Due to the significant drops in the cost of connectivity, nowadays many electronic devices are getting connected to the Internet. In the coming years, there will be tens of billions of these devices are controlled by microcontrollers. The problem here is that current microcontrollers are not prepared for the security threats posed by the internet connectivity.
Microsoft Research’s Project Sopris team is now exploring ways to secure the vast number of low-cost internet connected devices coming online. They have also published a report titled “The Seven Properties of Highly Secure Devices” outlining their research. They have tested different approaches to device security from silicon to software and they think that optimal device security must be rooted in hardware but kept up-to-date through evolving software.
To test their Sopris security kit, Sopris team has announced a new challenge for the security community. They are going to select 150 security experts to test their Sopris security kit and they will offer bounties ranging from $2,500 to $15,000 USD for submissions of eligible security vulnerabilities that achieve the impact described below.
|Privilege Escalation||Information Disclosure||Remote Code Execution|
|Kernel: Normal World||$2,500||$5,000||$10,000|
|Kernel: Secure World||$5,000||$10,000||$15,000|