Opendata, web and dolomites
  1. home
  2. trasparenza
  3. open h2020
  4. safure
  5. reports

Report

Teaser, summary, work performed and final results

Periodic Reporting for period 1 - SAFURE (SAFety and secURity by design for interconnected mixed-critical cyber-physical systems)

Teaser

\"SAFURE targets the design of cyber-physical systems by implementing a methodology that ensures safety and security \"\"by construction\"\". This methodology is enabled by a framework developed to extend system capabilities so as to control the concurrent effects of security...

Summary

\"SAFURE targets the design of cyber-physical systems by implementing a methodology that ensures safety and security \"\"by construction\"\". This methodology is enabled by a framework developed to extend system capabilities so as to control the concurrent effects of security threats on the system behaviour.
SAFURE will address the security of safety-critical cyber-physical systems by implementing a holistic approach to safety and security by construction, limiting the impact of security on safety when using common shared resources such as networks and processors, preserving the system from attacks that could affect the overall system safety.
At the base of the SAFURE solution is the development of a set of extensions of tools and system capabilities (referred to as the reference SAFURE Framework) able to prevent, detect and protect possible vulnerabilities and attacks through efficient system configurations and reconfigurations, keeping critical subsystems within their safety and security boundaries, without inflicting performance impairments for best-effort applications.
This framework will extend system capabilities to preserve the system integrity from time starvation, massive energy dissipation and data corruption, seamlessly integrating security requirements into safety systems in a way that has never been done before. These extensions will be applicable from design and development stages to application deployment and execution on multi-core chips and high performance distributed systems. The extended analysis methods, development tools and execution capabilities provided by the framework will be supported by a set of guidelines (referred to as the SAFURE Methodology) to assist the designer and the developer to:
• Address security in a safety context;
• Integrate heterogeneous security and safety requirements in the overall system architecture;
• Open subsystems to resource sharing and communication;
• Detect potential attacks on system integrity (timing, energy/temperature and data);
• Prevent potential attacks through efficient system configuration (off-line);
• Enhance mixed-criticality and reconfiguration capabilities (on-line and off-line), keeping security in mind;
• Enhance performance and resource usage on complex systems with safety and security constraints.
\"

Work performed

WP1: For the three industrial use cases, the respective use case definitions and safety and security requirements have been specified. The general structure of the SAFURE Framework as well as safety and security aspects within it have been defined.
WP2: Architectural patterns for security and safety have been modelled, on the basis of the AUTOSAR standard.
WP3: The concepts and initial algorithm implementations have been conducted for timing integrity, data integrity, and energy integrity. Timing integrity algorithms include system-wide event-model propagation for worst-case timing analysis and worst-case Ethernet analysis. Data integrity includes (lightweight) cryptographic algorithms, which have been implemented. In the energy domain, covert channels using temperature and processor frequency have been identified and researched. Also, the task interference is examined using temperature sensor readings.
WP4: Work on porting the microkernel PikeOS to a modern multi-core ARM platform (DragonBoard) has started. Security components have been ported to PikeOS in order to be run in a separate compartment (outside of the Linux/Android system). On processor architecture level, some of the Performance Monitoring Counters (PMCs) have been included into test prototypes in order to evaluate energy consumption and timing.
WP5: Concepts and prototypical implementations have been developed to facilitate predictable, secure communication. In the timing domain, algorithms for worst-case timing analysis for Ethernet have been implemented as a prototype. In the security domain, algorithms for encryption and digital signatures have been implemented in order to ensure secure communication and secure updates for firmware.
WP6: Work on the integration and evaluation of the three industrial demonstrators has started. Results from WP3, WP4, and WP5 will be integrated and evaluated into the industrial use case demonstrators.
WP7: Besides watching the market and new emerging technologies, plans on the exploitation of the project results have been created (e.g., data management plan, partner questionnaire). The project has been presented at the Embedded World 2016 trade show and the HiPEAC, DATE and DAC conferences.
WP8: The IT infrastructure for the project has been set up (mailing lists, subversion repository, and project website) and are maintained until the end of the project. Social media accounts (Twitter, LinkedIn) have been created in order to reach followers of the general public with short notices about the project progress. Also, a regular project newsletter has been composed and send to interested parties.
WP9: Organizational preparations (mailings lists, contact lists, regular telephone conferences) have been set up. Also, the Project Handbook and the Project Quality Plan have been created. Furthermore, a Risk Assessment Plan has been prepared: risks are monitored on a regular basis within the Interim Management Reports.

Final results

In the security domain, state-of-the-art lightweight cryptographic algorithms (PRESENT, Poly1305) have been implemented for a wide range of embedded devices. Furthermore, a secure update process specifically suited for embedded systems (scalable, lightweight) has been conceptually specified and implemented.
In the timing domain, a CAN-over-Ethernet timing analysis has been implemented. Also, new timing analysis algorithms (including frame pre-emption) for Ethernet TSN and Software-Defined Networking have been invented. Furthermore, several improvements to the existing CPA method for analysing switched Ethernet have been realized by exploiting FIFO scheduling.

Website & more info

More info: http://www.safure.eu.