How the safe flaw of platform of zoology of household of lucky core small intelligence discovers in time and repair?

Platform of zoology of household of lucky core small intelligence is built through compose ” the technology is monitored + zoology cooperates with + answer quickly ” entire chain mechanism, realize the seasonable discovery of safe flaw and rehabilitate, concrete step is as follows:

One, flaw discovers a mechanism: Monitor actively with cooperate with with all possible means

1. Buy safety monitors tool and log analysis inside
2. Lucky core is small in chip and modular group level compositive real time safety monitors module, can transmit behavior to undertake trends is tracked to facility moving status, data, detect through unusual discharge for example, the function such as give an alarm of attributive cross the border, identify potential flaw to use act (like infuse of illegal firmware to load, unusual statement) . In the meantime, platform can collect equipment to run a log to upload to center of safety of high in the clouds, analyse the unusual pattern in the log through AI algorithm, shift to an earlier date early-warning is sealed flaw risk.
3. Combine safe manufacturer and white hat community to build flaw warehouse in all
4. Lucky core is small as safe as tripartite manufacturer (if surprise,bring letter, Venus time) collaboration, receive database of its menace information, information of synchronous and newest flaw of safety of content couplet net; Pass at the same time ” flaw offer a reward plans ” attract community of white hat hacker to participate in, encourage safe investigator to undertake osmotic a test to its chip, firmware and zoology platform, conceal flaw in order to discover. For example, the communication agreement flaw that lives in equipment in the light of intelligence, firmware adds close blemish to wait, white hat hacker can feedback through official channel, lucky core is small can offer money reward according to flaw grade.
5. Zoology associate flaw appears in the newspaper with feedback passageway
6. The intelligence of tiny to carrying lucky core chip lives in a manufacturer (like intelligent door lock, photograph brand resembling a head) , lucky core is small built exclusive flaw reports a passageway. The safe problem that the manufacturer checks in the product or discovers in user feedback, can refer to whole group of lucky core microamper directly, form ” manufacturer – chip business ” discover a mechanism in coordination, prevent leak large-scale in terminal product diffuse.

2, flaw repair technological process: Answer quickly enclothe with complete link

1. Classification answer mechanism and urgent repair technological process
2. Lucky core is small it is flaw by serious degree cent ” Critical (urgent) , High (Gao Wei) , Medium (in danger) , Low (low danger) ” 4 class:

• To Critical class flaw (if can control the 0day flaw of equipment remotely directly) , safe group can start 7 × 24 hours urgent answer, flaw rehabilitate patch is outputted inside 48 hours;
• Gao Wei and the following flaw finish a patch to develop inside 1-2 week, synchronous to zoology associate.

1. Firmware OTA upgrades as safe as chip class consolidate
2. Be aimed at the flaw that already discovered, lucky core is small pass rehabilitate of two kinds of means:

• Software level: Push send firmware OTA (technology of the download in sky) update, user facilities but automatic or the hand is moved upgrade patch, repair agreement flaw, add the problem such as close algorithmic blemish;
• Hardware level: If flaw results from,chip designs blemish, safe module can be optimized in next generation chip (if enhance Trustzone to keep apart intensity, upgrade add close engine algorithm) , supply compatibility firmware patch to keep capacity equipment, reduce attack risk.

?

1. Safe patch synchronism and zoology manufacturer are endowed with can
2. Lucky core is small for intelligence household manufacturer is offerred ” safe development kit (SDK) ” , include flaw rehabilitate patch, safety to configure guideline and test tool. The manufacturer can be based on SDK fast the patch compositive in terminal product, manage platform batch to push through the high in the clouds with lucky small core send to user facilities, the seasonable sex that ensures repair is enclothed. For example, be aimed at flaw of WiFi communication agreement, lucky core is small the consultative inn code after can synchronous rehabilitate, manufacturer need not can finish from 0 development upgrade.

3, defend for a long time: Continuously iteration and add up to compasses attestation

1. Fixed and safe audit and combine compasses test
2. Lucky core is small every quarter has comprehensive and safe audit to its zoology platform, include chip safety character, firmware to add agreement of communication of close mechanism, high in the clouds to wait, pass international safety attestation (like net of couplet of content of CCRC of IoT SAFE, SESIP, China safe attestation) , ensure preventive measure accords with an industry top level. For example, the chip that adopts SESIP attestation needs to impose the multinomial test such as close intensity through fighting physical attack, data, from the design fountainhead reduces flaw hidden danger.
3. The user is safe recognizant guiding and feedback closed circuit
4. Manufacturer of household of intelligence of lucky core small combination embeds in equipment end safety hints (if lose,password early-warning, firmware reminds newlier) , guide an user to upgrade in time system; Open user feedback channel at the same time, gather facility unusual action report, regard flaw as the additional source of discovery, form ” monitor – repair – feedback ” closed circuit.

Lucky core is small through ” monitor actively + exterior in coordination ” implementation flaw discovers quickly, rely on ” classification answer + OTA upgrades ” complete efficient repair, through adding up to compasses attestation and zoology for a long time at the same time the ode can reduce flaw risk. But need to notice, face advanced durative menace (APT) or new-style 0day flaw, the cooperation of safe modes of life and relation to their environment that still needs to depend on whole industry (be like as safe as high in the clouds manufacturer real time linkage) , ability promotes further defend ability.