OCP S.A.F.E. Update.pdf

1、A brief update on the S.A.F.E initiative since launch in October 2023 followed by a panel discussion.OCP S.A.F.E UpdateEric Eilertson,Security Architect,MicrosoftAlex Tzonkov,Security Architect,AMDAlfredo Pironti,Director,IO ActiveOCP S.A.F.E UpdateSecurity and Data ProtectionSECURITYStandardize Sec

2、urity Reviews from CSPs and hyperscalersRemove need for multi-party NDAsMove security reviews earlier into the development lifecycleEngage SRP early and oftenThe final review could be largely ceremonialSecurity Reviews become standard rhythm of businessS.A.F.E OverviewScope 1 Secure boot+FirmwarePro

3、per handling of critical security parametersInput validationMemory safetyStorage DevicesValidation of crypto erase and block overwriteScope 2 Designed for isolationROT/Security processor and memory isolated from application coresApplication cores and firmware provide isolation between processesScope

4、 3 Designed to withstand physical attacksArchitecture has mitigations for glitch and side channel attacksReview AreasTechnical Advisory CommitteeThordur Bjornsson GoogleEric Eilertson MicrosoftTim Pletcher HPEMichael Schneider IDA/CCSTAC will evaluate Security Review Provider applicationsTAC will ma

5、nage the framework,review areas,SRP criteriaSRP list from October 2023 LaunchAtredis,IO Active,NCC GroupTetrel Security added March 2024S.A.F.E.Programmatic UpdateUpcoming LegistationNational-Cybersecurity-Strategy-2023.pdf(whitehouse.gov)Outlines administrations proposed strategy to address emergin

6、g cybersecurity threats.Section 3.3:shift liability for insecure software products and services.https:/www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdfCTO of software provider is accountable for software delivered.European Commissi