Platform Security Work items for 2021
Meeting: Thursday 11/5/2020, 2:00pm EST
- Keys
- How keys are accessed? Multi-tenancy security
- General encryption/authentication/common interface/storage
- Need to gear these requirements to existing BP, make sure that we are adding value to the most BPs possible
- Boot image (OS/Firmware)
- Host image/Guest image. Proposal to start with host images.
- Secured boot, use PSA questionnaire as a starting guide for host environments.
- Verification will be based on the specific platform. Normal boot vs secure boot (Arm).
- Focus on common areas between Arm and x86, platform agnostic. PSA certification checklist.
- Close loop with the BP owners once we have an initial plan developed. Need to make sure that the platform security items proposed add value to the BP that exist.
- These requirements would apply to platform chosen by the BP users
- Public Cloud based BPs – check with Public Cloud BP owners to verify if the platform in that environment can be altered. Public cloud certified HW (AWS/Azure), should we work with the vendors that these public clouds use. Need to determine which certifications we would require for public cloud implementations.
- Define our own list of requirements or use existing lists that have been developed, need to make sure that Arm and x86 both support requirements. The requirements that we make should be verifiable. May have to create exceptions for Public Cloud environments.
https://www.psacertified.org/development-resources/certification-resources/
- Protecting data in run time as it is being processed
- PARSEC API
- Ask BP owners if there are other platform security areas that should be addressed
- How to standardize on HW will be a challenging area