Solution

Current market trends in embedded electronics demand more and more complex systems. In a number of cases embedded systems have a direct impact on the security and safety of the whole application, such as embedded systems used in airplanes, trains or cars. These application domains need trusted systems, i.e. systems for which the functionality and behaviour in any situation can be guaranteed with a high level of trust. The traditional methods for reaching this level of trust are intense testing and evaluation, i.e. high effort and time consuming engineering activities, in particular if the application requires certification. Updating such a system (when adding new functionality, correcting bugs or changing hardware or software components) requires the whole system to be tested again as the updates may introduce new weaknesses. This is a real problem in some sectors, such as the automotive industry, one of the European Union's economy strategic pillars.

Complexity and variability of such systems requires to be broken into pieces to be solved.

Hardware Level: Trust in the silicon

  • Demonstrate that a generic model of the isolation can be built
  • Construct mathematical proofs of the isolation
  • Apply the model to hardware to ensure isolation for embedded systems

TCB (Trusted Computing Base)1 level: Proven hypervisor ("reducing complexity to build proven TCB")

  • Build and formally prove that the ODSI Hypervisor supports the security requirements with lower manpower, thanks to an innovative software development methodology and tool chain enabling the rapid and cost-effective development of flexible and maintainable trusted systems.
  • Show that the MesoVisor can implement the isolation model with small TCB.
  • Demonstrate that both solutions (MesoVisor and ODSI Hypervisor) have performance close to systems without it.

Software Level: Applicability of the isolation model for the application

  • Proposes several uses cases to validate the API offered by the isolation kernel, including a BYOD application.
  • Show that routing-dedicated hardware with isolation properties offers good performance and are compatible with the isolation kernel (see WP1).
  • Propose software architectures and implementations for partition management and secure communication between components implementing ODSI approach.

Assurance Level: The Lego Methodology

  • Composition of certification: enable certification as a Lego construction.
  • Easier the certification by reducing dependencies between applications running on the platform.
  • Adapt the existing risk analysis and certification methodology to the specific needs of ODSI.
  • Identify the security requirements for each component of the project.
  • Promote the work in standardisation organisations.

1 The trusted computing base (TCB) of a computer system is the set of all hardware, firmware, and/or software components that are critical to its security, in the sense that bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system