安全任務小組

安全任務小組由來自 STMicroelectronics 的 Olivier Van Nieuwenhuyze 擔任主席。 所有 GlobalPlatform 成員均有資格參加此小組，獲批准的非成員政府機構同樣有此資格。

安全任務小組定義了協會的安全理念及其對安全領域的貢獻

目標

安全任務小組致力於：

• 參與外部安全性組織並進行協作，以確保將廣泛的用例和市場部門的安全要求納入 GlobalPlatform。
• 向 GlobalPlatform 技術委員會提供安全理念、密碼學、認證和適用性方面的建議。
• 推進與政府機構及其安全專家的合作，以確定市場需求。

目前優先事項

• 繼續確定和分類面向物聯網 (IoT) 的安全技術。
• 為物聯網中的 SCP 開發用例。
• 遠端連線有限制時，確定物聯網密碼學約束。
• 推進加密靈活性和後量子密碼學方面的工作。
• 維護和更新加密演算法建議表。
• 定義如何結合使用 GlobalPlatform 技術和 TPM 技術（或其他等效庫）。
• 完成安全級別定義和更新的認證計畫。
• 支援 TEE 委員會制定 MCU 保護框架。
• 透過建立由如下方面組成的評估方法論，支援認證機構和實驗室將物聯網平台安全評估標準 (SESIP) 方法與其現有計畫相結合，並確保評估的一致性：
  • 面向廠商的範本
  • 虛擬 SFR 資料庫
  • 指向攻擊活動方法的連結。

Crypto Sub-Task Force

GlobalPlatform promotes cross industry discussion to identify and address market requirements

Mission

The Security Task Force defines GlobalPlatform’s security philosophy and its contribution to the security landscape.

It works closely with the Crypto Sub-Task Force to monitor new trends in cryptography and examine new algorithm proposals, providing a list of algorithms and protocols based on academic publications and known organizations. This is in addition to supporting the SESIP Committee on its mission to drive the adoption and recognition of the Security Evaluation Standard for IoT Platforms (SESIP) methodology as a worldwide, multi-vertical scheme for IoT security evaluation.

Objectives

• Engage and collaborate with external security organizations to ensure that security requirements from a broad range of use cases and market sector are brought into GlobalPlatform.
• Advise the GlobalPlatform technical committees in security philosophies, cryptography, certification and applicability.
• Facilitate collaboration with government agencies and their security experts to define market requirements.
• Identify and classify secure technologies for the Internet of things (IoT).
• Maintain and update GlobalPlatform’s cryptographic algorithm recommendations table, through the crypto sub-task force.

Current Priorities

• Engage ENISA on the alignment of security levels and cybersecurity certification frameworks.
• Define how to combine GlobalPlatform technology and TPM technology (or other equivalent library).

Software Bill of Materials (SBOM) Sub-Task Force

The SBOM Task Force is chaired by Gonda Lamberink of Fortress Information Security. All GlobalPlatform members are eligible to participate in this group.

Mission

The purpose of the SBOM (Software Bill of Materials) Task Force is to analyze the impact of, and provide guidance on, the deployment of SBOM.

Objectives

• To assess the impact of the deployment of SBOM.
• To clarify the concepts of software transparency and assurance and provide guidance, such as:
  • A consistent means to produce, consume and exchange software transparency and assurance information.
  • A guide to improve interoperability of software transparency and assurance data exchange.
• To initiate dialogue and collaborations with impacted markets such as telecoms, healthcare and automotive.
• To collaborate within GlobalPlatform and with external organizations on SBOM and other key iniatives.
• To define any necessary requirements for technology development in relation to SBOM.

Current Priorities

• Analyze impact of the SBOM and provide guidance relating to its deployment, including a consistent means to produce, consume and exchange, software transparency and assurance information.