Compute Security Across Industries

From the beginning, the Arm ecosystem has been a pioneer in compute security. Arm actively works with our global ecosystem of partners to analyze and counter security threats through the development and implementation of a complete family of architecture security features. Our architectures enable integrated security across all computing platforms, from IoT connected devices to large screen mobile computing devices and cloud server infrastructure.

 

Arm’s CPU and system architectures are pervasive and underpin the entire technology industry, helping to reduce fragmentation, lower costs and improve security. By incorporating security into the foundational layers of the architecture, we have enabled billions of secure experiences.

 

As part of the latest Armv9-A architecture release, we have announced the Arm Confidential Compute Architecture (Arm CCA) – an isolation technology that builds on the strong security foundations of TrustZone.

Learn More

Benefits of Arm Architecture Security Features

Ease of Deployment and Adoption

To simplify the development of secure products deployed at scale, Arm works with PSA Certified and publishes architecture standards that span industries. The regular release of new Arm security technologies means devices can support the highest levels of security as standard. About 42% of technology decision makers* cite a lack of understanding or expertise as the biggest IoT security challenge, according to the PSA Certified Security Report 2021.

Collaborative Development Across the Arm Ecosystem

Arm’s architecture security features are created in collaboration with our partners, ensuring specifications are developed with the best security expertise in the industry.

Economic Gain Through Integrated Security

Security is the greatest challenge to reaching computing’s full potential. Strong integrated security built into the CPU architecture and platform, ensures devices can trust one another and their data. This becomes even more critical as we shift to using AI and autonomous platforms.

Reduced Cost of Security Implementation

About 52% of technology decision makers* consider the additional cost of security to be a top barrier to improving IoT security, according to the PSA Certified Security Report 2021. Arm’s freely available specifications and industry collaboration reduces the level of investment required by OEMs and partners to build secure products.

*The core of this report’s findings originate from a November 2020 survey, conducted among 628 technology decision makers across Europe, USA and APAC by Sapio Research.

Security Threats and Countermeasures

Arm architecture security features fall into four categories: Defensive execution, isolation technologies, common platform security services and standard security APIs. Arm’s architecture security features work to counter a range of cybersecurity threats.

 

We have grouped relevant Arm security features and countermeasures alongside some common security threats and requirements.

 

Defensive Execution Technologies
Side-Channel Attacks

Side-Channel Attacks

Gaining access to data and flows exploiting undesirable side-effects of out-of-order execution and speculative execution in modern processors.

Stack-Smashing Attacks

Stack-Smashing Attacks

Stack-smashing attacks, such as jump- and return-oriented programming, are used to target imperfections in software, such as improper bounds-checking.

Memory Safety Violations

Memory Safety Violations

An attacker may attempt to manipulate software to use memory after it’s been freed or to access a memory object in it's boundary.

Isolation Technologies
Isolation Between Secure Worlds

Isolation Between Secure Worlds

Stronger isolation between multiple Secure world trusted applications - TrustZone workloads.

Protecting Code and Data

Protecting Code and Data

Protecting sensitive code and algorithms from rich OS and workloads, all while avoiding the cost of separate security processors.

Protecting Mainstream Compute Workloads

Protecting Mainstream Compute Workloads

Part of Arm's Confidential Compute Architecture, the Realm Management Extension (RME) brings the benefits of TrustZone to all workloads.

Common Platform Security Services
Meeting PSA Certified Standards

Meeting PSA Certified Standards

Specifications and guides that describe security requirements that a product design must implement in order to meet the requirements of PSA Certified.

Communication Across Security Boundaries

Communication Across Security Boundaries

Standardized communication between different software images.

Open and Standard Device Firmware

Open and Standard Device Firmware

Shared, portable and open firmware supporting a pre-rich-OS boot environment with support for secure and measured boot, firmware update and TrustZone.

Confidential Compute Software

Confidential Compute Software

Standard reference implementations of the Confidential Compute stack that can be formally proven – helping to reduce the number of different implementations that relying parties must trust.

Standard Security APIs
Verification of Attestation

Verification of Attestation

Standardizing verification of attestation and providing a uniform provisioning API for vendors to publish information on software updates.

Portable Platform Security APIs

Portable Platform Security APIs

Specification and OSS implementation of secure cryptography, storage and attestation APIs that are portable across a wide range of devices.

Language-Independent Security APIs

Language-Independent Security APIs

Implementation of platform and language independent security APIs.

PSA Certified for Security Standards

PSA Certified was established by Arm and six other co-founders to address the security needs of the internet-of-things (IoT) sector. The IoT market has expanded quickly but lacks security standardization, meaning many IoT devices were vulnerable to attack. The PSA Certified scheme provides a framework and methodology for built-in security, enabling silicon manufacturers, system software providers ,and OEMs to develop right-sized security for different devices.

 

PSA Certified provides a path to certification, enabling vendors to prove they have met all PSA Certified security requirements. Many of the architectural features and frameworks described in the table above can be used to meet the requirements of PSA Certified and build more secure devices. To make it easy to meet PSA Certified requirements on Arm, we provide resources to help developers at every stage of their journey.