MVSecure is MontaVista's new and innovative security assessment, configuration and implementation service. With MVSecure, we allow all Linux customers access to MontaVista's extensive security process and technology competence.
We believe that especially with the EU Cybersecurity Act and commission directive and the US Executive Order placed for handling product security and defect handling over its lifecycle, services like MVSecure will become ever more important.
MVSecure -services typically follow a process:
1) Review the customer’s use-case and the explicit security requirements placed on the platform
2) Derive and plan a security threat analysis model that provides a prioritized set of security controls for the best return on investment considering the criticality of the customers’ application
3) Implement the security controls based on the customer’s feedback.
4) Provide maintenance and support services that maintain and manage the controls implemented
Examples of areas MVSecure addresses are systems that need specific security features such as Secure Boot, run-time integrity management, certificate storage and PKI system configuration, production line security process implementation, SELinux, ARM TrustZone, or TPM setup. MVSecure also addresses configuration-specific standards such as Security Technical Implementation Guide (STIG), IOTSF, or other domain-specific or internal corporate security directives.
MVSecure also offers certification programs that provide a more holistic view on the product’s security and lead to specific certification, such as Common Criteria or different variants of ISO.
MVSecure is usually deployed together with other MontaVista products, like CGX or MVShield, and other supporting services, but is also offered as a stand-alone service.
The following diagram presents an overview of the steps for the MVSecure service.