Security in resource constrained embedded system

Purpose and goal

The aim of this project was to improve security in connected devices with a long life cycle or those used in security critical applications. In particular, we wanted to examine how separation technologies could be used to improve software reliability and security, or to reduce production and maintenance costs in the industries such as automotive. After examining functional and security requirements together with partners we designed and demonstrated a prototype software for an automotive platform and analyzed its feasibility for use in current and next generation hardware.

Expected results and effects

We implemented a separation kernel for the “moped” automotive research platform and demonstrated that multiple single-core real-time components in a vehicle may be replaced with a multi-core component while still providing some temporal and spatial separation. Our analysis showed that 1. this could be used to simplify/improve hardware usage 2. but it is not useful in all applications (i.e. IoT) 3. small hardware variations could affect some real-time properties We hope this work can increase automotive and IoT security by better use of existing hardware security mechanisms

Planned approach and implementation

The EMC2 project with 100 partners was divided into 6 work packages and a number of industrial use cases. Most of our contributions in EMC2 was concentrated to WP3 (runtime and services) and the automotive use case. Work was carried out in three stages: 1. joint analysis of the security requirements 2. design and implementation of a separation kernel 3. test and analysis of the target environment and hardware architecture comparisons Main partners during these stages were WP partners and the security workgroup, Swedish partners outside EMC2, and the automotive partners respectively