Prpl Foundation - Overview - PowerPoint Presentation

Slide1

Prpl

Foundation - Overview

OpenWrt Summit 2015Cesare Garlati, Chief Security Strategist, prpl FoundationSlide2

p

rpl

Foundation – pronounced “purple”

An open-source, community-driven, collaborative, non-profit foundation targeting and supporting the MIPS architecture – and open to others

Enabling

next-generation

datacenter-to-device, truly portable software; virtualized architecturesBringing together industry leaders from across the extensive MIPS communityData center, networking & storage, connected consumer and embedded/IoT

OpenWrt

Summit 2015 – Dublin IESlide3

prpl Ecosystem – open source, community driven

prpl Board of Directors

Dan Artusi

VP and GM, Lantiq - an Intel

Company

Matt

Grob Executive VP and CTO, QualcommTony King-Smith Executive VP Marketing, ImaginationDan Marotta Executive VP and GM, BroadcomArt Swift

President, prpl Foundation

Tools & Services

SOC manufacturers

IP Providers

Security specialists

Hypervisor vendors

OpenWrt

Summit 2015 – Dublin IESlide4

prpl

Engineering groups (PEGS)

SecurityEnabling multitenant, multidomain, secure software environments from device to datacenter.

QEMU PEG

Generic and open source machine emulator and virtualizer.

prplWrt

Enabling carrier-grade features to complement OpenWrt.OpenWrt

Summit 2015 – Dublin IESlide5

QEMU working

g

roup: objectives, deliverables & timelineObjectivesEnsure MIPS ISA is fully supported on QEMU open source virtualizer & emulator

Bring MIPS architecture variants current to stable upstream release

Establish process to upstream MIPS-related patches and updates

Timeline

DeliverablesGovernance model established. MIPS co-maintainer named.

MIPS 64 R6

and MIPS 32 R5 fully supported Process for MIPS patches and updates

Q3Y2014 – QEMU PEG launched. Website, wiki & governance established.

Q4Y2014 – MIPS 64 R6 and MIPS 32 R5 supported Q1Y2015 – 4 releases, 7 improvement projects, 35 merged pull requests to date

OpenWrt

Summit 2015 – Dublin IESlide6

prplWrt working

g

roup: objectives, deliverables & timelineObjectivesEnsure closer ties with OpenWrt developers and IP, SOC, system, & SW developers

Create r

obust

, flexible open source platform

for mission critical, highly reliable products.Improve access for the OpenWrt community to the latest SOC and system HW.TimelineOre Deliverables

Establish working relationships with OpenWrt community and HW vendors

Community access to new SOC’s and latest router HW

Improved documentation. Support new security related additions (container project)

Q3Y2014 – prplWrt launched and announced. Kathy Giori of Qualcomm chairs.

Q4Y2014 – Kickoff meeting with core OpenWrt developers at Embedded Linux conferenceQ1Y2015 – Sponsorship of OpenWireless hackathon. Launch of documentation project.

OpenWrt

Summit 2015 – Dublin IESlide7

OpenWrt - lightweight Linux

distro for embedded network devices

What is OpenWrt?A light-weight, flexible Linux distribution focusing on the performance and memory needs of embedded network devices, particularly wireless routers (65-70% of which are MIPS-based)Originally based upon the Linksys WRT54G source codeSupports a writable root file system for straightforward customization and updates after manufacturerCore is licensed under GPLv2, ~3500 optional packages under a variety of licensesWhat OEMs leverage OpenWrt?Belkin / Linksys, ITUS,

Linino, Netgear

Technicolor and others in future

QCom uses for shipping standard SDK

Mediatek has OpenWrt SDKOpenWrt

Summit 2015 – Dublin IESlide8

Why do OEM’s use or leverage OpenWrt?

Extremely

active Open Source communityStable project, around for almost 10 yearsContinuous improvements through cycle of Release Candidates, Patches and new ReleasesProvides opportunity for better reliability and security through updates vs. typically old/static router codeAbility to leverage SW across multiple SOC platforms as opposed to being tied to one vendor’s SDKMore flexibility opkg packages allow OEM to add lots of functionality without breaking upstream compatibility (easier merging of upstream changes

)

OpenWrt

Summit 2015 – Dublin IESlide9

Security working

g

roup: objectives, deliverables & timelineObjectivesDefine open source framework, specification, and set of API's to:

improve security in small footprint single purpose use cases

facilitate the use of virtualization in multitenant / multidomain use cases

Timeline

DeliverablesOpen Security framework and reference architecture specificationAPI’s for key levels of HW / SW stack

Reference designs as examples for different use cases

Q3Y2015 – Framework definition

Q4Y2015 – Reference architecture V1 (minimal scope)

Q2Y2016 – Reference architecture V2 (full scope)

OpenWrt

Summit 2015 – Dublin IESlide10

Market forces behind the formation of the security group

Supply Side

Availability of security features at the silicon level - resiliency

Availability of hardware support for virtualization - multitenancy

Multicore architectures – secure / not secure model doesn’t scale

Multiprocessor architectures – multidomain security cpu, gpu …

Proprietary security frameworks too expensive to implementprpl Foundation

Development of security open standards – open security

Open source community development and support

Open source framework and APIs – no royalties

Reference frameworks open to ecosystem partners development

Across vendors and architectures - initially focused on MIPS

Demand Side

Increasing demand for stronger security - $77B in 2015

Demand for hardware security layers - in addition to software

New multitenant business models multiple service providers - trust

Explosion of connected devices home / car / industrial - IoT

New privacy / data protection regulations – and bigger fines

OpenWrt

Summit 2015 – Dublin IESlide11

Information security is broken

Source: Gartner Research, Verizon 2015 Data Breach Report, PWC The Global State of Information Security Survey 2015, Trend Micro website

$77BWorldwide spending on information security in 201523

%OF RECIPIENTS OPEN PHISHINGMESSAGES AND

11% CLICK ON

ATTACHMENTS

$400MFinancial loss from 700 Million compromised records99.9%VULNERABILITIES EXPLOITEDMORE THAN A YEAR AFTER CVE WAS PUBLISHED

70-90

%OF MALWARE SAMPLESARE UNIQUE TO AN ORGANIZATION

95

%OF INCIDENTSINVOLVECREDENTIALS STOLEN

FROM DEVICES

Average financial losses due to security incidents, 2013-2014

OpenWrt

Summit 2015 – Dublin IESlide12

It’s time for stronger hardware-based security

across hardware - cpu, mem, gpu, cameras, network, radios, …

across so

ftware - microkernel, OS, containers, apps, …

Multidomain Security

New multitenant use cases – not just trusted/not-trusted islands

Strong security model perfectly fits new multicore scenariosMicrokernel based – does not require OS modifications

Open source framework and APIs – no royalties

Reference framework open to ecosystem partners development

74

%of security decision makers demand stronger hardware based security*

* Source: Decisive Analytics LLC, Multinational Security Decision Makers Study 2015 – Commissioned by CUPP Computing

Secure boot

Secure Debug/JTAG

Secure hypervisor

Secure containers

Crypto hardware

Secure video streams

Across Multidomains & Tenants

OpenWrt

Summit 2015 – Dublin IESlide13

Security Guidance V1

OpenWrt

Summit 2015 – Dublin IESlide14

OpenWrt

Summit 2015 – Dublin IESlide15

OpenWrt

Summit 2015 – Dublin IESlide16

OpenWrt

Summit 2015 – Dublin IESlide17

OpenWrt

Summit 2015 – Dublin IESlide18

OpenWrt

Summit 2015 – Dublin IESlide19

cesare@prplfoundation.org

http://prpl.worksSlide20

Title

OpenWrt

Summit 2015 – Dublin IE