ZAYA OS ensure a protected environment, defending against external attacks and meeting safety requirements.
In addition, ZAYA OS employs advanced security mechanisms and continuous monitoring to detect and neutralise potential vulnerabilities, providing users with confidence in the system's resilience and safeguarding sensitive information from any potential risks.
ZAYA secure OS incorporates a Hypervisor, a sophisticated technology that creates isolated environments within the system through hardware virtualization. This means that user applications operate in segregated spaces, enhancing security by preventing potential breaches or interference between different software components.
The integration of hardware virtualisation not only strengthens the system against external attacks but also contributes to a robust and resilient computing environment for user applications.
ZAYA Security Manager, a comprehensive solution dedicated to enhance the standards of safety and resilience. Beyond a secure boot, the system conducts rigorous security and safety checks during start-up, ensuring a robust foundation against potential issues introduced during development.
With features like secure updates, anti-rollback protection, cryptographic services, and real-time monitoring, ZAYA Security Manager is not just a solution; it's a commitment to strengthening your system against evolving threats and challenges.
System Security & Safety Startup
Besides a secure boot, ZAYA performs security and safety checks at the device startup to see any problem, even by the developer, before starting a system.
It ensures all the entities and the configurations are secure and proper to run and apply.
Includes a multi-layer security lifecycle management. A whole target can have its security lifecycle, but also each microcontainer can have its security lifecycle.
ZAYA allows even third-party provisioning, in addition to vendor provisioning, to allow third-party to inject its entities in the field without vendor supervision.
There is a built-in Secure Update mechanisms that could be customised for the target's custom physical and application-level interfaces.
In ZAYA, the Kernel and the Microcontainers are individual executions, so each execution can individually be updated securely, encrypted and authenticated.
Individual Microcontainer updates with any size offer deployment-friendly environments for vendors as minimise the size of the deployment package (only Microcontainer) and relax the network traffic considering millions of field devices.
The Secure Updates are also protected against downgrade attacks. ZAYA protects Secure Update packages using Monotonic Counters that allow explicit downgrades by the vendors.
ZAYA keeps individual versions for each ZAYA entity, Kernel, Microcontainers, Commands, etc, and applies Anti-Rollback protection for each entity update.
It offers isolated secure storage from the Microcontainers to store the device-sensitive credentials. It is highly configurable to integrate with any Secure Storage HW Module.
ZAYA also provides individual Secure Storage for each Microcontainer.
Providing cryptographic services for both system security and Microcontainers. It is highly configurable, allowing HW Cryptographic Accelerators and Secure Key Storages integrations.
ZAYA exposes cryptographic functionality using the PSA Functional API (Cryptography, Secure Storage, Attestation)
Offering an Attestation Service, ZAYA includes an Entity Attestation Token (EAT) that encompasses protected device details, configurations, and states. This service is exposed through the PSA Attestation API.
ZAYA Microcontainer details, such as ID, version, state, etc, are also provided as part of the the EAT.
Delivering Unique Identification services, the platform supports various sources for Unique IDs, including UID Hardware Modules or those Injected during the provisioning process.
All ZAYA entities, such as Kernel, Microcontainers, and States, can have individual Unique IDs shared as part of the EAT.
Incorporating built-in Secure Boot mechanisms. At the device startup, ZAYA authenticates all entities, such as Kernel, Provisioning Data, Microcontainers, and Third-Party Entities. Each level authenticates the next level: Chain of Trust.
Container Access Policy Manager
Microcontainer Access Policy Monitor allows ZAYA Microcontainers to have individual Access Policies. By default, a container cannot access any resource (HW Peripheral, Memory, API). Microcontainer Access Policy tells which resources are granted to the Microcontainers.
Microcontainer Access Policies are signed and encrypted, so unauthorised people cannot modify them.
Real-Time Safety Monitor (Automotive)
A built-in Real-Time Safety Monitor that monitors run-time safety malfunctioning with minimal run-time overhead. The malfunctioning may come from external or the vendor code(software bug).
It is designed for functional safety markets, like Automotive, but it is available for all verticals that need a stable product.
In run-time malfunctioning, the Real-Time Safety Monitor switches the device to a safe state depending on the required safety strategy, such as a panic state or rebooting of the malfunctioning module. The system is always operational even in case of a malfunctioning attempt, which is critical for functional safety markets.
Realtime Security Monitor
Containing a built-in Real-Time Security Monitor that checks the run-time security violations with minimal run-time overhead.
Real-Time Security Monitor traces violations and puts in quarantine the violent execution, and keeps the rest of the system secure and alive. The system is always up and running, even in case of a violation attempt.
Developed with a central emphasis on security and safety requisites, the OS Kernel forms a robust base. It implements secure scheduling and task synchronisation.
Moreover, the kernel integrates essential operating system mechanisms, ensuring not only robust functionality but also a safeguarded environment for optimal performance.