Secure Update Architecture for High Assurance Mixed-Criticality System
The recent Security news from the Automotive domain highlighted the urgent need for secure architectures for modern vehicles. The vast number of software components originating from diverse developers, open-source and reused IT COTS modules makes the development of secure systems an impossible task.
One piece in the Security puzzle is the secure update of ECUs, which is an important component in a life-cycle of a system in the field. In this paper we demonstrate how a high assurance mixed-critical ECU can provide secure update functionality for various use-cases while preserving Safety guarantees.
We present a novel architecture based on a separation kernel and describe how Safety and Security concerns are addressed within a certification context.