 14, 2014
Platform security – one approach
• Secure boot process starts out in ROM
• After bootloader, the root of trust (hypervisor) is verified and loaded
• Iteratively verifies next stage of boot until HLOS (optionally inclusive)
• Secure partition(s) able to access full memory map. Non-secure can access only its partition.
Through hardware virtualization support and secure hypervisors
Non-secure HLOS (e.g. Android)
SecureOS 1
Secure App 1
Secure App 2
Secure App 3
Non-Secure
App
Non-Secure
App
Non-Secure
App
Secure & Protected Hypervisor
Virtualized N-core MIPS i6400 CPU
Virtualized I/O and Memory thru entire SoC Complex
Secure OS 2
Introduction to prpl – ELCE 2014 23October 14, 2014
Exploring VirtualizationMultiple Secure Domains More Reliable & Predictable
More Powerful & Efficient Safer!• Global Platform considering
certifiable containers• Secure services can only affect
their container, not the overall system
Secure HypervisorCPU 1
CPU 2
CPU 3
CPU 4
CPU 1
Secure MonitorCPU 2
CPU 3
CPU 4
CPU 1
Secure HypervisorCPU 2
CPU 3
CPU 4
CPU 1
Secure MonitorCPU 2
CPU 3
CPU 4
CPU 1
Secure MonitorCPU 2
CPU 3
CPU 4
CPU 1
Secure HypervisorCPU 2
CPU 3
CPU 4
Introduction to prpl – ELCE 2014 24October 14, 2014
Summary: what will prpl do?
• Focus on the software “glue” necessary to carry secure structured and unstructured data from the device to the datacenter
• Example:– Secure hypervisors for multiple tenants– Portable software, such as JITs– SaaS, PaaS, IaaS OTA secure– Programming models to enable big data processing (eg hadoop) over
heterogeneous processors
Embedded nodes
OpenWrt hub
Networking backbone
Datacenter
Introduction to prpl – ELCE 2014 25October 14, 2014
How to Get Involved in prpl
Mailing list lists.prplfoundation.orgWiki wiki.prplfoundation.orgForums forum.prplfoundation.orgCode github.com/prplfoundation
Introduction to prpl – ELCE 2014 26October 14, 2014
Resources
• http://prplfoundation.org• http://www.cisco.com/web/about/ac79/docs/
innov/IoE_Economy.pdf• http://theinstitute.ieee.org/benefits/standards/s
etting-the-stage-for-the-internet-of-things• FTC Workshop on IoT and Security (Nov ‘13)• art (at) prplfoundation (dot) org
Thanks!
Art Swift, president
Top Related