{"id":425733,"date":"2017-09-19T10:02:44","date_gmt":"2017-09-19T17:02:44","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/research\/?post_type=msr-project&#038;p=425733"},"modified":"2023-01-12T07:56:21","modified_gmt":"2023-01-12T15:56:21","slug":"cyber-resilient-platform-program","status":"publish","type":"msr-project","link":"https:\/\/www.microsoft.com\/en-us\/research\/project\/cyber-resilient-platform-program\/","title":{"rendered":"Cyber-Resilient Platform Program"},"content":{"rendered":"<section class=\"mb-3 moray-highlight\">\n\t<div class=\"card-img-overlay mx-lg-0\">\n\t\t<div class=\"card-background bg-gray-200 has-background- card-background--full-bleed\">\n\t\t\t\t\t<\/div>\n\t\t<!-- Foreground -->\n\t\t<div class=\"card-foreground d-flex mt-md-n5 my-lg-5 px-g px-lg-0\">\n\t\t\t<!-- Container -->\n\t\t\t<div class=\"container d-flex mt-md-n5 my-lg-5 \">\n\t\t\t\t<!-- Card wrapper -->\n\t\t\t\t<div class=\"w-100 w-lg-col-5\">\n\t\t\t\t\t<!-- Card -->\n\t\t\t\t\t<div class=\"card material-md-card py-5 px-md-5\">\n\t\t\t\t\t\t<div class=\"card-body \">\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\n\n<h1 id=\"cyber-resilient-platform-program\" class=\"h2\">Cyber-Resilient Platform Program<\/h1>\n\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/div>\n<\/section>\n\n\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>adjective: <strong>resilient<\/strong><\/p><cite>\u2026 able to withstand or recover quickly from difficult conditions.<\/cite><\/blockquote>\n\n\n\n<h2 id=\"summary\">Summary<\/h2>\n\n\n\n<p>The Cyber Resilient Platforms Program (CyReP) is a Microsoft-led industry initiative to improve the security and resiliency of computers, with particular emphasis on cloud-managed IoT devices.&nbsp; The CyReP Program includes hardware and protocol specifications, as well as open-source software that enables the security features.<\/p>\n\n\n\n<p>One of the primary goals of CyReP is to enable a rich ecosystem of hardware and software components that can be used to build systems and devices that meet the requirements of <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" rel=\"noopener noreferrer\" target=\"_blank\" href=\"https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-193\/draft\">NIST SP-800-193 <span class=\"sr-only\"> (opens in new tab)<\/span><\/a>(DRAFT) <em>\u201cPlatform Firmware Resiliency Guidelines.\u201d<\/em><\/p>\n\n\n\n<h2 id=\"introduction-to-the-cyber-resilient-platform-program\">Introduction to the Cyber-Resilient Platform Program<\/h2>\n\n\n\n<p><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" rel=\"noopener noreferrer\" target=\"_blank\" href=\"https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-193\/draft\">NIST SP-800-193 <span class=\"sr-only\"> (opens in new tab)<\/span><\/a>(DRAFT) identifies the following three principles for building resilient systems:<\/p>\n\n\n\n<p><strong>Protection:<\/strong> Mechanisms for ensuring that Platform Firmware code and critical data remain in a state of integrity and are protected from corruption.<\/p>\n\n\n\n<p><strong>Detection:<\/strong> Mechanisms for detecting when Platform Firmware code and critical data have been corrupted.<\/p>\n\n\n\n<p><strong>Recovery:<\/strong> Mechanisms for restoring Platform Firmware code and critical data to a state of integrity in the event that any such firmware code or critical data are detected to have been corrupted, or when forced to recover through an authorized mechanism.<\/p>\n\n\n\n<p>Well-designed Internet-connected devices <em>protect<\/em> themselves against cyber-threats, and device vendors employ a wide range of hardware and software-based protection technologies to keep systems secure.&nbsp; Unfortunately, bugs and misconfigurations still lead to damaging exploits.&nbsp; <em>A Cyber Resilient Platform<\/em> contains additional mechanisms that allow exploits and vulnerabilities to be <em>detected<\/em>, and for devices to be <em>recovered<\/em> if they are compromised or hung.<\/p>\n\n\n\n<p>Mechanisms for detection and recovery are already available for some classes of computer platform: for example, Baseboard Management Controllers (BMCs) and Service Processors (SPs) in conjunction with BIOS\/UEFI firmware perform this function in centrally-managed data centers and servers. Unfortunately, existing technology is a poor choice for IoT because of cost, power-demands, and the lack of an out-of-band control network.<\/p>\n\n\n\n<p>The CyReP Program seeks to enable comparable manageability and security for the next generation of IoT devices.&nbsp; <a href=\"https:\/\/www.microsoft.com\/en-us\/research\/publication\/cyber-resilient-platform-requirements\/\">CyReP hardware building-blocks<\/a> can serve as a foundation for building enhanced firmware and data protection, exploit\/vulnerability detection, and reliable centrally-managed recovery into even the tiniest of devices.<\/p>\n\n\n\n<p>CyReP hardware building-blocks can benefit any sort of system software.&nbsp; A simple microcontroller running a library OS may use CyReP hardware as the primary security technology.&nbsp; Devices that use a full-fledged operating system may use CyReP hardware to recover systems when all other cyber-defenses have failed.<\/p>\n\n\n\n<p>CyReP hardware is coupled with CyReP system-software to build end-to-end security solutions.&nbsp; Microsoft is open-sourcing <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" rel=\"noopener noreferrer\" target=\"_blank\" href=\"https:\/\/github.com\/Microsoft\/RIoT\">portable libraries <span class=\"sr-only\"> (opens in new tab)<\/span><\/a>that can be incorporated into any system software, and is also open-sourcing ports to popular <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" rel=\"noopener noreferrer\" target=\"_blank\" href=\"https:\/\/github.com\/LordOfDorks\/miniDICE\">system software <span class=\"sr-only\"> (opens in new tab)<\/span><\/a>and <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" rel=\"noopener noreferrer\" target=\"_blank\" href=\"https:\/\/github.com\/LordOfDorks\/miniDICE-L4\">devices<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>.<\/p>\n\n\n\n<p>A cornerstone of IoT device security is ongoing management, including firmware updates and security configuration changes.&nbsp; CyReP devices support secure and reliable centralized management through <a href=\"https:\/\/www.microsoft.com\/en-us\/research\/publication\/device-identity-dice-riot-keys-certificates\/\">CyReP protocols<\/a>.&nbsp; Microsoft is working to standardize protocols in the <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" rel=\"noopener noreferrer\" target=\"_blank\" href=\"https:\/\/trustedcomputinggroup.org\/\">Trusted Computing Group<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (TCG), and is also providing <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" rel=\"noopener noreferrer\" target=\"_blank\" href=\"https:\/\/github.com\/Microsoft\/RIoT\">open-source library code <span class=\"sr-only\"> (opens in new tab)<\/span><\/a>that implements the standards.<\/p>\n\n\n\n<p>Azure IoT supports highly scalable and reliable <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" rel=\"noopener noreferrer\" target=\"_blank\" href=\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-iot-supports-new-security-hardware-to-strengthen-iot-security\/\">management of CyReP devices<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>, and the next generation of Windows IoT can use CyReP features.<\/p>\n\n\n\n<p>The <a href=\"https:\/\/www.microsoft.com\/en-us\/research\/publication\/cyber-resilient-platforms-overview\/\">Cyber-Resilient Platforms Overview <\/a>white paper and the other papers linked below contain more information.&nbsp; The <a href=\"https:\/\/www.microsoft.com\/en-us\/research\/project\/dice-device-identifier-composition-engine\/\">DICE<\/a> (Device Identifier Composition Engine) project page contains more information on how CyReP devices implement hardware-based cryptographic device identity and attestation.<\/p>\n\n\n","protected":false},"excerpt":{"rendered":"<p>adjective: resilient \u2026 able to withstand or recover quickly from difficult conditions. The Cyber Resilient Platforms Program (CyReP) is a Microsoft-led industry initiative to improve the security and resiliency of computers, with particular emphasis on cloud-managed IoT devices.&nbsp; The CyReP Program includes hardware and protocol specifications, as well as open-source software that enables the security [&hellip;]<\/p>\n","protected":false},"featured_media":0,"template":"","meta":{"msr-url-field":"","msr-podcast-episode":"","msrModifiedDate":"","msrModifiedDateEnabled":false,"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"research-area":[13558],"msr-locale":[268875],"msr-impact-theme":[],"msr-pillar":[],"class_list":["post-425733","msr-project","type-msr-project","status-publish","hentry","msr-research-area-security-privacy-cryptography","msr-locale-en_us","msr-archive-status-active"],"msr_project_start":"2015-01-01","related-publications":[238189,422166,426252,426267],"related-downloads":[],"related-videos":[],"related-groups":[],"related-events":[],"related-opportunities":[],"related-posts":[],"related-articles":[],"tab-content":[],"slides":[],"related-researchers":[{"type":"user_nicename","display_name":"Dennis Mattoon","user_id":31607,"people_section":"Section name 1","alias":"dennisma"},{"type":"guest","display_name":"Rob Spiger","user_id":425736,"people_section":"Section name 1","alias":""},{"type":"user_nicename","display_name":"Kevin Kane","user_id":32554,"people_section":"Section name 1","alias":"kkane"},{"type":"user_nicename","display_name":"Marcus Peinado","user_id":32804,"people_section":"Section name 1","alias":"marcuspe"}],"msr_research_lab":[199565],"msr_impact_theme":[],"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-project\/425733","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-project"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/types\/msr-project"}],"version-history":[{"count":29,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-project\/425733\/revisions"}],"predecessor-version":[{"id":912333,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-project\/425733\/revisions\/912333"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/media?parent=425733"}],"wp:term":[{"taxonomy":"msr-research-area","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/research-area?post=425733"},{"taxonomy":"msr-locale","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-locale?post=425733"},{"taxonomy":"msr-impact-theme","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-impact-theme?post=425733"},{"taxonomy":"msr-pillar","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-pillar?post=425733"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}