top of page

Startup leads the way to a secure future for IoT

Marking a key milestone in IoT security, startup organisation Zaya has been announced as one of the first Operating Systems to pass the Arm Platform Security Architecture (PSA) certification scheme, PSA Certified™.

Anything connected to the internet is subject to continual attack, so provable security is increasingly important. Despite this, consistent security testing isn’t happening today, and the result is a lack of trust in connected devices. If IoT is to meet its potential, developers and consumers need to be confident in the level of security of their devices.

PSA Certified provides a simple and comprehensive approach to security testing. It comprises two elements: a multi-level, security robustness scheme (Levels 1,2 and 3) and a developer focused API test suite. PSA Certified enables devices makers to achieve the security required for their use case through these three progressive levels of security assurance, each requiring increasingly rigorous hardware and software evaluation, which are assigned by analyzing the use case threat vectors.

“For the past two years, we have been preparing innovative solutions to solve the challenges of security assessments. We are delighted that Arm has announced their security framework to define security requirements and have provided a test framework. It makes us very proud to be one of the first Operating Systems to pass the PSA Certified tests and become both PSA Certified Level 1 and PSA Functional API Certified.” - Murat Cakmak, Founder of ZAYA.

“As we drive towards a world of a trillion connected devices, it’s our industry’s responsibility to enable trust in connected devices, the data they collect and the deployment of these devices at scale,” said Paul Williamson, VP and GM, Emerging Business Group at Arm. “Through becoming PSA Certified Level 1 and PSA Functional API Certified, ZAYA has verified its RTOS has been designed with a secure foundation, in line with PSA principles, and is leading the way in ensuring PSA-based solutions have a consistent set of APIs for essential security functions.”

ZAYA Secure Kernel is an innovative and rich operating system for IoT devices which has a security dimension in resource management; The Modular ZAYA Secure Kernel design isolates sensitive and non-sensitive operations in design-time and run-time to reduces the attack surface for threats.

ZAYA supports multiple user applications and offers process isolation to protects the whole system from the malfunctioned applications. User applications are verified using strong authentication methods, and each user application can have different levels of access rights.

All these functional security methods are used to be a “PSA Functional API Certified”, and ZAYA Secure Kernel passes PSA Compliance Framework Tests on the various environment such as

1. Arm® Trusted Firmware-M on TrustZone® for Armv8-M:

Excellent Harmony of Hardware and Software level protection

ZAYA Secure Kernel is a PSA Functional API Certified solution using Trusted Firmware-M (TF-M) on TrustZone for Armv8-M to offer the highest level of protection.

TF-M encapsulates “security” in an isolated zone, and ZAYA Secure Kernel makes the TrustZone security richer using ZAYA Rich Operating System features such as Multiple Application Support, Process Isolation, User Application Authentication.

Design Time and Run-Time isolations make security and certification less painful for manufacturers.

2. Armv7-m Architecture:

A Smooth and Secure Migration to Arm's Secure Architectures for existing devices in the field.

ZAYA Secure Kernel is a PSA Functional API Certified solution on Arm’s Armv7-M architecture.

ZAYA Secure Kernel’s functional security features transform non-secure Armv7-M Arm MCUs to functionally secure devices.

Security cannot wait for the existing devices in the field and the ongoing designs. ZAYA offers PSA Functional API Certified security for existing solutions with a simple software upgrade.

Secure, Single solution for different Arm Architectures for easy migration.

Follow ZAYA on Twitter, LinkedIn

About ZAYA

ZAYA is a Cambridge, UK based software company produces Secure Software Solutions for Security-Critical markets. ZAYA is a highly experienced organisation in security and security certifications.

ZAYA supports all security standardisation efforts; ZAYA is supporting Arm’s Platform Security Architecture (PSA), and ZAYA is a member of the IoT Security Foundation.

446 views0 comments
bottom of page