WHAT IS AZURE SPHERE
Azure Sphere is a secured, high-level application platform with built-in communication and security features for internet-connected devices. It comprises a secured, connected, crossover microcontroller unit (MCU), a custom high-level Linux-based operating system (OS), and a cloud-based security service that provides continuous, renewable security.
It was unveiled in April 2018 as a means to improve security for devices connected to the Internet of Things (IoT).
HOW DOES THIS CHALLENGE WORKS
The challenge is application only and has a period of three months, from the 1st of June to the 31st of August.
If you wish to participate you can apply before May 15.
THE ARE LIMITED SEATS TO THE CHALLENGE
Microsoft has invited researchers from industry partners participating in the program and will select a total of 50 people, says Sylvie Liu, security program manager at the Microsoft Security Response Center.
“We’ve also found that it’s valuable to learn from both the successful attempts and unsuccessful attempts of researchers, as a result, we are asking researchers to document and report both successful and unsuccessful attempts in this research challenge.”
WHAT HAPPENS WHEN YOU GET ACCEPTED
If accepted into the Azure Sphere challenge, participants will be provided resources including the Azure Sphere development kit, Azure Sphere product documentation, access to Microsoft products and services for research purposes, and direct communication with Microsoft’s team.
Microsoft will award up to $100,000 in rewards for two specific scenarios during the program period.
One of these is the ability to execute code on Azure Pluton, the security subsystem built into every Azure Sphere microcontroller unit (MCU).
Pluton provides a hardware root of trust for the connected device in which the MCU sits. As part of the chip manufacturing process, a unique key is created to be used as the basis for authentication and cryptography.
Azure Sphere’s application platform supports two operating environments: Normal World and Secure World.
Applications run in an application container in Normal World user mode, where they can access Azure Sphere libraries and a limited amount of OS services, Microsoft explains.
The underlying Linux kernel runs in Normal World supervisor mode; the Security Monitor runs in Secure World.
Only Microsoft-supplied code can run in supervisor mode or Secure World.
MICROSOFT PARTNERSHIPS FOR THIS CHALLENGE
To launch the Azure Sphere Security Research Challenge, Microsoft teamed up with several technology companies that bring expertise in IoT security research.
These partners include Avira, Baidu International Technology, Bitdefender, Bugcrowd, Cisco Systems (Talos), ESET, FireEye, F-Secure, HackerOne, K7 Computing, McAfee, Palo Alto Networks, and Zscaler.
MICROSOFT INTO THE FUTURE
Microsoft is a giant that won’t stop growing.
They have a solid strategy and vision for the future of the cloud and the Internet of Things.
These types of bounty programs help both the company to provide secure and reliable products for smart cities, smart cars, smart homes, etc. but also for the security researchers and companies to get more involved and focused on IoT security.