安全任务小组

安全任务小组由来自 STMicroelectronics 的 Olivier Van Nieuwenhuyze 担任主席。 所有 GlobalPlatform 成员均有资格参加此小组，获批准的非成员政府机构同样有此资格。

安全任务小组定义了协会的安全理念及其对安全领域的贡献

目标

安全任务小组致力于：

• 参与外部安全组织并进行协作，以确保将广泛的用例和市场部门的安全要求纳入 GlobalPlatform。
• 向 GlobalPlatform 技术委员会提供安全理念、密码学、认证和适用性方面的建议。
• 推进与政府机构及其安全专家的合作，以确定市场需求。

目前优先事项

• 继续确定和分类面向物联网 (IoT) 的安全技术。
• 为物联网中的 SCP 开发用例。
• 远程连接有限制时，确定物联网密码学约束。
• 推进加密灵活性和后量子密码学方面的工作。
• 维护和更新加密算法建议表。
• 定义如何结合使用 GlobalPlatform 技术和 TPM 技术（或其他等效库）。
• 完成安全级别定义和更新的认证计划。
• 支持 TEE 委员会制定 MCU 保护框架。
• 通过建立由如下方面组成的评估方法论，支持认证机构和实验室将物联网平台安全评估标准 (SESIP) 方法与其现有计划相结合，并确保评估的一致性：
  • 供应商模板
  • 虚拟 SFR 数据库
  • 指向攻击活动方法的链接。

Crypto Sub-Task Force

GlobalPlatform promotes cross industry discussion to identify and address market requirements

Mission

The Security Task Force defines GlobalPlatform’s security philosophy and its contribution to the security landscape.

It works closely with the Crypto Sub-Task Force to monitor new trends in cryptography and examine new algorithm proposals, providing a list of algorithms and protocols based on academic publications and known organizations. This is in addition to supporting the SESIP Committee on its mission to drive the adoption and recognition of the Security Evaluation Standard for IoT Platforms (SESIP) methodology as a worldwide, multi-vertical scheme for IoT security evaluation.

Objectives

• Engage and collaborate with external security organizations to ensure that security requirements from a broad range of use cases and market sector are brought into GlobalPlatform.
• Advise the GlobalPlatform technical committees in security philosophies, cryptography, certification and applicability.
• Facilitate collaboration with government agencies and their security experts to define market requirements.
• Identify and classify secure technologies for the Internet of things (IoT).
• Maintain and update GlobalPlatform’s cryptographic algorithm recommendations table, through the crypto sub-task force.

Current Priorities

• Engage ENISA on the alignment of security levels and cybersecurity certification frameworks.
• Define how to combine GlobalPlatform technology and TPM technology (or other equivalent library).

Software Bill of Materials (SBOM) Sub-Task Force

The SBOM Task Force is chaired by Gonda Lamberink of Fortress Information Security. All GlobalPlatform members are eligible to participate in this group.

Mission

The purpose of the SBOM (Software Bill of Materials) Task Force is to analyze the impact of, and provide guidance on, the deployment of SBOM.

Objectives

• To assess the impact of the deployment of SBOM.
• To clarify the concepts of software transparency and assurance and provide guidance, such as:
  • A consistent means to produce, consume and exchange software transparency and assurance information.
  • A guide to improve interoperability of software transparency and assurance data exchange.
• To initiate dialogue and collaborations with impacted markets such as telecoms, healthcare and automotive.
• To collaborate within GlobalPlatform and with external organizations on SBOM and other key iniatives.
• To define any necessary requirements for technology development in relation to SBOM.

Current Priorities

• Analyze impact of the SBOM and provide guidance relating to its deployment, including a consistent means to produce, consume and exchange, software transparency and assurance information.