On May 22nd, 2020, IEEE P2866.1 Standard for Device Trusted Extension: Software Architecture (DTX for short) held an online kick-off meeting and formally established its project working group. Cao Shuang, a security expert at Ant Financial, served as chairman of the project, and Associate Professor Chang Rui of the ZJU Institute of Cyberspace Security Research served as vice chairman. This project was participated jointly by Zhejiang University, Ant Financial, China Information Technology Security Evaluation Center, China Electronics Standardization Institute, CAICT (China Academy of Information and Communications Technology), Third Research Institute of Ministry of Public Security, Xiaomi, SenseTime, MEGVII, Irisian, Goodix and Greatinsight Technology.
Figure 1:Kick-off meeting agenda
As smart devices are widely deployed in many different target application scenarios such as mobile payment, e-commerce and mobile healthcare, they pose threats and challenges to users' data security and privacy. DTX is the first standard for device trusted extension in China, which can provide a unified and quantified security measurement standard for every smart device and collaboration in the ecosystem. By using verification techniques, it creates a consistent interface specification for various security needs and ensures the completeness of collaboration between different interfaces.
The framework provided by DTX allows softwares to easily meet CC standards. The Common Criteria for Information Technology Security Evaluation (CC for short) is an evaluation standard used to assess the security level of information systems and products. It is currently recognized as thebenchmark for information security certification around the world and often used to evaluate security-critical systems such as bank cards, smart devices and self-driving technologies. Higher CC standard level (level 1 to 7) requires stricter procedures. At present, many enterprise organizations use CC standard as a basis and purchase software and hardware products with CC certification to assure the quality of their products.
Therefore, DTX can provide users with customized and extensible universal security certification standard interfaces, which leads to efficient and feasible solutions for the construction a secure smart device ecosystem, improves software security using frameworks, and promotesthe development of cybersecurity for smart devices. For software providers that developed their product based on DTX, no additional work is required to meet the security requirements of the industry. Not only that, DTX also delivers different software providers with a more efficient way to collaborate and meet high security demands of collaboration between large-scale smart devices.