Arm released a statement in October 2017 that told of its vision of a trillion connected devices by 2035 and said, “it’s only appropriate we talk about what’s being done to secure those trillion devices … security cannot be an afterthought”.
Arm took this moment to announce the introduction of the first common industry framework for building secure connected devices, called Platform Security Architecture (PSA): “The Platform Security Architecture (PSA) is a holistic set of threat models, security analyses, hardware and firmware architecture specifications.”
Today, we are excited to announce that ZAYA offers a secure operating system that adheres to PSA Principles.
ZAYA is a secure operating system designed for connected devices, ZAYA is a lightweight operating system for resource constraint IoT EndPoint and it is secure because it is designed for Security Certifications from scratch.
ZAYA ‘The Functional Secure OS’ implements ‘Principle of least privilege’ principle for user application executions which isolates all trusted ‘resources’ and ‘services’ from non-secure user applications. This isolation approach is the one of the highest-level protection approaches defined by the PSA.
While PSA is a massive step in the security standardisation for the Internet of Things area, ZAYA also meets well-known ‘Certification Requirements’ for Security-Critical Areas; ZAYA implements all security certification requirements in the kernel or ZAYA Certification Extensions, and all requirements (trusted resources) are abstracted and so isolated from user applications. In this way, ZAYA offers one more (certification) dimension to support the PSA. We are the team experienced at Security Critical Certifications (which have similar requirements with PSA), we offer ‘mature’ secure solutions to meet PSA defined protection approaches.
In ZAYA OS, all images (Bootloader, Kernel, ZAYA certification extensions, user applications) are separate images including signatures for public key authentication, and each level of image validates ‘Authenticity’ and ‘Integrity’ of next level of images. It is ‘Chain of Trust’ approach, and it is an extended version of PSA’s ‘Trusted Boot Sequence’ to offer highly modular but still secure design.
ZAYA also offers mechanisms to protect devices from physical attacks: isolates KeyStore in tamper-protected regions.
Arm® TrustZone® for Armv8-M processor security technology offers hardware-level protection which has critical role in PSA. ZAYA OS supports Arm® TrustZone® technology; excellent integration of hardware and software level protection.
On the other hand, ZAYA secure solutions offer PSA defined high-level protection even on existing Arm® architectures (e.g. Arm®v7-M): Even today, you can have PSA defined highly secure platforms :Transform your legacy devices to ‘secure IoT Endpoint’ using ZAYA: smooth PSA migration for existing devices in the field.
If you would like to find out more about our security features and meet the ZAYA team, please contact: info@za-ya.co