Trusted Execution Environment
ARCA TRUSTED OS
Enabling a Trusted and Robust Execution Environment for Containers
Trusted Execution Environment
ARCA TRUSTED OS
Enabling a Trusted and Robust Execution Environment for Containers
Trusted Execution Environment
Enabling a Trusted and Robust Execution Environment for Containers
Trusted Execution Environment
Enabling a Trusted and Robust Execution Environment for Containers
The digital transformation accelerates the adoption of containers as it brings agility and scalability to the business. Containers face new security challenges that require new security tools!
CYSEC aims at providing trust in infrastructure that organizations don’t own or control, but use to run their services and to process their sensitive data.
Protection against Attack Propagation
Reduced attack surface
A micro-distribution explicitly designed to only run containers with a read-only root file system.
Trustworthiness
An enforced chain of trust relying on a hardware root of trust combined with an immutable root file system.
Security Maintenance
Security maintenance performed by CYSEC associated with an authenticated and atomic OTA update mechanism.
Protection against Data Compromission
Data at rest Protection
A by-default full disk encryption mechanism with a key protected by a hardware security component.
Data in transit Protection
The support of Wireguard at the kernel level allowing simple setup of VPNs between nodes and pods.
Data in Use Protection
Support of the AMD Secure Encrypted Virtualization (SEV) feature and implementation of a Key Management Systems (KMS) in the ARM TrustZone.
Access to certified crypto
Simple access to certified Hardware Security Module (HSM) resources for containerized applications.
Robustness Through Automation and Alteration Prevention
Alteration Prevention
An immutable root file system, including the security setting configurations, combined with authenticity and integrity verification of booted and updated OS images.
Automation
Full Disk Encryption automatically unlocked after successful secure boots, automatic rollback after unsuccessful boots, and error correction attempts on booted code.
Protection
Reduces your attack surface to prevent attack propagation via the host OS.
Checks its authenticity and integrity to deliver a trustworthy execution environment
Applies encryption mechanisms to protect your data at-rest, in-transit, and in-use.
Supports Confidential Computing to allow higher isolation in shared infrastructures.
Simplification
Provides security in a transparent manner (no code modification).
Offers homogeneous security from the Data Center to the Cloud and the Edge.
Eases the use of Confidential Computing to facilitate its adoption.
Eases access for containers to secure hardware elements (e.g., HSM).
Comes with processes and tools for continuous security maintenance of your host OS.
Compliance
Follows the NIST SP 800-190 Container Security recommendations on host OS
Provides several security features needed in a Zero Trust approach
Hardware Requirements
CPU | x86-64 | ARM (Raspberry Pi 4 and STM32MP157) | |
Firmware | UEFI or OVMF enabling the upload of CYSEC secure boot public keys | SOC enabling the secure storage of CYSEC Secure boot public keys | |
TPM | Physical TPM 2.0 or vTPM of fTPM or OTP | ||
Software Requirements
Application | OCI Container | |||
Container Management Tools |  |  |  |  |
Videos
What is hardware-based security?
ARCA immutable OS
Secure booth chain for Raspberry Pi 4B
Advantage by default FDE
Blogs
What They Say
Noe Curtz
CTO, Altcoinomy
“CYSEC doesn’t just identify the security vulnerabilities in a fintech environment, it provides prioritized remediation advice, and then validates implementation. I recommend CYSEC LAB to any fintech player needing pentesting services.”
Federico Belloni
CTO, Astrocast
“The economics of satellite IoT communications systems depend on efficient resource management. Processing, memory, and power dedicated to security must be minimal. Finding the perfect trade-off and approach is difficult and requires skillful experts at the forefront of cybersecurity technologies, both in hardware and software.”
Kees van der Pols
Operations and Ground Systems, ClearSpace
“We are very happy with the service provided by CYSEC LAB. We are impressed with the rapid comprehension of our needs and preliminary architecture design, appreciated their clear advice and high availability.”
Nuno Pires
CTO, Geosatis
“CYSEC was extremely flexible throughout our engagement, which enabled us to meet complex business objectives. They worked to our multi-milestone schedule, and respected our priority order for feature deployments. Further, they showed an impressive ability to adapt to our changing timeframe and evolving demands during the deployment. They were professional, responsive, and rapid.”
Adrien Treccani
Founder & CEO, METACO
“We've been partnering with the CYSEC ARCA Trusted OS for over two years. Our customers are among the largest and most sophisticated financial services companies in the world and we've been able to consistently and successfully service them with ARCA. We would recommend the product to others.”
