Battleships in Legoland

Battleships in Legoland

 

Security though Software and Hardware Based Modularity

Indulge me while I ruminate a bit on the whimsical world of technology, where modularity reigns supreme as the unsung hero of security – think of it as the bunch of individual Legos that are assembled to create your digital Fort Knox.  In both software and hardware design, embracing modularity is like putting up layers of defense against cyber threats, creating a fortress of digital resilience that even the most hardened security professionals endorse as the gold standard for securing embedded systems.

Let’s start with software-based modularity, shall we?  Picture your favorite connected device as a puzzle, with each modular component acting as a unique piece that fits snugly into place.  Using your favorite type-1 virtualization tool (seL4, Bedrock, etc) to enable the compartmentalizing of functions and data within these modules, developers can create barriers that restrict unauthorized access and limit the impact of potential breaches.  One wrinkle to consider, the puzzle still sits on a table (aka the chipset) which means the bottom layer is still not trusted.

Ships today are built on the construct of hardware-based modularity.  Modularity is a critical design principle when it comes to protecting ships from torpedoes. By compartmentalizing various sections of the ship and ensuring that each module is structurally independent and well-protected, the impact of a torpedo strike can be contained and minimized. In the event of a torpedo hitting the ship, the damage is less likely to spread throughout the entire vessel, as the modules act as barriers that limit the flooding and structural compromise to specific areas.

Software or Hardware based Modularity – which is right for you?   The answer is easy – yes.  The goal is the creation of a high assurance and resilient connected device.  Better answer – use both.

For the last decade, the focus of the embedded systems industry has been on leveraging software-based virtualization to achieve modularity.  This was primarily an exercise to take out cost while adding resilience because the chipsets in your processing devices have been the long pole in the total BOM cost of a connected device.   However, the increasing commoditization of chipsets is allowing industry to consider a swing back to leveraging hardware-based modularity while still achieving cost efficiencies.

What if you built (or were building…grin) a device with three chipsets in one mobile device, one for the radios, one for the encryption, and another for the UX.  Wrap a couple of the chips in Faraday cages and add some anti-tamper, then layer in some added software-based modularity to create modules in modules and voila….modularity squared.

This product would be a game changer that enables an improvement in SWAP-C, the assurance and resilience you demand, and packaged in a standard, commercial high-end mobile device.

That is right.  By leveraging both hardware and software-based modularity you can have an ultra-secure, connected device with a commercial look and feel that the market has been demanding for far too long.

Interested?   Call me.