Oversight system: Q&A with Dover Microsystems CEO Jothy Rosenberg

Judy Lin, DIGITIMES, Taipei 0

Cyber security is a key issue for the era of big data, Internet of Things (IoT) and 5G. Cybersecurity Ventures has predicted that, globally, businesses in 2021 will fall victim to a ransomware attack every 11 seconds, and the cost will top US$20 billion.

Digitimes recently had the opportunity to talk to hardware cyber security startup Dover Microsystems' CEO Jothy Rosenberg about how the company's solution - an oversight system - works and differs from others.

Q: Could you briefly introduce Dover's solution?

A: We are an IP licensing company. Our CoreGuard silicon IP resides on the silicon substrate next to the host processor and acts as an oversight system for the host processor - monitoring every instruction as it executes to ensure it complies with a set of security, safety, and privacy rules. If an instruction violates an existing rule, CoreGuard stops it from executing before any damage can be done. Updatable security, safety, and privacy rules, called micropolicies, maintain metadata about every piece of data and every instruction processed by the host processor, enabling CoreGuard to distinguish between good and bad instructions. Micropolicies are designed to stop entire classes of attacks, including buffer overflows, code injection, data exfiltration, safety violations and can even protect AI/ML systems from dangerous malfeasance.

Q: What is the difference of the network security solutions between Dover and Synopsys from the early stages of a chip design?

A: Synopsys and other EDA tool vendors are providing the SoC designer with tools to help prevent flaws in their HW design. Some have also acquired companies with technology to detect anomalies in bus traffic, such as the case with Siemens (parent company of Mentor Graphics) acquiring UltraSoC earlier this year. However, these tools do not protect any of the software running on the SoC - this is where CoreGuard is focused. CoreGuard is built on two critical observations: (1) today's processors are based on a simple architecture that prevents them from protecting themselves against attacks; and (2) all software has flaws that can be exploited by attackers coming in over a network. All processors sold today are still based on the 1945 von Neumann architecture. Although processors have advanced according to Moore's law and become faster, smaller, cheaper; they lack the ability to determine if each executed instruction is correct. Steve McConnell, author of Code Complete, states there are 15 to 50 bugs per thousand lines of source code on average, and according to the FBI approximately 2% of those bugs are exploitable. That means, in Android which has 15 million lines of code, there are at least 4,500 exploitable bugs. In Microsoft Office which has 40 million lines, there are at least 12,000 exploits. And a Ford F-150 which has 150 million lines contains potentially 45,000 different ways to take over the vehicle or steal private data from it. CoreGuard is what is classified by security researchers as an oversight system, watching each instruction a host processor is executing as it is happening and determining if that instruction is correct or not. And if not, then CoreGuard does not allow that instruction to complete, prevents any damage from being done, and notifies the host processor so it can take appropriate remedial action. The level of protection EDA vendors, like Synopsys, are providing does not overlap with CoreGuard. They are mutually beneficial as the goal is to protect our electronic systems with a defense-in-depth approach.

Q: What is the level of acceptance of Dover's solution in fabless? Can you share with us some user cases/scenarios of your solutions?

A: Our first publicly announced customer is NXP. NXP recognized the innovation and revolutionary approach of CoreGuard in protecting devices against network-based attacks right at the processor level. We are in discussion with several other fabless semiconductor companies, which have not yet been announced publicly.

NXP is utilizing CoreGuard to create inherently secure processors for embedded devices. Additionally, we announced a partnership with Cadence Design Systems, to deliver secure processing for aerospace and defense applications using a CoreGuard integration with the Tensilica LX7 processor. Through this collaboration, customers can leverage the runtime security monitoring capabilities of CoreGuard that identify security policy violations and stop them from executing before any damage is done.

We also announced a similar partnership with Andes Technology, a tech company in Taiwan, to deliver professional network security for their RISC-V core. Andes recognized that network security was a major concern for many IoT applications, which is why they decided to partner with Dover. We have been talking to quite a few large chip manufacturers over the past one and a half years, and those talks are coming to fruition. We are confident we can close significant deals next year.

Q: Who are Dover's partners of IC manufacturers?

A: We do not make hardware. We are only dealing with IC manufacturers for the purpose of getting test chips made. We are a part of an organization called "Silicon Catalyst"; they are in Silicon Valley. They were created to help semiconductor-related startups succeed. They've got a deal with TSMC and some other organizations, to make it easy to get into silicon inexpensively. TSMC is waiving all fees for this, but we still have to pay for services. They not only have a partnership with TSMC, but also a really good deal with Arm. We can get several different Arm cores for free to make test chips.

Now, we are pursuing getting CoreGuard into an ASIC through our participation in Silicon Catalyst. Being proven in silicon is an important validation step for many of our customers, which is why it is a top priority, and we plan to do this in the first half of 2021 to get a few hundred test chips.

Q: Who are your major competitors in this industry?

A: We mostly focus on companies which are starting to do cyber security in hardware. We do not compare ourselves to software vendors, because in any kind of software, there are bugs that bad guys can exploit. There are two major areas people are doing cyber security in hardware. One is called "compartmentalization". For instance, Arm has TrustZone, Intel has SGX, and SiFive has WorldGuard. Those companies are marketing extremely aggressively. It is a valuable technology for sure. It keeps one set of untrusted software from being able to corrupt a trusted compartment (where Android might be running for example).

The other message out there is "secure processor" which is encryption. Encryption is important. It keeps data that is moving from one place to another from being intercepted, stolen, or even looked at. But there is confusion. You cannot say, I have a "secure processor," so everything is safe, I am done. Because that cannot stop somebody from attacking you with a buffer overflow, a common kind of attack. For example, ransomware has buffer overflow attacks in them to take over and encrypt your disk, and then make you pay to get it back.

We are compared to those two products. But when we look at a publicly-maintained CVE database of all attacks, maintained by Mitre Corp, out of the 84,000+ attacks that they categorized, compartmentalization only protects against a little over 2% of those attacks. Encryption and all the crypto types of things only stopped about 10% of those attacks. CoreGuard is capable of stopping 95% of those attacks. It is a completely new paradigm, a game changer. CoreGuard came out of a DARPA research program from 2010-2015. DARPA does not invest in things that have already been done or are easy. In fact, they sometimes only invest in things that seem impossible. Our CoreGuard technology originated from the DARPA CRASH program. Some of the Dover team members were among the 14 performers. We spent 4.5 years trying to understand how to stop those attacks that are wreaking havoc in our systems. That is why we are here, because we came up with something really good. After the DARPA years, we incubated for two years in a not-for-profit laboratory here in Cambridge MA, and officially spun out and became an independent company in mid-2017.

Q: Is there any difference between the traditional chip manufacturing process and process using Dover's solution?

A: No. The customer building an SoC brings in a processor (Arm, RISC-V, MIPS, Tensilica, Arc, or other) into their EDA tools and combines that with other IP for I/O, security, memory and so forth and then adds their secret sauce that differentiates them in the market. As they bring in the processor IP they will also bring in CoreGuard and place them side-by-side on the substrate. The entire process is identical with CoreGuard or without it.

Q: What is the current funding status and plans for funding next year? What are your objectives for raising capital?

A: We are currently raising a Series A round now, which we are looking to close in the first half of 2021. This round will allow us to significantly scale the company, expand the product's capabilities and expand sales and marketing initiatives to build awareness and demand. Post A round, our goal is to get CoreGuard into as many SoCs as possible, as quickly as possible. To do this we are going to expand sales and marketing and execute several initiatives to build awareness and demand for our CoreGuard technology. To date, we've been constrained with what we've been able to do with a small team and limited budget. Also in support of this goal, we are going to invest in the development of furthering CoreGuard's capabilities - opening up new opportunities and markets for Dover. These types of capabilities include, support for A-core, multi-cores, and Linux, as well as completing the integration of CoreGuard with additional processor architectures. In addition, we will be expanding our micropolicy suite to address the security threats relevant to specific vertical markets and we will begin the process of pursuing industry certifications.

Q: What are the verticals that you are working with?

A: We look at different markets and prioritize those that have large companies and those which are building their own chips. Industrial IoT, 5G infrastructure are two important markets that we are focusing on in 2020-2021, in addition to large semiconductor players. There are also other sectors, such as medical devices, consumer IoT, automotive, infrastructure, transportation, which we will explore in the future.

Q: Will you enter the smartphone market?

A: Some day. That will be very challenging. It's a very mature market. They are very constrained on power and physical space and have very complex software stacks. Our current implementation of CoreGuard is optimized for embedded systems with smaller software stacks. At present, we're focused on protecting embedded systems, which accounts for the vast majority of processors used in today's market.

(Editor's note: Digitimes Research analysts Eric Chen and Jim Chien contributed ideas to the making of this interview)

Dover Microsystems CEO Jothy Rosenberg

Dover Microsystems CEO Jothy Rosenberg
Photo: Company