ZAYA μContainers are containers for resource-constraint small&MMU-less Microcontrollers and an innovative way to make a product development secure, user-friendly, deployment friendly in the IoT Edge devices, and these solutions can be applied for different use cases.
1. User Application A μContainer can be used for user application development to run a user application in an authenticated, isolated and independent secure environment.
User applications in ZAYA Containers are platform-agnostic environments so user applications are pure and portable implementations.
Once a ZAYA User application is started, there is no need to initialise the platform or any hardware. The system is ready to run.
2. Running a Guest RTOS; Porting an Existing RTOS Application
ZAYA provides hardware virtualisation, and so another RTOS can be run in a ZAYA μContainer like a Virtual Machine; the guest RTOS does not need to initialise the microcontroller core nor any other hardware peripheral.
Any existing RTOS based user application can be ported to ZAYA μContainer so a non-secure RTOS application can be secured by an isolated ZAYA μContainer which means an easy porting to the ZAYA Secure Environment. In this way, even the existing products in the field can be secured with a single software upgrade.
3. Securing High-Level Programming Languages
High-level programming languages such as Python, Rust are getting popular in the IoT Edges.
Each of the programming languages offers different advantages for the developers, but the basic leak is that platform-level security for a programming language if we run these programming languages on a microcontroller that does not have a security or isolation mechanism.
ZAYA μContainers provide a secure and isolated environment for developer-friendly programming languages to secure applications written in these languages.
4. Secure Services ZAYA μContainer can be used for the creation of general-purpose services, and custom-service can be implemented in an isolated μContainer, and all other user applications can use the custom service μContainer.
4.1. Deployment Ready Turnkey ZAYA Secure Services ZAYA μContainer user can develop their custom services but also ZAYA provides Turnkey Secure services in Deployment Ready Packages. In this way, a manufacturer can have a specific functionality easily in its product to reduce the time to market.
4.1.1. ZAYA Amazon Web Services μContainer Limitation of Traditional RTOSes: There is no device/platform level security such as Isolation when the AWS SDKs run on a microcontroller; If an attacker attacks(e.g. Code Injection) to the device directly instead of attacking to the encrypted channel(SSL/TLS) established by AWS SDK, the attacker can get the whole device control and can get AWS certificates and keys to listen to the encrypted network(SSL/TLS).
ZAYA solves security leaks even for the existing products in the market.
ZAYA provides a turnkey AWS IoT μContainer in a deployment-ready package. This approach secures the AWS IoT executions; i. ZAYA μContainers provide an isolated, authenticated, secure environment for AWS IoT executions, and any malfunctioned user application can not violate or break the AWS IoT execution.
ii. ZAYA μContainers make use of security from PSA Level 1 certified ZAYA Secure Kernel using the PSA Certified Functional API; therefore, ZAYA AWS IoT μContainers do not have any cryptographic implementations(SSL/TLS) nor key storage inside.
Custom user applications use only ZAYA AWS IoT μContainer to manage their IoT devices using the Amazon Web Services.
ZAYA μContainers are independent executables so a Turnkey AWS μContainer provided by ZAYA can be easily sent to devices in the field to have the AWS IoT functionality in the device.
4.1.2. ZAYA Machine Learning Service Limitation of Traditional RTOSes: Tradition RTOS build a single image that includes all firmware (Kernel, Peripheral Drivers, MIddleware, Application) plus ML Models. And if the only ML Model needs to be updated, the whole firmware image even must be upgraded.
ZAYA ML Container provides an ML service for developers to isolate ML resources from external manipulations.
As ZAYA Containers are independent executables, an ML Model in a ZAYA Container can be upgraded individually.
5. PSA Application Root of Trust with PSA Level 2 Isolation
Platform Security Architecture (PSA) Level 2 requires isolation between PSA Root of Trust(RoT) and Application Root of Trust (RoT).
PSA RoT is already handled in Kernel Space by ZAYA Secure Kernel, and the Application RoT can be handled in a ZAYA μContainer in an isolated environment. In this way, PSA RoT, Application RoT and the User Application can be isolated from each other.
For more details and demonstrations, please contact info@za-ya.co.