SlideShare a Scribd company logo

Security Hardware Differentiated Through Licensed Software: a High-Tech Manufacturer’s Case Study

Flexera
Flexera

The document discusses CPU Tech's offerings and strategies in secure processing technology, particularly their Acalis® family of secure processors, which protect against reverse engineering and enhance supply chain security in defense programs. It outlines the business challenges they face, such as implementing flexible licensing models via Flexera software to accommodate varying customer needs and development cycles. The content also emphasizes the importance of security in both commercial and defense sectors, highlighting the need for structured roles in managing security throughout the product lifecycle.

Technology
1 of 36
Downloaded 10 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
Security Hardware Differentiated Through Licensed Software High-Tech Manufacturer’s Case Study
Agenda • CPU Tech Market • Company Overview • Product Overview • Customer Development Cycle • Flexera Software Licensing to Support Development
Agenda • CPU Tech Market • Company Overview • Product Overview • Customer Development Cycle • Flexera Software Licensing to Support Development
Electronics Component Markets • Semiconductor Markets in 2011, Gartner: –Overall estimate about $320 Billion –Processor-based chips: $144 Billion –Military/Industrial Market, System-on-Chip, 32-bit+: $500 Million, 20% CAGR • Of the entire semi-conductor market: “System-on-Chip Products Will Drive Growth”
Numerous Recent Security Threats
Pendulum Swings in Defense Electronics over Time Commercial Military Driven Proliferation of Aviation and Auto Markets Proliferate IP Protection Market Performance Concerns Standards (Anti-Tamper Dual Use Required) Components Custom Proliferate Commercial Components Full MIL-STD Cryptography Requirements Proliferates ‘Perry Memo’ COTS and Open Source Trust Rise in Intelligence Concerns And Cryptography Defense Open (US Sources Sources and Required) Defense Architectures Funding War-Time Priorities Mobilization Availability Concerns (US Sources Required) No Distinct Military Market Tech Boom Marginalizes Military Requirements Commercial Driven Market
Agenda • CPU Tech Market • Company Overview • Product Overview • Customer Development Cycle • Flexera Software Licensing to Support Development
What We Do: Develop Secure and Compatible Technology Understanding how to build secure systems CPU Tech’s Proven Approach CPU Tech Founded 1989 Understanding how to design secure systems and eliminate Understanding System vulnerabilities Vulnerabilities 1980 1985 1990 1995 2000 2005 2010
Who We Are: Products and Services Clients and Partners • Founded in 1989 with a vision of making compatible System-on-a- Chip (SoC) technology economically practical • CPU Tech produces the Acalis® family of Secure Processors that protect software and systems from reverse engineering • CPU Tech offers secure processing implementation services to assist customers in achieving security goals and certifications • Veteran Owned, Small Business, Headquartered in Pleasanton, CA – Rep Firms across America
Agenda • CPU Tech Market • Company Overview • Product Overview • Customer Development Cycle • Flexera Software Licensing to Support Development
Acalis® CPU872 Secure Processor • Multi-Core Device with Integrated Security Processor & Offload Engines • IBM Trusted Foundry • Extensive, Multi-Layered Security to Protect Against Reverse Engineering • Two Complete PowerPC® Nodes • Scalable without Additional Devices • Power Efficient Processing
Acalis® Development Environment H Acalis® CPU872 H Acalis® EB872 Secure Processor Evaluation Board S Security Processor API T Acalis® Software Development Kit T Acalis S Embedded RTOS/OS SentryTM H Hardware: Devices & Boards S Software: Embedded User Software T Development Tools: Software Developer & Security Engineer Tools
Acalis Sentry™ Advantages • Graphical User Interface: Offers menu-driven, easy-to-use security configuration • Secure Data Transfer: Mocana SSL data security and authentication • Security Engineer Role: Clearly separates security role from software developer role • Access Rules: Provides clear implementation of settings on chip firewalls between processors, IO, and on-chip/off-chip memory • Trusted Source Environment: Adds hardware trust to your design environment in critical areas of encryption key and boot code management
How Acalis Sentry™ Works Acalis® Design Environment Acalis Sentry™ Management Console Acalis® IDE Network Sentry Connection – Security Config – Sentry Connection S/W Encryption Boot Image AEC+AES Encrypted Image Acalis Sentry™
The Role of a Security Engineer • Current Role/Responsibilities Acalis Sentry™ Management Console – Deeply embedded in software design – Line-by-line verification – Constant revision of design practices With Acalis SentryTM Security Server… • New Role/Responsibilities – Security separated from software design – Menu-defined security decisions – Clearly defined constraints for software designers – Simplifies „what-if‟ scenarios when changing security requirements
Agenda • CPU Tech Market • Company Overview • Product Overview • Customer Development Cycle • Flexera Software Licensing to Support Development
Defense Acquisition Process Programs have extensive Government reviews and milestones
Phases of Defense Customer Development Design System Requirements System Design and Integration Manufacturing/Support Test Prototype • This Life-Cycle can be 5-10 Years for Defense Programs • The Full Function of Acalis Sentry not Required in All Phases • There are sometimes security concerns in design – Not everyone in integration, test, or manufacturing need to understand sensitive design details – Some security settings are „locked down‟ for the remainder of the program – Some programs „compartmentalized‟, where engineers and users have different accesses
Supply Chain Security • The fact that „Supply Chain‟ pieces are now global is a concern to some defense officials • White House Issued „Comprehensive National Cyber Security Initiative‟ (CNCI) and Declassified in 2010 • Part of the CNCI is Supply Chain Security: – “Risks stemming from both the domestic and globalized supply chain must be managed in a strategic and comprehensive way over the entire lifecycle of products, systems and services. “ – CNCI Initiative #11 Acalis Sentry is a customer offering by CPU Tech to help secure the supply chain in the development process through role and feature based licensing
Agenda • CPU Tech Market • Company Overview • Product Overview • Customer Development Cycle • Flexera Software Licensing to Support Development
Overview of Flexera Software Capabilities • CPU Tech currently utilizing several Flexera Software products • For the Acalis Sentry, using: – FlexNet Embedded – FlexNet Operations • This enables us to license several different „subscription licenses‟ to Acalis Sentry all from the same secure hardware
CPU Tech’s Business Challenges • Both desktop and embedded software provide different levels of functionality, operations, and security • Need to offer feature-based and role-based licensing and pricing models to our customers • Need to provide embedded-node-locked and floating licensing capability • Need to offer both off-line (for machines operating in a classified area) and web-based activation options to our customers • Need to be able to automate the activation process
CPU Tech’s Evaluation Criteria in Selecting FlexNet Producer Suite • Appropriate and adequate cryptographic encryption for license key protection and storage • Small memory footprint • Supported our processor architecture • Supported embedded OS‟s (OS independent, and easy to port) • Supported programming language • Performance and reliability • Easy to manage and track the license entitlement • License activation automation • Integration with other management systems, such as SalesForce • Total Cost of Ownership
Example Use Case of FlexNet Technology Embedded in Acalis Sentry Admin Developer Security How License Acalis® EB872 Engineer Works Evaluation Board  License Resides in Bootable Embedded Software  Determines Accesses and Privileges Based Active on Edition License  License pre- installed or updated by user Manufacturing Acalis SentryTM
Future Capabilities Enabled by FlexNet Embedded Admin Developer Security Engineer Acalis® EB872 Options: Evaluation Board  Off-line activation locked to device  Floating license on a license server  Provisioning server to Provisioning or automate the Generated License license update  Web-based license activation Acalis SentryTM Acalis SentryTM Manufacturing
Role and Mode Rules for Acalis Sentry Roles Needed in Acalis Sentry: Design Phases for Acalis Sentry: • Administrator: Sets passwords, • Development: This encompasses all administrative options, license software development, requires activities multiple changes and security settings • Developer: Provides mission • Test/Integration: This phase requires embedded software, final embedded some controlled code and security images setting changes • Security Engineer: Sets security • Manufacturing: This phase requires settings in secure processor no code changes, but controls sensitive • Manufacturer: Final distributor of image distribution encrypted bootable image • Support: This phase typically involves only documentation, audit, reports
Matching Roles/Modes to Customer Design Model Design System Requirements System Design and Integration Manufacturing/Support Test Prototype Full Sentry Assembly Creation Results in Manufacturing Four Static ‘Subscription Assembly Licenses’ Full Sentry Creation Manufacturing Static • Admin, Developer, • Admin, Developer, • Admin, • Admin, Security Security Engineer, Security Engineer Manufacturing Engineer Manufacturing • New images result • Unchanging • Security audit only – • Full spectrum of from debug image(s) being keeps production design space changes installed floor intact, no other needed functions
Matrix of Features to Subscription Licenses Assembly FeaturesSubscriptions Full Manufacturing Static Creation Product Activation √ √ √ √ Configuration (locking/unlocking, network) √ √ √ √ Licensing (activation, update) √ √ √ √ Field Upgrade √ √ √ √ Tamper and Activity Log (storing, retrieving) √ √ √ √ Device Sanitization √ √ √ √ Access Configuration (user group, users) √ √ √ √ Security Configuration (firewall, key, event log) √ √ √ √ Assembly Creation √ √ Assembly Upgrade √ √ Target Activity Log Retrieval √ √ √ √ Manufacturing Process √ √ √
Features, Subscriptions, and Roles – Security Engineer Assembly FeaturesSubscriptions Full Manufacturing Static Creation Product Activation √ √ √ √ Configuration (locking/unlocking, network) Licensing (activation, update) Field Upgrade √ √ √ √ Tamper and Activity Log (storing, retrieving) Device Sanitization Access Configuration (user group, users) Security Configuration (firewall, key, event log) √ √ √ √ Assembly Creation √ √ Assembly Upgrade √ √ Target Activity Log Retrieval √ √ √ √ Manufacturing Process √ √ √
Features, Subscriptions, and Roles – Administrator Assembly FeaturesSubscriptions Full Manufacturing Static Creation Product Activation √ √ √ √ Configuration (locking/unlocking, network) √ √ √ √ Licensing (activation, update) √ √ √ √ Field Upgrade √ √ √ √ Tamper and Activity Log (storing, retrieving) √ √ √ √ Device Sanitization √ √ √ √ Access Configuration (user group, users) √ √ √ √ Security Configuration (firewall, key, event log) Assembly Creation Assembly Upgrade Target Activity Log Retrieval Manufacturing Process
Features, Subscriptions, and Roles – Developer Assembly FeaturesSubscriptions Full Manufacturing Static Creation Product Activation Configuration (locking/unlocking, network) Licensing (activation, update) Field Upgrade Tamper and Activity Log (storing, retrieving) Device Sanitization Access Configuration (user group, users) Security Configuration (firewall, key, event log) Assembly Creation √ √ Assembly Upgrade √ √ Target Activity Log Retrieval √ √ Manufacturing Process
Features, Subscriptions, and Roles – Manufacturer Assembly FeaturesSubscriptions Full Manufacturing Static Creation Product Activation Configuration (locking/unlocking, network) Licensing (activation, update) Field Upgrade Tamper and Activity Log (storing, retrieving) Device Sanitization Access Configuration (user group, users) Security Configuration (firewall, key, event log) Assembly Creation Assembly Upgrade Target Activity Log Retrieval √ √ Manufacturing Process √ √ √
Cost Advantages of Flexera Software Licensing Model in Sentry • Reduces Manufacturing Cost (Single Version of Hardware) • Adds a Valuable Security Layer in User Activation • Operational Savings in Ease up Upgrade/Downgrade • Flexibility allows CPU Tech to Tailor Subscription Licenses to Customer • Protects CPU Tech and Customer Intellectual Property • Gets us Faster to Market, as we are only limited by hardware schedule
Example Cost Model to Customer Cost model allows customers to customize their licensing package and increase design security Design and System Requirements System Design Integration Manufacturing/Support Prototype Test Full Sentry Assembly Creation Manufacturing Example: Static – Two Yrs Fully Sentry (2 x $A) – Two Yrs Assembly Creation (2 x $B) – Three Yrs Manufacturing (3 x $C) – Five Yrs Static (5 x $D) Total Cost: $XYZ
Summary • Flexible Licensing helps customer with life-cycle security • Allows for cost and revenue model that matches customer process • Much of what were security „rules‟ to be enforced through audit are now enforced by fiat • Customers can play by our licensing rules within their secure facilities • Provides flexibility, cost reduction, and ease of upgrade/downgrade • Offers protection for intellectual property and revenue
Questions? Thank You!

More Related Content

Viewers also liked (20)

PPT
Slideshare turkey
DANIEL MARTÍNEZ
 
PPT
化学课件
bruce72
 
PPT
Turkey report
DANIEL MARTÍNEZ
 
PPTX
Smart Response VE
Matt Strine
 
PPTX
Fall 2014 NYJL Sustainer Slideshow
New York Junior League
 
PPTX
College Students Say the Darnedest Things
Andy Carswell
 
PDF
Mib Entrepreneurs Factory
Francesco Venier
 
PDF
Certificación a grado 2012-II PNFE
David Leon Sicilia
 
PDF
Entitlement Hub Build, Test and Deploy
Flexera
 
PDF
Fixing Design-Time Validation Errors
Flexera
 
PPTX
Slave Narratives
guesta38e21b
 
DOCX
Métricas para código fuente y pruebas orientadas a objeto
David Leon Sicilia
 
PPT
melnic
asko12345
 
DOCX
Metricas orientadas a objeto
David Leon Sicilia
 
PDF
Sweden final report
DANIEL MARTÍNEZ
 
PDF
Fever the musical! 1
DANIEL MARTÍNEZ
 
PDF
Invisible Exhibitor - MAYA Design
Erik Dahl
 
PPT
Copyright © and fair use
mrecord
 
PDF
Common Licensing Following Mergers and Acquisitions
Flexera
 
PPT
Crafting Virtual Space
Arthur Hash
 
Slideshare turkey
DANIEL MARTÍNEZ
 
化学课件
bruce72
 
Turkey report
DANIEL MARTÍNEZ
 
Smart Response VE
Matt Strine
 
Fall 2014 NYJL Sustainer Slideshow
New York Junior League
 
College Students Say the Darnedest Things
Andy Carswell
 
Mib Entrepreneurs Factory
Francesco Venier
 
Certificación a grado 2012-II PNFE
David Leon Sicilia
 
Entitlement Hub Build, Test and Deploy
Flexera
 
Fixing Design-Time Validation Errors
Flexera
 
Slave Narratives
guesta38e21b
 
Métricas para código fuente y pruebas orientadas a objeto
David Leon Sicilia
 
melnic
asko12345
 
Metricas orientadas a objeto
David Leon Sicilia
 
Sweden final report
DANIEL MARTÍNEZ
 
Fever the musical! 1
DANIEL MARTÍNEZ
 
Invisible Exhibitor - MAYA Design
Erik Dahl
 
Copyright © and fair use
mrecord
 
Common Licensing Following Mergers and Acquisitions
Flexera
 
Crafting Virtual Space
Arthur Hash
 

Similar to Security Hardware Differentiated Through Licensed Software: a High-Tech Manufacturer’s Case Study (20)

PPTX
Intel_Intelligent Solutions for Military and Aerospace
Işınsu Akçetin
 
PDF
My PC Mistook Me For A Hat
gopikurup
 
PDF
雲端與Big data
Ya-hui Lin
 
PDF
Day 3 p2 - security
Lilian Schaffer
 
PDF
Day 3 p2 - security
Lilian Schaffer
 
PPTX
Rosetta ip commercialization panel
Design And Reuse
 
PDF
2012: The Tipping Point of Broad Scale Cloud Deployment
Open Data Center Alliance
 
PDF
Dell open stack powered cloud solution introduce & crowbar demo cosug-2012
OpenCity Community
 
PDF
Plenum Edmund Thompsonpdf
guest8e5bf1
 
PDF
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
BIOVIA
 
PPTX
Junos Pulse Mobile Security Suite Launch
Juniper Networks
 
PDF
Accenture - Bubble over Barcelona 2013 MWC - Mobility Trends
Lars Kamp
 
PDF
Sp MoD M&S Infrastructure based on SimWare
Simware
 
PPTX
Bb3061 bess systems of record sv
Charlie Bess
 
PDF
Smau Bari 2012 Marco Soldi
SMAU
 
PDF
Bug Labs Automotive Web
buglabs
 
PDF
IT FUTURE 2011 - Présentation d'Intel
Fujitsu France
 
PDF
A Market Update on Embedded/Real-Time Operating Systems
VDC Research Group
 
PDF
Disa CSD Cloud Brief Sept 2009 Hjs
GovCloud Network
 
PDF
Una mirada a la situación tecnológica a través del caso Intel Norberto Mateos...
EOI Escuela de Organización Industrial
 
Intel_Intelligent Solutions for Military and Aerospace
Işınsu Akçetin
 
My PC Mistook Me For A Hat
gopikurup
 
雲端與Big data
Ya-hui Lin
 
Day 3 p2 - security
Lilian Schaffer
 
Day 3 p2 - security
Lilian Schaffer
 
Rosetta ip commercialization panel
Design And Reuse
 
2012: The Tipping Point of Broad Scale Cloud Deployment
Open Data Center Alliance
 
Dell open stack powered cloud solution introduce & crowbar demo cosug-2012
OpenCity Community
 
Plenum Edmund Thompsonpdf
guest8e5bf1
 
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
BIOVIA
 
Junos Pulse Mobile Security Suite Launch
Juniper Networks
 
Accenture - Bubble over Barcelona 2013 MWC - Mobility Trends
Lars Kamp
 
Sp MoD M&S Infrastructure based on SimWare
Simware
 
Bb3061 bess systems of record sv
Charlie Bess
 
Smau Bari 2012 Marco Soldi
SMAU
 
Bug Labs Automotive Web
buglabs
 
IT FUTURE 2011 - Présentation d'Intel
Fujitsu France
 
A Market Update on Embedded/Real-Time Operating Systems
VDC Research Group
 
Disa CSD Cloud Brief Sept 2009 Hjs
GovCloud Network
 
Una mirada a la situación tecnológica a través del caso Intel Norberto Mateos...
EOI Escuela de Organización Industrial
 
Ad

More from Flexera (20)

PDF
Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...
Flexera
 
PDF
Make Smarter Cloud Decisions at Every Step of Your Journey
Flexera
 
PPTX
10 Tips to Optimize, Automate, and Govern your Hybrid IT Environment
Flexera
 
PPTX
Using Automated Policies for SaaS Governance and Compliance
Flexera
 
PDF
The Practical Approach for End-to-End SaaS Management
Flexera
 
PDF
7 Things You Need to Know for Your Cloud-First Strategy
Flexera
 
PPTX
The Role of In-House & External Counsel in Managing Open Source Software
Flexera
 
PDF
Addressing Open Source Risks During M&A: A Legal View
Flexera
 
PPTX
Having Trouble Managing All Your Cloud Services? We Know!
Flexera
 
PPTX
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Flexera
 
PPTX
Webinar: What's New In FlexNet Manager Suite 2018 R1
Flexera
 
PPTX
Open Source Security - It can be done easily.
Flexera
 
PDF
Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...
Flexera
 
PPTX
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709
Flexera
 
PPTX
Don’t Let Hackers Breach Your Data: Shutting Your Risk Window on Apache Struts2
Flexera
 
PDF
BDNA joins Flexera
Flexera
 
PDF
Flexera Event - The Game Has Changed - Are You Ready?
Flexera
 
PDF
Webinar: Take Proactive Control of Your SAP Licensing, Indirect Usage and Ven...
Flexera
 
PDF
Keeping a Lid on Costs for Cloud Infrastructure and SaaS Applications
Flexera
 
PPTX
Do You Manage Software? Understanding Your Role in Cybersecurity Defense
Flexera
 
Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...
Flexera
 
Make Smarter Cloud Decisions at Every Step of Your Journey
Flexera
 
10 Tips to Optimize, Automate, and Govern your Hybrid IT Environment
Flexera
 
Using Automated Policies for SaaS Governance and Compliance
Flexera
 
The Practical Approach for End-to-End SaaS Management
Flexera
 
7 Things You Need to Know for Your Cloud-First Strategy
Flexera
 
The Role of In-House & External Counsel in Managing Open Source Software
Flexera
 
Addressing Open Source Risks During M&A: A Legal View
Flexera
 
Having Trouble Managing All Your Cloud Services? We Know!
Flexera
 
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Flexera
 
Webinar: What's New In FlexNet Manager Suite 2018 R1
Flexera
 
Open Source Security - It can be done easily.
Flexera
 
Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...
Flexera
 
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709
Flexera
 
Don’t Let Hackers Breach Your Data: Shutting Your Risk Window on Apache Struts2
Flexera
 
BDNA joins Flexera
Flexera
 
Flexera Event - The Game Has Changed - Are You Ready?
Flexera
 
Webinar: Take Proactive Control of Your SAP Licensing, Indirect Usage and Ven...
Flexera
 
Keeping a Lid on Costs for Cloud Infrastructure and SaaS Applications
Flexera
 
Do You Manage Software? Understanding Your Role in Cybersecurity Defense
Flexera
 
Ad

Recently uploaded (20)

PPTX
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
PDF
Blockchain Transactions Explained For Everyone
CIFDAQ
 
PDF
NewMind AI Journal - Weekly Chronicles - July'25 Week II
NewMind AI
 
PDF
HubSpot Main Hub: A Unified Growth Platform
Jaswinder Singh
 
PDF
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
PDF
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
PPTX
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
PDF
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
PDF
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
PDF
Complete Network Protection with Real-Time Security
L4RGINDIA
 
PPTX
UiPath Academic Alliance Educator Panels: Session 2 - Business Analyst Content
DianaGray10
 
PPTX
MSP360 Backup Scheduling and Retention Best Practices.pptx
MSP360
 
PPTX
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 
PDF
Human-centred design in online workplace learning and relationship to engagem...
Tracy Tang
 
PDF
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
PDF
LLMs.txt: Easily Control How AI Crawls Your Site
Keploy
 
PDF
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
PDF
Predicting the unpredictable: re-engineering recommendation algorithms for fr...
Speck&Tech
 
PPTX
Building a Production-Ready Barts Health Secure Data Environment Tooling, Acc...
Barts Health
 
PDF
Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025
faizk77g
 
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
Blockchain Transactions Explained For Everyone
CIFDAQ
 
NewMind AI Journal - Weekly Chronicles - July'25 Week II
NewMind AI
 
HubSpot Main Hub: A Unified Growth Platform
Jaswinder Singh
 
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
Complete Network Protection with Real-Time Security
L4RGINDIA
 
UiPath Academic Alliance Educator Panels: Session 2 - Business Analyst Content
DianaGray10
 
MSP360 Backup Scheduling and Retention Best Practices.pptx
MSP360
 
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 
Human-centred design in online workplace learning and relationship to engagem...
Tracy Tang
 
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
LLMs.txt: Easily Control How AI Crawls Your Site
Keploy
 
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
Predicting the unpredictable: re-engineering recommendation algorithms for fr...
Speck&Tech
 
Building a Production-Ready Barts Health Secure Data Environment Tooling, Acc...
Barts Health
 
Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025
faizk77g
 

Security Hardware Differentiated Through Licensed Software: a High-Tech Manufacturer’s Case Study

  • 1. Security Hardware Differentiated Through Licensed Software High-Tech Manufacturer’s Case Study
  • 2. Agenda • CPU Tech Market • Company Overview • Product Overview • Customer Development Cycle • Flexera Software Licensing to Support Development
  • 3. Agenda • CPU Tech Market • Company Overview • Product Overview • Customer Development Cycle • Flexera Software Licensing to Support Development
  • 4. Electronics Component Markets • Semiconductor Markets in 2011, Gartner: –Overall estimate about $320 Billion –Processor-based chips: $144 Billion –Military/Industrial Market, System-on-Chip, 32-bit+: $500 Million, 20% CAGR • Of the entire semi-conductor market: “System-on-Chip Products Will Drive Growth”
  • 6. Pendulum Swings in Defense Electronics over Time Commercial Military Driven Proliferation of Aviation and Auto Markets Proliferate IP Protection Market Performance Concerns Standards (Anti-Tamper Dual Use Required) Components Custom Proliferate Commercial Components Full MIL-STD Cryptography Requirements Proliferates ‘Perry Memo’ COTS and Open Source Trust Rise in Intelligence Concerns And Cryptography Defense Open (US Sources Sources and Required) Defense Architectures Funding War-Time Priorities Mobilization Availability Concerns (US Sources Required) No Distinct Military Market Tech Boom Marginalizes Military Requirements Commercial Driven Market
  • 7. Agenda • CPU Tech Market • Company Overview • Product Overview • Customer Development Cycle • Flexera Software Licensing to Support Development
  • 8. What We Do: Develop Secure and Compatible Technology Understanding how to build secure systems CPU Tech’s Proven Approach CPU Tech Founded 1989 Understanding how to design secure systems and eliminate Understanding System vulnerabilities Vulnerabilities 1980 1985 1990 1995 2000 2005 2010
  • 9. Who We Are: Products and Services Clients and Partners • Founded in 1989 with a vision of making compatible System-on-a- Chip (SoC) technology economically practical • CPU Tech produces the Acalis® family of Secure Processors that protect software and systems from reverse engineering • CPU Tech offers secure processing implementation services to assist customers in achieving security goals and certifications • Veteran Owned, Small Business, Headquartered in Pleasanton, CA – Rep Firms across America
  • 10. Agenda • CPU Tech Market • Company Overview • Product Overview • Customer Development Cycle • Flexera Software Licensing to Support Development
  • 11. Acalis® CPU872 Secure Processor • Multi-Core Device with Integrated Security Processor & Offload Engines • IBM Trusted Foundry • Extensive, Multi-Layered Security to Protect Against Reverse Engineering • Two Complete PowerPC® Nodes • Scalable without Additional Devices • Power Efficient Processing
  • 12. Acalis® Development Environment H Acalis® CPU872 H Acalis® EB872 Secure Processor Evaluation Board S Security Processor API T Acalis® Software Development Kit T Acalis S Embedded RTOS/OS SentryTM H Hardware: Devices & Boards S Software: Embedded User Software T Development Tools: Software Developer & Security Engineer Tools
  • 13. Acalis Sentry™ Advantages • Graphical User Interface: Offers menu-driven, easy-to-use security configuration • Secure Data Transfer: Mocana SSL data security and authentication • Security Engineer Role: Clearly separates security role from software developer role • Access Rules: Provides clear implementation of settings on chip firewalls between processors, IO, and on-chip/off-chip memory • Trusted Source Environment: Adds hardware trust to your design environment in critical areas of encryption key and boot code management
  • 14. How Acalis Sentry™ Works Acalis® Design Environment Acalis Sentry™ Management Console Acalis® IDE Network Sentry Connection – Security Config – Sentry Connection S/W Encryption Boot Image AEC+AES Encrypted Image Acalis Sentry™
  • 15. The Role of a Security Engineer • Current Role/Responsibilities Acalis Sentry™ Management Console – Deeply embedded in software design – Line-by-line verification – Constant revision of design practices With Acalis SentryTM Security Server… • New Role/Responsibilities – Security separated from software design – Menu-defined security decisions – Clearly defined constraints for software designers – Simplifies „what-if‟ scenarios when changing security requirements
  • 16. Agenda • CPU Tech Market • Company Overview • Product Overview • Customer Development Cycle • Flexera Software Licensing to Support Development
  • 17. Defense Acquisition Process Programs have extensive Government reviews and milestones
  • 18. Phases of Defense Customer Development Design System Requirements System Design and Integration Manufacturing/Support Test Prototype • This Life-Cycle can be 5-10 Years for Defense Programs • The Full Function of Acalis Sentry not Required in All Phases • There are sometimes security concerns in design – Not everyone in integration, test, or manufacturing need to understand sensitive design details – Some security settings are „locked down‟ for the remainder of the program – Some programs „compartmentalized‟, where engineers and users have different accesses
  • 19. Supply Chain Security • The fact that „Supply Chain‟ pieces are now global is a concern to some defense officials • White House Issued „Comprehensive National Cyber Security Initiative‟ (CNCI) and Declassified in 2010 • Part of the CNCI is Supply Chain Security: – “Risks stemming from both the domestic and globalized supply chain must be managed in a strategic and comprehensive way over the entire lifecycle of products, systems and services. “ – CNCI Initiative #11 Acalis Sentry is a customer offering by CPU Tech to help secure the supply chain in the development process through role and feature based licensing
  • 20. Agenda • CPU Tech Market • Company Overview • Product Overview • Customer Development Cycle • Flexera Software Licensing to Support Development
  • 21. Overview of Flexera Software Capabilities • CPU Tech currently utilizing several Flexera Software products • For the Acalis Sentry, using: – FlexNet Embedded – FlexNet Operations • This enables us to license several different „subscription licenses‟ to Acalis Sentry all from the same secure hardware
  • 22. CPU Tech’s Business Challenges • Both desktop and embedded software provide different levels of functionality, operations, and security • Need to offer feature-based and role-based licensing and pricing models to our customers • Need to provide embedded-node-locked and floating licensing capability • Need to offer both off-line (for machines operating in a classified area) and web-based activation options to our customers • Need to be able to automate the activation process
  • 23. CPU Tech’s Evaluation Criteria in Selecting FlexNet Producer Suite • Appropriate and adequate cryptographic encryption for license key protection and storage • Small memory footprint • Supported our processor architecture • Supported embedded OS‟s (OS independent, and easy to port) • Supported programming language • Performance and reliability • Easy to manage and track the license entitlement • License activation automation • Integration with other management systems, such as SalesForce • Total Cost of Ownership
  • 24. Example Use Case of FlexNet Technology Embedded in Acalis Sentry Admin Developer Security How License Acalis® EB872 Engineer Works Evaluation Board  License Resides in Bootable Embedded Software  Determines Accesses and Privileges Based Active on Edition License  License pre- installed or updated by user Manufacturing Acalis SentryTM
  • 25. Future Capabilities Enabled by FlexNet Embedded Admin Developer Security Engineer Acalis® EB872 Options: Evaluation Board  Off-line activation locked to device  Floating license on a license server  Provisioning server to Provisioning or automate the Generated License license update  Web-based license activation Acalis SentryTM Acalis SentryTM Manufacturing
  • 26. Role and Mode Rules for Acalis Sentry Roles Needed in Acalis Sentry: Design Phases for Acalis Sentry: • Administrator: Sets passwords, • Development: This encompasses all administrative options, license software development, requires activities multiple changes and security settings • Developer: Provides mission • Test/Integration: This phase requires embedded software, final embedded some controlled code and security images setting changes • Security Engineer: Sets security • Manufacturing: This phase requires settings in secure processor no code changes, but controls sensitive • Manufacturer: Final distributor of image distribution encrypted bootable image • Support: This phase typically involves only documentation, audit, reports
  • 27. Matching Roles/Modes to Customer Design Model Design System Requirements System Design and Integration Manufacturing/Support Test Prototype Full Sentry Assembly Creation Results in Manufacturing Four Static ‘Subscription Assembly Licenses’ Full Sentry Creation Manufacturing Static • Admin, Developer, • Admin, Developer, • Admin, • Admin, Security Security Engineer, Security Engineer Manufacturing Engineer Manufacturing • New images result • Unchanging • Security audit only – • Full spectrum of from debug image(s) being keeps production design space changes installed floor intact, no other needed functions
  • 28. Matrix of Features to Subscription Licenses Assembly FeaturesSubscriptions Full Manufacturing Static Creation Product Activation √ √ √ √ Configuration (locking/unlocking, network) √ √ √ √ Licensing (activation, update) √ √ √ √ Field Upgrade √ √ √ √ Tamper and Activity Log (storing, retrieving) √ √ √ √ Device Sanitization √ √ √ √ Access Configuration (user group, users) √ √ √ √ Security Configuration (firewall, key, event log) √ √ √ √ Assembly Creation √ √ Assembly Upgrade √ √ Target Activity Log Retrieval √ √ √ √ Manufacturing Process √ √ √
  • 29. Features, Subscriptions, and Roles – Security Engineer Assembly FeaturesSubscriptions Full Manufacturing Static Creation Product Activation √ √ √ √ Configuration (locking/unlocking, network) Licensing (activation, update) Field Upgrade √ √ √ √ Tamper and Activity Log (storing, retrieving) Device Sanitization Access Configuration (user group, users) Security Configuration (firewall, key, event log) √ √ √ √ Assembly Creation √ √ Assembly Upgrade √ √ Target Activity Log Retrieval √ √ √ √ Manufacturing Process √ √ √
  • 30. Features, Subscriptions, and Roles – Administrator Assembly FeaturesSubscriptions Full Manufacturing Static Creation Product Activation √ √ √ √ Configuration (locking/unlocking, network) √ √ √ √ Licensing (activation, update) √ √ √ √ Field Upgrade √ √ √ √ Tamper and Activity Log (storing, retrieving) √ √ √ √ Device Sanitization √ √ √ √ Access Configuration (user group, users) √ √ √ √ Security Configuration (firewall, key, event log) Assembly Creation Assembly Upgrade Target Activity Log Retrieval Manufacturing Process
  • 31. Features, Subscriptions, and Roles – Developer Assembly FeaturesSubscriptions Full Manufacturing Static Creation Product Activation Configuration (locking/unlocking, network) Licensing (activation, update) Field Upgrade Tamper and Activity Log (storing, retrieving) Device Sanitization Access Configuration (user group, users) Security Configuration (firewall, key, event log) Assembly Creation √ √ Assembly Upgrade √ √ Target Activity Log Retrieval √ √ Manufacturing Process
  • 32. Features, Subscriptions, and Roles – Manufacturer Assembly FeaturesSubscriptions Full Manufacturing Static Creation Product Activation Configuration (locking/unlocking, network) Licensing (activation, update) Field Upgrade Tamper and Activity Log (storing, retrieving) Device Sanitization Access Configuration (user group, users) Security Configuration (firewall, key, event log) Assembly Creation Assembly Upgrade Target Activity Log Retrieval √ √ Manufacturing Process √ √ √
  • 33. Cost Advantages of Flexera Software Licensing Model in Sentry • Reduces Manufacturing Cost (Single Version of Hardware) • Adds a Valuable Security Layer in User Activation • Operational Savings in Ease up Upgrade/Downgrade • Flexibility allows CPU Tech to Tailor Subscription Licenses to Customer • Protects CPU Tech and Customer Intellectual Property • Gets us Faster to Market, as we are only limited by hardware schedule
  • 34. Example Cost Model to Customer Cost model allows customers to customize their licensing package and increase design security Design and System Requirements System Design Integration Manufacturing/Support Prototype Test Full Sentry Assembly Creation Manufacturing Example: Static – Two Yrs Fully Sentry (2 x $A) – Two Yrs Assembly Creation (2 x $B) – Three Yrs Manufacturing (3 x $C) – Five Yrs Static (5 x $D) Total Cost: $XYZ
  • 35. Summary • Flexible Licensing helps customer with life-cycle security • Allows for cost and revenue model that matches customer process • Much of what were security „rules‟ to be enforced through audit are now enforced by fiat • Customers can play by our licensing rules within their secure facilities • Provides flexibility, cost reduction, and ease of upgrade/downgrade • Offers protection for intellectual property and revenue