Azure Sphere - Microsoft€¦ · Azure Sphere devices are free to connect to Azure or any other...
Transcript of Azure Sphere - Microsoft€¦ · Azure Sphere devices are free to connect to Azure or any other...
Azure Sphere
Giovanni Gatto
Solution Specialist
9 BILLION new MCU devices
built and deployed every year
Microcontrollers
(MCUs) low-cost, single
chip computers
Fewer than 1% of MCUs are connected today.
Opportunity Risk
What happens when you connect
a device to the internet?
“The internet is this caldron of evil.” Dr. James Mickens, Harvard University
“When smart gadgets spy on you: Your home life is less private than you think”
“Protecting Your Family: The Internet of Things Gives Hackers Creepy New Options”
Everyday devices are used to
launch an attack that takes
down the internet for a day
100k devices
Exploited a well known weakness
No early detection, no remote update
Mirai Botnet attack
Attackers gain access to casino
database through fish tank
Entry point was a connected thermometer
Once in, other vulnerabilities were exploited
Gained access to high-roller database
Hackers attack casino
No manufacturer wants to make insecure devices
Terrorists Ignite Thousands of House Fires with Hacked Stoves
From: HackersTo: ConsumerSubject: Your Fridge
We control your fridge.Send us $5 in bitcoin or else…
How will you respond when your devices are
compromised or under attack?
I don’t feel like this question is perfect – couldn’t remember exactly what we said in the hallway…
You’ll try to keep the hackers out of your device.
But, what will you do if they get in?
The internet security battle.
We’ve been fighting it for decades. We have experience to share.
Security is foundational
It must be built in from the beginning.
Hardware
Root of Trust
Defense
in Depth
Small Trusted
Computing Base
Dynamic
Compartments
Certificate-Based
Authentication
Failure
Reporting
Renewable
Security
The 7 properties of highly secured devices
https://aka.ms/7properties
© Microsoft Corporation
Some properties depend only on hardware support
Unforgeable cryptographic keys
generated and protected by hardware
Hardware Root of Trust
• Hardware to protect Device Identity
• Hardware to Secure Boot
• Hardware to attest System Integrity
Hardware
Root of Trust
© Microsoft Corporation
Internal barriers limit the reach of any
single failure
Dynamic Compartments
• Hardware to Create Barriers
• Software to Create Compartments
Some properties depend on hardware and software Dynamic
Compartments
Defense in
DepthSmall Trusted
Computing Base
© Microsoft Corporation
Device security renewed to overcome
evolving threats
Renewable Security
• Cloud to Provide Updates
• Software to Apply Updates
• Hardware to Prevent Rollbacks
Some properties depend on hardware, software and cloud
Certificate-Based
Authentication
Failure
Reporting
Renewable
Security
Meeting these seven properties is difficult and costly
Design and build
a holistic solution
Recognize and mitigate
emerging threats
Distribute and apply
updates on a global scale
Azure Sphere
Certified MCUs
The Azure Sphere
Operating System
The Azure Sphere
Security Service
Azure Sphere is an end-to-end solution for securing MCU powered devices
Azure Sphere Certified MCUs from silicon partners, with built-in Microsoft
security technology provide connectivity and
a dependable hardware root of trust.
© Microsoft Corporation
Connected with built-in networking
Secured with built-in Microsoft silicon security
technology including the Pluton Security Subsystem
Crossover real-time and application processing
power brought to MCUs for the first time
Azure Sphere certified MCUs create a secured root of trust for connected, intelligent edge devices
ARM Cortex-MFor real-time processing
ARM Cortex-AOptimized for
low power
SRAM≥ 4MB
Network ConnectionWi-Fi in first chips
Microsoft
PlutonSecurity
Subsystem
Multiplexed I/O
SPII2CUARTI2STDMPWMGPIO ADC
FLASH ≥ 4MB
Firewall Firewall Firewall
Firewall Firewall Firewall
The Azure Sphere Operating Systema four-layer defense in depth OS with ongoing updates
creates a secured platform for IoT experiences.
The Azure Sphere Security Service guards every Azure Sphere device; it brokers trust for
device-to-device and device-to-cloud communication,
detects emerging threats, and renews device security.
Azure Sphere is open
Open to any MCU manufacturerWe are licensing our Pluton security subsystem
royalty free for use in any chip
Open to any innovationMCU manufacturers are free to innovate with our
GPL’d OSS Linux kernel code base
Open to any cloudAzure Sphere devices are free to connect to
Azure or any other cloud, proprietary or public
for application data
Azure Sphere is Open.
Three components. One low price. No subscription fees.
An Azure Sphere certified MCU
The Azure Sphere OS
with ongoing on-device OS updates
The Azure Sphere Security Service
with ongoing on-device security updates
Simplify development
Focus your device development
effort on the value you want
to create
Streamline debugging
Experience interactive, context-
aware debugging across device
and cloud
Collaborate across your team
Apply tool-assisted collaboration
across your entire development
organization
Microsoft has modernized MCU development with Azure Sphere, Visual Studio, and Azure DevOps
Faster time to market
PRODUCTIVITY
The future is now
OPPORTUNITY
Peace of mind
SECURITY
Get Started with Azure Sphere Today!
Try today: http://www.azure-sphere.com
Now available▪ Azure Sphere development kits from Seeed studios
Public preview availability ▪ Azure Sphere OS
▪ Azure Sphere Security Service
▪ Visual Studio tools for Azure Sphere
Opportunity RiskResponsibility
© 2018 Microsoft Corporation. All rights reserved.
Thank you!