OpenWrt Summit 2015 Cesare Garlati Chief Security Strategist prpl Foundation p rpl Foundation pronounced purple An opensource communitydriven collaborative nonprofit foundation targeting and supporting the MIPS architecture and open to others ID: 725343
Download Presentation The PPT/PDF document "Prpl Foundation - Overview" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Prpl
Foundation - Overview
OpenWrt Summit 2015Cesare Garlati, Chief Security Strategist, prpl FoundationSlide2
p
rpl
Foundation – pronounced “purple”
An open-source, community-driven, collaborative, non-profit foundation targeting and supporting the MIPS architecture – and open to others
Enabling
next-generation
datacenter-to-device, truly portable software; virtualized architecturesBringing together industry leaders from across the extensive MIPS communityData center, networking & storage, connected consumer and embedded/IoT
OpenWrt
Summit 2015 – Dublin IESlide3
prpl Ecosystem – open source, community driven
prpl Board of Directors
Dan Artusi
VP and GM, Lantiq - an Intel
Company
Matt
Grob Executive VP and CTO, QualcommTony King-Smith Executive VP Marketing, ImaginationDan Marotta Executive VP and GM, BroadcomArt Swift
President, prpl Foundation
Tools & Services
SOC manufacturers
IP Providers
Security specialists
Hypervisor vendors
OpenWrt
Summit 2015 – Dublin IESlide4
prpl
Engineering groups (PEGS)
SecurityEnabling multitenant, multidomain, secure software environments from device to datacenter.
QEMU PEG
Generic and open source machine emulator and virtualizer.
prplWrt
Enabling carrier-grade features to complement OpenWrt.OpenWrt
Summit 2015 – Dublin IESlide5
QEMU working
g
roup: objectives, deliverables & timelineObjectivesEnsure MIPS ISA is fully supported on QEMU open source virtualizer & emulator
Bring MIPS architecture variants current to stable upstream release
Establish process to upstream MIPS-related patches and updates
Timeline
DeliverablesGovernance model established. MIPS co-maintainer named.
MIPS 64 R6
and MIPS 32 R5 fully supported Process for MIPS patches and updates
Q3Y2014 – QEMU PEG launched. Website, wiki & governance established.
Q4Y2014 – MIPS 64 R6 and MIPS 32 R5 supported Q1Y2015 – 4 releases, 7 improvement projects, 35 merged pull requests to date
OpenWrt
Summit 2015 – Dublin IESlide6
prplWrt working
g
roup: objectives, deliverables & timelineObjectivesEnsure closer ties with OpenWrt developers and IP, SOC, system, & SW developers
Create r
obust
, flexible open source platform
for mission critical, highly reliable products.Improve access for the OpenWrt community to the latest SOC and system HW.TimelineOre Deliverables
Establish working relationships with OpenWrt community and HW vendors
Community access to new SOC’s and latest router HW
Improved documentation. Support new security related additions (container project)
Q3Y2014 – prplWrt launched and announced. Kathy Giori of Qualcomm chairs.
Q4Y2014 – Kickoff meeting with core OpenWrt developers at Embedded Linux conferenceQ1Y2015 – Sponsorship of OpenWireless hackathon. Launch of documentation project.
OpenWrt
Summit 2015 – Dublin IESlide7
OpenWrt - lightweight Linux
distro for embedded network devices
What is OpenWrt?A light-weight, flexible Linux distribution focusing on the performance and memory needs of embedded network devices, particularly wireless routers (65-70% of which are MIPS-based)Originally based upon the Linksys WRT54G source codeSupports a writable root file system for straightforward customization and updates after manufacturerCore is licensed under GPLv2, ~3500 optional packages under a variety of licensesWhat OEMs leverage OpenWrt?Belkin / Linksys, ITUS,
Linino, Netgear
Technicolor and others in future
QCom uses for shipping standard SDK
Mediatek has OpenWrt SDKOpenWrt
Summit 2015 – Dublin IESlide8
Why do OEM’s use or leverage OpenWrt?
Extremely
active Open Source communityStable project, around for almost 10 yearsContinuous improvements through cycle of Release Candidates, Patches and new ReleasesProvides opportunity for better reliability and security through updates vs. typically old/static router codeAbility to leverage SW across multiple SOC platforms as opposed to being tied to one vendor’s SDKMore flexibility opkg packages allow OEM to add lots of functionality without breaking upstream compatibility (easier merging of upstream changes
)
OpenWrt
Summit 2015 – Dublin IESlide9
Security working
g
roup: objectives, deliverables & timelineObjectivesDefine open source framework, specification, and set of API's to:
improve security in small footprint single purpose use cases
facilitate the use of virtualization in multitenant / multidomain use cases
Timeline
DeliverablesOpen Security framework and reference architecture specificationAPI’s for key levels of HW / SW stack
Reference designs as examples for different use cases
Q3Y2015 – Framework definition
Q4Y2015 – Reference architecture V1 (minimal scope)
Q2Y2016 – Reference architecture V2 (full scope)
OpenWrt
Summit 2015 – Dublin IESlide10
Market forces behind the formation of the security group
Supply Side
Availability of security features at the silicon level - resiliency
Availability of hardware support for virtualization - multitenancy
Multicore architectures – secure / not secure model doesn’t scale
Multiprocessor architectures – multidomain security cpu, gpu …
Proprietary security frameworks too expensive to implementprpl Foundation
Development of security open standards – open security
Open source community development and support
Open source framework and APIs – no royalties
Reference frameworks open to ecosystem partners development
Across vendors and architectures - initially focused on MIPS
Demand Side
Increasing demand for stronger security - $77B in 2015
Demand for hardware security layers - in addition to software
New multitenant business models multiple service providers - trust
Explosion of connected devices home / car / industrial - IoT
New privacy / data protection regulations – and bigger fines
OpenWrt
Summit 2015 – Dublin IESlide11
Information security is broken
Source: Gartner Research, Verizon 2015 Data Breach Report, PWC The Global State of Information Security Survey 2015, Trend Micro website
$77BWorldwide spending on information security in 201523
%OF RECIPIENTS OPEN PHISHINGMESSAGES AND
11% CLICK ON
ATTACHMENTS
$400MFinancial loss from 700 Million compromised records99.9%VULNERABILITIES EXPLOITEDMORE THAN A YEAR AFTER CVE WAS PUBLISHED
70-90
%OF MALWARE SAMPLESARE UNIQUE TO AN ORGANIZATION
95
%OF INCIDENTSINVOLVECREDENTIALS STOLEN
FROM DEVICES
Average financial losses due to security incidents, 2013-2014
OpenWrt
Summit 2015 – Dublin IESlide12
It’s time for stronger hardware-based security
across hardware - cpu, mem, gpu, cameras, network, radios, …
across so
ftware - microkernel, OS, containers, apps, …
Multidomain Security
New multitenant use cases – not just trusted/not-trusted islands
Strong security model perfectly fits new multicore scenariosMicrokernel based – does not require OS modifications
Open source framework and APIs – no royalties
Reference framework open to ecosystem partners development
74
%of security decision makers demand stronger hardware based security*
* Source: Decisive Analytics LLC, Multinational Security Decision Makers Study 2015 – Commissioned by CUPP Computing
Secure boot
Secure Debug/JTAG
Secure hypervisor
Secure containers
Crypto hardware
Secure video streams
Across Multidomains & Tenants
OpenWrt
Summit 2015 – Dublin IESlide13
Security Guidance V1
OpenWrt
Summit 2015 – Dublin IESlide14
OpenWrt
Summit 2015 – Dublin IESlide15
OpenWrt
Summit 2015 – Dublin IESlide16
OpenWrt
Summit 2015 – Dublin IESlide17
OpenWrt
Summit 2015 – Dublin IESlide18
OpenWrt
Summit 2015 – Dublin IESlide19
cesare@prplfoundation.org
http://prpl.worksSlide20
Title
OpenWrt
Summit 2015 – Dublin IE