An Investigation of PSA Certified

An Investigation of PSA Certified

연구 분야: Verification

학회: ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security

PSA (Platform Security Architecture) Certified is a security certification scheme for IoT hardware, software, and devices. The scheme is composed of security certification (PSA Certified Level 1/2/3) and functional API certification (PSA Certified Functional API). Up to now, this scheme has been adopted by many chip manufacturers, system/software developers, and OEMs (Original Equipment Manufacturers). In this paper, we investigate the PSA security certification and PSA functional API (Cryptography API, Storage API, and Attestation API) with its reference implementation. Also, we analyze the source code of the reference implementation by using Polyspace Bug Finder. Specifically, we found 1,385 coding defects in the PSA functional API reference implementation where high, medium, and low impact defects take up 44, 90, and 1,251, respectively. Then, we compare the PSA functional API and its reference implementation in several aspects. Throughout this paper, we explain the obtained analysis results and our findings in detail.