Security Terms Cause Confusion

Security blocks performing similar functions may have different names depending on the context or industry; some of them are losing their specific meanings. A survey of alternatives allows us to sharpen understanding and communication.

Bryon Moyer

Security has pervaded the electronics industry to the point where few systems can legitimately claim to require no security. But what companies name security blocks varies by company, industry, and implementation.

Companies employ terms like “root of trust” and “secure enclave” loosely so that it becomes hard to understand what they mean. Do specific requirements apply before a security block qualifies as a block with a specific name? Do standards define any of them? The answers aren’t as straightforward as one might hope.

The terms variously describe the basis for trusting the state of a system, for sensitive computing, and for keeping secrets away from prying eyes. Real systems combine these concepts in ways that can be difficult to distill into a single moniker. Some terms apply to actual hardware systems, whereas some companies will use the same term to describe a security block in an SoC—the latter being Microprocessor Report’s focus.

A discussion of the terms, their origins, and how documentation applies them now can help lead to more precise usage. But it may also be that some of the distinctions, having once been useful, are no longer necessary. At the very least, the analysis can help technologists, marketers, journalists, and analysts interpret and apply the appropriate terms—or at least be consistent in their usage.

Although MPR can’t dictate how others use the terms, we can illuminate the differences and establish our own usage.