Microsoft has announced a new research challenge aiming to spark new high impact security research in Azure Sphere, an IoT security solution delivering end to end security across hardware, OS and the cloud.
The Azure Sphere operating system is a customized high-level and very compact Linux-based one, combined with a secure application environment for additional hardening. Throw this into a mix of hardware, software, and the inevitable cloud, and you get Microsoft's IoT end-to-end security platform.
While Azure Sphere implements security upfront and by default, Microsoft recognizes that risks need to be mitigated consistently over the lifetime of a constantly growing array of devices and services. Engaging the security research community to research for high-impact vulnerabilities before the bad guys do is part of the approach Azure Sphere is taking to minimize the risk.
This new research challenge is a three-month, application-only security research challenge offering special bounty awards and providing additional research resources to program participants.
To apply for this research program, submit the application form before May 15, 2020. Applications will be reviewed on a weekly basis and accepted researchers will be notified via email. This research challenge runs from June 1, 2020 through August 31, 2020 for researchers accepted through open application.
Microsoft will award up to $100,000 bounty for specific scenarios in the Azure Sphere Security Research Challenge during the program period.
Two key scenarios are below, and additional research scenarios, awards and program resources can be found in Azure Security Lab program page.
- Ability to execute code on Pluton: $100,000
- Ability to execute code on Secure World: $100,000
This research challenge is focused on the Azure Sphere OS. Vulnerabilities found outside the research initiative scope, including the Cloud portion, may be eligible for the public Azure Bounty Program awards. Physical attacks are out of scope for this research challenge and the public Azure Bounty Program.
The Azure Sphere Security Research Challenge provides resources to support research, including:
- Azure Sphere development kit (DevKit)
- Access to Microsoft products and services for research purposes
- Azure Sphere product documentation
- Direct communication channels with the Microsoft team