Compute Security Across Industries
From the start, the Arm ecosystem has been a pioneer in compute security. Arm actively works with our global ecosystem of partners to analyze and counter security threats through the development and implementation of a complete family of architecture security features. Our architectures enable integrated security across all computing platforms, from IoT connected devices to large screen mobile computing devices and cloud server infrastructure.
Arm CPUs and system architectures are almost everywhere and underpin the entire technology industry, helping to reduce fragmentation, lower costs, and improve security. By incorporating security into the foundational layers of the architecture and enabling these to be independently certified, we have helped our partners to deliver billions of secure experiences.
As part of the latest Armv9-A architecture release, we have announced the Arm Confidential Compute Architecture (Arm CCA) – an isolation technology that builds on the strong security foundations of TrustZone.
Benefits of Arm Architecture Security Features
Arm architecture security features are created in collaboration with our partners, ensuring specifications are developed with the best security expertise in the industry. The regular release of new Arm security technologies means devices can support the highest levels of security as standard.
Arm architectures are highly standardized, helping to ensure implementations are compatible. This helps to avoid fragmentation and reduces the need for partners to create custom implementations of security services for effective countermeasures.
Arm works to ensure all the newest architectural security features are widely supported by all leading operating systems, tools. and open-source projects. This allows the whole ecosystem to develop seamlessly on the Arm architecture. As a result, the latest Arm security extensions are broadly adopted across a diverse range of form factors and markets.
Security Threats and Countermeasures
Arm architecture security features fall into four categories:
Arm architecture security features work to counter a range of cybersecurity threats. Support and resources are provided to ensure implementations can be independently evaluated using security certification schemes such as PSA Certified.
We have grouped relevant Arm security features and countermeasures alongside some common security threats and requirements.
Defensive Execution Technologies
Software is rarely perfect and the principles of defensive programming are not always applied to all the millions of lines of code. To combat this, modern compilers and processors must defend against vulnerabilities at the point of execution, reducing the need to recode. The Arm architecture includes technologies that help to defend against control-flow attacks, data-access attacks, and mitigations against side-channel attacks.
Click the hotspots to see the details.
Common Platform Security Services
In a world where users, service providers, and manufacturers need high-trust devices, every device must be uniquely identifiable, unclonable, and certified as running the vendor official software. Designing a product that can be trusted for ten or more years requires a large team of experts. Until recently, every OEM has had to choose between limitations around security or enormous investment. By developing and promoting standard firmware and software architectures across trust boundaries, the adoption of advances in the underlying hardware security architecture is simplified, and system software becomes more portable.
Click the hotspots to see the details.
Standard Security APIs
The availability of standard APIs exposes the potential of platform security services to the widest possible audience. Standard APIs ensure that application developers are able to utilize the most performant and secure features available on any given platform, in a convenient and portable way.
Click the hotspots to see the details.
PSA Certified for Security Standards
PSA Certified was established by Arm and six other co-founders to address the security needs of the IoT sector. The IoT market has expanded quickly but lacks security standardization, meaning many IoT devices were vulnerable to attack. The PSA Certified scheme provides a framework and methodology for built-in security, enabling silicon manufacturers, system software providers, and OEMs to develop right-sized security for different devices.
PSA Certified provides a path to certification, enabling vendors to prove they have met all PSA Certified security requirements. Many of the architectural features and frameworks described in the table above can be used to meet the requirements of PSA Certified and build more secure devices. To make it easy to meet PSA Certified requirements on Arm, we provide resources to help developers at every stage of their journey.