Top-down security hardens the external attack surface of the system, stopping threats from entering the system. It also uses software, where possible, to analyze and protect the current security state of the system. The following is a partial list of top-down security components you may come across:
- Communications Protocols
- Secure peripherals
- Antivirus programs
- Strong user authentication schemes/passwords
- Secure software update processes
- Security hardened applications
- Closing unauthorized and/or insecure doorways into systems
Top-down security is necessary but not sufficient. Top-down security is largely based on software that is launched late in the boot cycle of a machine. It typically cannot detect or stop deep threats. A good rule for security design is:
Assume attacks will get in.
Design your security to protect system secrets from attackers.
Detect all threats.
Recover from threats without the need for physical service intervention.
Bottom-up security adds the needed additional security features by providing:
- A bootup method to get to an initial high security state.
- A separate system device where critical keys and protected information can be used but protected from attackers
- A method for running reliable remote health checks of a system
- Strong system identity to stop cyber-impersonators.
Bottom-up security is active during the first instructions of system bootup. It should be extensively utilized by the backend servers that manage it all. The Trusted Platform Module (TPM) is an excellent root of trust that provides all the functions needed for bottom up security. The TPM is an international standard security module (ISO/IEC 11889), specified by the Trusted Computing Group (TCG), a consortium of more than 100 members. The TPM is supported by TCG Software Stack (TSS) which is middleware that applications use to share and manage the security functionality of a TPM. OnBoard Security’s TrustSentinel TSS 2.0 is the only commercially available TSS 2.0. Using the TPM with TrustSentinel TSS 2.0 is an easy and cost-effective way to implement the bottom-up security that IoT devices frequently lack.