Yesterday the prpl Foundation and EEMBC announced a formal partnership to advance the use of security-by-separation in Internet of Things (IoT) edge devices. By developing an industry-standard hypervisor benchmark, the collaboration aims to shatter the perception that the use of hardware virtualisation in low-power embedded devices comes with big performance and energy overheads.
prpl is a community driven, non-profit organisation with a focus on enabling the security and interoperability of embedded devices for the IoT and smart society of the future. EEMBC is an industry alliance that develops benchmarks to help system designers select the optimal processors and understand the performance and energy characteristics of their systems. The partnership will see EEMBC’s Markus Levy alongside Art Swift, president of prpl Foundation, co-chair the joint EEMBC/prpl HyperBench Working Group. The aim of the group will be to assess the performance of new lightweight embedded hypervisors paired with System on Chips (SoCs) with hardware support for virtualisation.
Hardware virtualisation technology coupled with hypervisors can provide improved security through isolation or ‘separation’ of users, tenants, and applications running on a given device. This approach is well understood and widely used in the datacentre, but not traditionally in deeply embedded, resource-constrained systems such as those in the IoT – primarily due to perceptions of performance limitations or associated ‘overhead’. EEMBC and prpl hope to demonstrate that any such limitations are mitigated through new developments and techniques.
The way software or firmware gets assembled today the maker of the device often has little control over all of the components as a whole. By using hypervisors at the hardware level to create security through separation, supply chain security issues could be greatly reduced while preserving the core functionality of the device – even if a security issue arises with another component of the system or it is compromised by malware such as Mirai.
“EEMBC sees value in HyperBench in two ways. The first way follows our traditional model of creating benchmarks to help system developers select the most optimal processing solution for their applications; in this case, HyperBench will allow processor vendors to fairly demonstrate their performance advantages,” said Markus Levy, EEMBC president. “In the second way, HyperBench will help out the industry in general by demonstrating that with advanced hardware assist for virtualization, the performance impact of hypervisors will be minimal.”
prpl and EEMBC members have considerable expertise in virtualization and hypervisor technologies. prpl has based its peer-reviewed Security Framework in large part on this approach, and many of its members are well-versed in deployment of the technology. EEMBC and its members have previously spent considerable time and energy on assessing how the performance overhead of virtualisation technologies can be tested or benchmarked. Together the joint working group will create an architecture and operating system neutral benchmark tool to support vendors of processors, hypervisors, and operating systems, as well as their customers – the IoT system designers.
“Security of IoT is not a problem that any one company or entity can solve on its own,” said Art Swift, president of the prpl Foundation. “It will take cooperation at all levels to work towards best practices and developing universal standards. At prpl we are delighted to collaborate with EEMBC to show how a separation-based approach rooted in hardware can create a more secure IoT without significant performance penalties.”
Initial members from prpl of the new benchmarking working group also include Kernkonzept and Imagination Technologies.