{"id":839,"date":"2024-07-02T01:03:05","date_gmt":"2024-07-02T05:03:05","guid":{"rendered":"https:\/\/ami2025dev.wpenginepowered.com\/ami-and-colorado-state-university-joint-security-paper-to-be-presented-at-the-24th-ieee-international-conference-on-software-quality-reliability-and-security\/"},"modified":"2025-12-10T16:21:11","modified_gmt":"2025-12-10T16:21:11","slug":"ami-and-colorado-state-university-joint-security-paper-to-be-presented-at-the-24th-ieee-international-conference-on-software-quality-reliability-and-security","status":"publish","type":"project","link":"https:\/\/www.ami.com\/resource\/ami-and-colorado-state-university-joint-security-paper-to-be-presented-at-the-24th-ieee-international-conference-on-software-quality-reliability-and-security\/","title":{"rendered":"AMI and Colorado State University Joint Security Paper to be presented at the 24th IEEE International Conference on Software Quality, Reliability, and Security"},"content":{"rendered":"<p>In an effort to greatly reduce the threat of device tampering of compute devices that are in transit from manufacturing to their end-user application, AMI and Colorado State University have created a methodology to secure platform firmware in a Cerberus framework.\u00a0 This process is being presented in a paper entitled, \u201cThe PIT-Cerberus Framework: Preventing Device Tampering During Transit\u201d at the <a href=\"https:\/\/qrs24.techconf.org\/\" target=\"_blank\" rel=\"noopener\">24<sup>th<\/sup> IEEE International Conference on Software Quality, Reliability and Security (QRS 2024)<\/a>.<\/p>\n<p><strong>IEEE QRS<\/strong><\/p>\n<p>The IEEE QRS Conference pulls scientists and engineers in industry and academia together into a single forum to present work related to the best and most efficient techniques for the development of reliable, secure, and trustworthy systems.\u00a0 Program selection involves a detailed review by 3 committee members across a pool of 209 other papers.\u00a0 AMI and Colorado State\u2019s methodology for preventing device tampering during transit was one of 50 papers selected to be presented at the conference.<\/p>\n<p><strong>Protection in Transit (PIT)<\/strong><\/p>\n<p>In order to tamper with or modify device platform firmware in transit, a hacker would need to either write to the firmware\u2019s storage location or physically replace the firmware code. This paper addresses writing to the firmware storage location, which necessitates the device being booted up to a minimal state where firmware memory I\/O is enabled.\u00a0 Therefore, securing platform firmware requires that the first boot of the BIOS\/UEFI or BMC following shipping is exclusive to the authorized downstream user.<\/p>\n<p>To achieve this, AMI and Colorado State propose a mechanism where the device manufacturer implements a BIOS or BMC lock post-production that can only be unlocked by a Hardware Root of Trust (HRoT) device during the BIOS\/UEFI or BMC boot process. \u00a0Unlocking of the BIOS or BMC firmware would only occur after a successful authentication by the HRoT.<\/p>\n<p><strong>Extension of Project Cerberus<\/strong><\/p>\n<p>This methodology is an extension of the Project Cerberus, open-source initiative that establishes a hardware root of trust for servers.\u00a0 Adopting the protection in transit (PIT) methodology greatly enhances Cerberus security; where today it focuses on attestation of platform firmware at boot and during runtime, Cerberus does not currently address user authentication.<\/p>\n<p><strong>Efforts by AMI and Colorado State University<\/strong><\/p>\n<p>In order to ensure the highest level of security for the PIT-Cerberus framework, AMI and Colorado State have leveraged strong data encryption techniques and have implemented the solution within a trusted HRoT microcontroller. These efforts put forth by AMI and Colorado State can be sampled through the PIT-Cerberus framework\u2019s libraries, available on Project Cerberus today.<\/p>\n<p>The presentation of \u201cThe PIT-Cerberus Framework:\u00a0 Preventing Device Tampering During Transit\u201d paper can be seen July 1<sup>st<\/sup> through the 5<sup>th<\/sup> at the IEEE QRS, Churchill College, University of Cambridge, UK.<\/p>\n<p>This paper will be available to read in the IEEE Xplore digital library upon approval.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In an effort to greatly reduce the threat of device tampering of compute devices that are in transit from manufacturing to their end-user application, AMI and Colorado State University have created a methodology to secure platform firmware in a Cerberus framework.\u00a0 This process is being presented in a paper entitled, \u201cThe PIT-Cerberus Framework: Preventing Device [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":840,"comment_status":"open","ping_status":"open","template":"","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","content-type":"","footnotes":""},"project_category":[1499],"project_tag":[1567,1546,1518],"class_list":["post-839","project","type-project","status-publish","has-post-thumbnail","hentry","project_category-blog","project_tag-firmware","project_tag-firmware-security","project_tag-open-compute-project","topics-cybersecurity"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.1 (Yoast SEO v27.1.1) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>AMI and Colorado State University Joint Security Paper to be presented at the 24th IEEE International Conference on Software Quality, Reliability, and Security - AMI<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.ami.com\/resource\/ami-and-colorado-state-university-joint-security-paper-to-be-presented-at-the-24th-ieee-international-conference-on-software-quality-reliability-and-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"AMI and Colorado State University Joint Security Paper to be presented at the 24th IEEE International Conference on Software Quality, Reliability, and Security\" \/>\n<meta property=\"og:description\" content=\"In an effort to greatly reduce the threat of device tampering of compute devices that are in transit from manufacturing to their end-user application, AMI and Colorado State University have created a methodology to secure platform firmware in a Cerberus framework.\u00a0 This process is being presented in a paper entitled, \u201cThe PIT-Cerberus Framework: Preventing Device [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.ami.com\/resource\/ami-and-colorado-state-university-joint-security-paper-to-be-presented-at-the-24th-ieee-international-conference-on-software-quality-reliability-and-security\/\" \/>\n<meta property=\"og:site_name\" content=\"AMI\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/TheWorldRunsonAMI#\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-10T16:21:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.ami.com\/wp-content\/uploads\/2023\/04\/computer-motherboard-with-cpu-circuit-board-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1693\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@AMI_PR\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.ami.com\/resource\/ami-and-colorado-state-university-joint-security-paper-to-be-presented-at-the-24th-ieee-international-conference-on-software-quality-reliability-and-security\/\",\"url\":\"https:\/\/www.ami.com\/resource\/ami-and-colorado-state-university-joint-security-paper-to-be-presented-at-the-24th-ieee-international-conference-on-software-quality-reliability-and-security\/\",\"name\":\"AMI and Colorado State University Joint Security Paper to be presented at the 24th IEEE International Conference on Software Quality, Reliability, and Security - AMI\",\"isPartOf\":{\"@id\":\"https:\/\/www.ami.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.ami.com\/resource\/ami-and-colorado-state-university-joint-security-paper-to-be-presented-at-the-24th-ieee-international-conference-on-software-quality-reliability-and-security\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.ami.com\/resource\/ami-and-colorado-state-university-joint-security-paper-to-be-presented-at-the-24th-ieee-international-conference-on-software-quality-reliability-and-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.ami.com\/wp-content\/uploads\/2023\/04\/computer-motherboard-with-cpu-circuit-board-scaled.jpg\",\"datePublished\":\"2024-07-02T05:03:05+00:00\",\"dateModified\":\"2025-12-10T16:21:11+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.ami.com\/resource\/ami-and-colorado-state-university-joint-security-paper-to-be-presented-at-the-24th-ieee-international-conference-on-software-quality-reliability-and-security\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.ami.com\/resource\/ami-and-colorado-state-university-joint-security-paper-to-be-presented-at-the-24th-ieee-international-conference-on-software-quality-reliability-and-security\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ami.com\/resource\/ami-and-colorado-state-university-joint-security-paper-to-be-presented-at-the-24th-ieee-international-conference-on-software-quality-reliability-and-security\/#primaryimage\",\"url\":\"https:\/\/www.ami.com\/wp-content\/uploads\/2023\/04\/computer-motherboard-with-cpu-circuit-board-scaled.jpg\",\"contentUrl\":\"https:\/\/www.ami.com\/wp-content\/uploads\/2023\/04\/computer-motherboard-with-cpu-circuit-board-scaled.jpg\",\"width\":2560,\"height\":1693},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.ami.com\/resource\/ami-and-colorado-state-university-joint-security-paper-to-be-presented-at-the-24th-ieee-international-conference-on-software-quality-reliability-and-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.ami.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Resources\",\"item\":\"https:\/\/www.ami.com\/project\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"AMI and Colorado State University Joint Security Paper to be presented at the 24th IEEE International Conference on Software Quality, Reliability, and Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.ami.com\/#website\",\"url\":\"https:\/\/www.ami.com\/\",\"name\":\"AMI\",\"description\":\"Trusted Leader in UEFI, BMC &amp; Open-Source Firmware\",\"publisher\":{\"@id\":\"https:\/\/www.ami.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.ami.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.ami.com\/#organization\",\"name\":\"AMI\",\"url\":\"https:\/\/www.ami.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ami.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.ami.com\/wp-content\/uploads\/2025\/09\/cropped-AMI-Favicon.png\",\"contentUrl\":\"https:\/\/www.ami.com\/wp-content\/uploads\/2025\/09\/cropped-AMI-Favicon.png\",\"width\":512,\"height\":512,\"caption\":\"AMI\"},\"image\":{\"@id\":\"https:\/\/www.ami.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/TheWorldRunsonAMI#\",\"https:\/\/x.com\/AMI_PR\",\"https:\/\/www.linkedin.com\/company\/ami\",\"https:\/\/www.youtube.com\/c\/AMI_PR\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"AMI and Colorado State University Joint Security Paper to be presented at the 24th IEEE International Conference on Software Quality, Reliability, and Security - AMI","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.ami.com\/resource\/ami-and-colorado-state-university-joint-security-paper-to-be-presented-at-the-24th-ieee-international-conference-on-software-quality-reliability-and-security\/","og_locale":"en_US","og_type":"article","og_title":"AMI and Colorado State University Joint Security Paper to be presented at the 24th IEEE International Conference on Software Quality, Reliability, and Security","og_description":"In an effort to greatly reduce the threat of device tampering of compute devices that are in transit from manufacturing to their end-user application, AMI and Colorado State University have created a methodology to secure platform firmware in a Cerberus framework.\u00a0 This process is being presented in a paper entitled, \u201cThe PIT-Cerberus Framework: Preventing Device [&hellip;]","og_url":"https:\/\/www.ami.com\/resource\/ami-and-colorado-state-university-joint-security-paper-to-be-presented-at-the-24th-ieee-international-conference-on-software-quality-reliability-and-security\/","og_site_name":"AMI","article_publisher":"https:\/\/www.facebook.com\/TheWorldRunsonAMI#","article_modified_time":"2025-12-10T16:21:11+00:00","og_image":[{"width":2560,"height":1693,"url":"https:\/\/www.ami.com\/wp-content\/uploads\/2023\/04\/computer-motherboard-with-cpu-circuit-board-scaled.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_site":"@AMI_PR","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.ami.com\/resource\/ami-and-colorado-state-university-joint-security-paper-to-be-presented-at-the-24th-ieee-international-conference-on-software-quality-reliability-and-security\/","url":"https:\/\/www.ami.com\/resource\/ami-and-colorado-state-university-joint-security-paper-to-be-presented-at-the-24th-ieee-international-conference-on-software-quality-reliability-and-security\/","name":"AMI and Colorado State University Joint Security Paper to be presented at the 24th IEEE International Conference on Software Quality, Reliability, and Security - AMI","isPartOf":{"@id":"https:\/\/www.ami.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.ami.com\/resource\/ami-and-colorado-state-university-joint-security-paper-to-be-presented-at-the-24th-ieee-international-conference-on-software-quality-reliability-and-security\/#primaryimage"},"image":{"@id":"https:\/\/www.ami.com\/resource\/ami-and-colorado-state-university-joint-security-paper-to-be-presented-at-the-24th-ieee-international-conference-on-software-quality-reliability-and-security\/#primaryimage"},"thumbnailUrl":"https:\/\/www.ami.com\/wp-content\/uploads\/2023\/04\/computer-motherboard-with-cpu-circuit-board-scaled.jpg","datePublished":"2024-07-02T05:03:05+00:00","dateModified":"2025-12-10T16:21:11+00:00","breadcrumb":{"@id":"https:\/\/www.ami.com\/resource\/ami-and-colorado-state-university-joint-security-paper-to-be-presented-at-the-24th-ieee-international-conference-on-software-quality-reliability-and-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.ami.com\/resource\/ami-and-colorado-state-university-joint-security-paper-to-be-presented-at-the-24th-ieee-international-conference-on-software-quality-reliability-and-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ami.com\/resource\/ami-and-colorado-state-university-joint-security-paper-to-be-presented-at-the-24th-ieee-international-conference-on-software-quality-reliability-and-security\/#primaryimage","url":"https:\/\/www.ami.com\/wp-content\/uploads\/2023\/04\/computer-motherboard-with-cpu-circuit-board-scaled.jpg","contentUrl":"https:\/\/www.ami.com\/wp-content\/uploads\/2023\/04\/computer-motherboard-with-cpu-circuit-board-scaled.jpg","width":2560,"height":1693},{"@type":"BreadcrumbList","@id":"https:\/\/www.ami.com\/resource\/ami-and-colorado-state-university-joint-security-paper-to-be-presented-at-the-24th-ieee-international-conference-on-software-quality-reliability-and-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.ami.com\/"},{"@type":"ListItem","position":2,"name":"Resources","item":"https:\/\/www.ami.com\/project\/"},{"@type":"ListItem","position":3,"name":"AMI and Colorado State University Joint Security Paper to be presented at the 24th IEEE International Conference on Software Quality, Reliability, and Security"}]},{"@type":"WebSite","@id":"https:\/\/www.ami.com\/#website","url":"https:\/\/www.ami.com\/","name":"AMI","description":"Trusted Leader in UEFI, BMC &amp; Open-Source Firmware","publisher":{"@id":"https:\/\/www.ami.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.ami.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.ami.com\/#organization","name":"AMI","url":"https:\/\/www.ami.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ami.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.ami.com\/wp-content\/uploads\/2025\/09\/cropped-AMI-Favicon.png","contentUrl":"https:\/\/www.ami.com\/wp-content\/uploads\/2025\/09\/cropped-AMI-Favicon.png","width":512,"height":512,"caption":"AMI"},"image":{"@id":"https:\/\/www.ami.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/TheWorldRunsonAMI#","https:\/\/x.com\/AMI_PR","https:\/\/www.linkedin.com\/company\/ami","https:\/\/www.youtube.com\/c\/AMI_PR"]}]}},"_links":{"self":[{"href":"https:\/\/www.ami.com\/wp-json\/wp\/v2\/project\/839","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ami.com\/wp-json\/wp\/v2\/project"}],"about":[{"href":"https:\/\/www.ami.com\/wp-json\/wp\/v2\/types\/project"}],"author":[{"embeddable":true,"href":"https:\/\/www.ami.com\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ami.com\/wp-json\/wp\/v2\/comments?post=839"}],"version-history":[{"count":0,"href":"https:\/\/www.ami.com\/wp-json\/wp\/v2\/project\/839\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ami.com\/wp-json\/wp\/v2\/media\/840"}],"wp:attachment":[{"href":"https:\/\/www.ami.com\/wp-json\/wp\/v2\/media?parent=839"}],"wp:term":[{"taxonomy":"project_category","embeddable":true,"href":"https:\/\/www.ami.com\/wp-json\/wp\/v2\/project_category?post=839"},{"taxonomy":"project_tag","embeddable":true,"href":"https:\/\/www.ami.com\/wp-json\/wp\/v2\/project_tag?post=839"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}