Cyber-Resilient Platform Program

adjective: resilient

… able to withstand or recover quickly from difficult conditions.

Summary

The Cyber Resilient Platforms Program (CyReP) is a Microsoft-led industry initiative to improve the security and resiliency of computers, with particular emphasis on cloud-managed IoT devices.  The CyReP Program includes hardware and protocol specifications, as well as open-source software that enables the security features.

One of the primary goals of CyReP is to enable a rich ecosystem of hardware and software components that can be used to build systems and devices that meet the requirements of NIST SP-800-193 (opens in new tab)(DRAFT) “Platform Firmware Resiliency Guidelines.”

Introduction to the Cyber-Resilient Platform Program

NIST SP-800-193 (opens in new tab)(DRAFT) identifies the following three principles for building resilient systems:

Protection: Mechanisms for ensuring that Platform Firmware code and critical data remain in a state of integrity and are protected from corruption.

Detection: Mechanisms for detecting when Platform Firmware code and critical data have been corrupted.

Recovery: Mechanisms for restoring Platform Firmware code and critical data to a state of integrity in the event that any such firmware code or critical data are detected to have been corrupted, or when forced to recover through an authorized mechanism.

Well-designed Internet-connected devices protect themselves against cyber-threats, and device vendors employ a wide range of hardware and software-based protection technologies to keep systems secure.  Unfortunately, bugs and misconfigurations still lead to damaging exploits.  A Cyber Resilient Platform contains additional mechanisms that allow exploits and vulnerabilities to be detected, and for devices to be recovered if they are compromised or hung.

Mechanisms for detection and recovery are already available for some classes of computer platform: for example, Baseboard Management Controllers (BMCs) and Service Processors (SPs) in conjunction with BIOS/UEFI firmware perform this function in centrally-managed data centers and servers. Unfortunately, existing technology is a poor choice for IoT because of cost, power-demands, and the lack of an out-of-band control network.

The CyReP Program seeks to enable comparable manageability and security for the next generation of IoT devices.  CyReP hardware building-blocks can serve as a foundation for building enhanced firmware and data protection, exploit/vulnerability detection, and reliable centrally-managed recovery into even the tiniest of devices.

CyReP hardware building-blocks can benefit any sort of system software.  A simple microcontroller running a library OS may use CyReP hardware as the primary security technology.  Devices that use a full-fledged operating system may use CyReP hardware to recover systems when all other cyber-defenses have failed.

CyReP hardware is coupled with CyReP system-software to build end-to-end security solutions.  Microsoft is open-sourcing portable libraries (opens in new tab)that can be incorporated into any system software, and is also open-sourcing ports to popular system software (opens in new tab)and devices (opens in new tab).

A cornerstone of IoT device security is ongoing management, including firmware updates and security configuration changes.  CyReP devices support secure and reliable centralized management through CyReP protocols (opens in new tab).  Microsoft is working to standardize protocols in the Trusted Computing Group (opens in new tab) (TCG), and is also providing open-source library code (opens in new tab)that implements the standards.

Azure IoT supports highly scalable and reliable management of CyReP devices (opens in new tab), and the next generation of Windows IoT can use CyReP features.

The Cyber-Resilient Platforms Overview white paper and the other papers linked below contain more information.  The DICE (Device Identifier Composition Engine) project page contains more information on how CyReP devices implement hardware-based cryptographic device identity and attestation.