Our Proposal
With the advent of the Internet of Things (IoT), there are attractive business models for hackers for exploiting vulnerabilities of connected systems, in particular when attacks that can be performed remotely, even when they require a substantial investment during the so-called identification phase.
When designing a connected system, security engineers can in effect rely on three pillars:
- Secure elements or hardware coprocessors for the Root of Trust, cryptographic operations and transactions;
- Trusted Execution Environment (TEE) or secure OSs;
- Hardware - or software-based hypervisors.
In order to resist to sophisticated remote attacks, the last two need to be highly resistant and formally proven. This is what we have done at Prove & Run.
We provide cost effective off-the-shelf formally proven software bricks that dramatically improve the level of security of connected systems:
- ProvenCore: a next generation ultra secure OS (TEE) that is typically used to run security critical applications (Firmware Update, Intrusion detection, VPN, firewalls, authentication systems, etc.) available for ARM® Cortex®-A and Cortex®-M processors.
- ProvenVisor: a next-generation formally proven ultra secure hypervisor available for ARM® Cortex®-A processors.
Prove & Run provides an off-the-shelf secure OS (ProvenCore) and secure solutions, which are intended to elevate the security of large-scale connected IoT devices against cyber attacks. Prove & Run’s secure OS enable high assurance level to security-critical services that are needed for IoT-security use cases. These include secure boot, firmware over the air updates, securing and filtering communications channels, using and managing keys, remote inspection and maintenance, logging events, intrusion detection/protection and isolation of legacy OS and software stacks.
Prove & Run enables OEMs, chipmakers, device makers and solution providers with scalable and secured solutions for all ARM Cortex-A and Cortex-M- based IoT devices, with cost and skill requirements that fall within value chain constraints.
ProvenCore is based on strict security principles: its Trusted Computing Base is minimal, it enforces a strict security policy, and it targets the highest possible level (EAL7) security level, including formal proofs of critical properties. It is currently undergoing a Common Criteria security evaluation and the evaluation certificate should be soon available.
Unlike other existing Secure OS, which trusts all their applications, and are evaluated to a lower EAL2 level, ProvenCore is suitable for the most exposed industrial IoT devices.
Prove & Run is a highly recognized company in the field of cybersecurity as demonstrated by the latest company news:
- we have also been recognized as the most Innovative SME at the last (Feb 2107) International Cybersecurity Forum in France.
- we have been awarded the 2017 Embedded Award for Software with ProvenCore for TrustZone at the last Embedded World show in Nuremberg/Germany
- we have been distinguished by Gartner as « 2107 Cool Vendor for IoT Security »
Partners that are considering deploying connected devices in safety critical environment or for cyber physical systems need to be concerned with cybersecurity issues. We can help our partners to analyze the security requirements for their project. Protection against attacks need also to be taken into account at the design stage of their device. With our solutions, we can help them getting the most effective solution at industrial costs.