Whitepapers

Jan 2021 | PDF (0.5 MB)
wp-tcfi

Share via E-Mail

Description

Protecting Safety-critical Cyber-Physical Systems (CPS) against Security threats is becoming a growing necessity. Due to the high level of network integration, CPS pose new targets to remote code reuse attacks, such as Return-Oriented Programming (ROP). An effective mechanism to detect code-reuse attacks is Control-Flow Integrity (CFI). Despite imposing a significant overhead on the overall system, our approach reliably protects the control-flow of the monitored application, while guaranteeing its real-time constraints. We evaluate our solution by analysing its timing impact and discussing the resulting considerations for the integration and practical deployment in a Safety-critical CPS.

Oct 2020 | PDF (0.4 MB)
wp-hids

Share via E-Mail

Description

Original Equipment Manufacturers now embed hardware virtualization in car equipments to reduce costs and hardware complexity, while allowing more functionalities, such as connectivity. This paper presents a novel runtime Security solution for embedded mixed-criticality systems, which integrates HIDS in a partitioned system based on Multiple Independent Levels of Security (MILS) architecture. Our HIDS monitors a program’s execution by observing both hardware and software signals; there is to our knowledge no HIDS providing such precise representation of program execution.

Jul 2020 | PDF (0.4 MB)
wp-ha

Share via E-Mail

Description

High availability (HA) is a property of Safety-critical systems in order to detect failures and recover from those, while still keeping the system’s main functionality active without interruption. In this paper we will examine the use cases and how these can be managed if the main core of the system’s computational capabilities is based on a Separation Kernel OS.

Nov 2019 | PDF (0.3 MB)
wp-cast32a

Share via E-Mail

Description

This document discusses potential problems related to the use of multi-core processors in Safety-critical applications. In addition, it provides ideas for platform specific extensions to support the customer during the integration phase to measure interference on shared platform resources like platform memory and shared caches and to limit potentials during runtime. Compared to a discrete multi-processor design, multi-core processors offer significant benefits regarding performance, inter-partition communication, power consumption and size. On the other hand, a multi-core based design increases the possible interference between processing cores due to shared resources. The Avionics industry has initiated several activities to address the usage of multi-core processors in Safety-critical applications.

May 2019 | PDF (0.6 MB)
wp-cots

Share via E-Mail

Description

The Safety standards for Railway (CENELEC – EN 50128, EN 50129, EN 50126) have introduced unified requirements for building Safety related electronic systems, which consist of software and hardware. Before the establishment of the CENELEC standards, countries had local standards, which were not as stringent as the CENELEC standards. The standardization lead to a unified understanding of Safety and quality, which is definitely positive, but it also forced companies to adopt a more costly development and certification process for Safety systems. Both Safety standards EN 50128 (Software for Railway control and protection systems) and EN 50129 (Safety-related electronic systems for signalling), define generic (software) applications and generic (hardware) products, which can obtain an independent Safety approval. When building a complex Safety system, these generic products can be reused, including their existing certification artefacts. With this approach a Safety-related electronic system can be composed out of pre-certified software and hardware modules.

Feb 2019 | PDF (0.8 MB)
wp-arinc653

Share via E-Mail

Description

The ARINC 653 specification is published and maintained by the Aeronautical Radio Inc. (ARINC), started in 1929 as a major provider of transport communications and system engineering solutions for eight industries including airports and Aviation. Rockwell Collins acquired ARINC on December 23rd 2013. United Technologies acquired Rockwell Collins on Nov 2018. ARINC 653 is still an evolving standard aimed primarily at Integrated Modular Avionics (IMA) and is intended to compliment ARINC 651, which is the Design Guidance for Integrated Modular Avionics (IMA). IMA has traditionally been implemented without a high level Real Time Operating System (RTOS) in the past, due to the software integrity requirements for DO-178 Design Assurance Level (DAL) A.

May 2018 | PDF (1.0 MB)
wp-in40

Share via E-Mail

Description

The usage of electronic devices in industry automation has come a long way since the invention of the transistor, as there are plenty of microchips involved at each level of the automation pyramid. Yet on the field level, the "conventional" Industry 3.0 has been adopting new trends in IT at remarkably slow rate. Take for example PLCs with their very simple IPO (input-process- output) pattern. IEC 61131, which standardizes the PLC programming languages, has been introduced in 1992 and is still going strong. With Industry 4.0 around the corner, many things that were universally accepted are going to change. Devices are getting more powerful, can communicate new protocols and behave more dynamically. This implies that their design, in particular the software which controls them, increases in complexity by magnitudes.

May 2018 | PDF (1.0 MB)
wp-uav

Share via E-Mail

Description

This whitepaper considers all aspects of autonomous unmanned aircraft, where autonomous means that the generic term "unmanned air vehicle" (UAV) has the capabilities built into the operational flight program (OFP) to be able to fly without human intervention. This paper will try to provide a historical progress of UAV technology, as well as combat aircraft (UCAV) through to modern perceptions and a look at future technology for autonomous drones.

Dec 2017 | PDF (0.5 MB)
wp-sceth

Share via E-Mail

Description

"Avionics Full-Duplex Switched Ethernet" (AFDX), is a specification for a deterministic aircraft data network bus for Aeronautical, Railway and Military systems. The network is based on standard IEEE 802.3 Ethernet technology. The benefits from using commercial-off-the-shelf (COTS) Ethernet components include reduced overall costs, faster system development and less-costly maintenance for the system network. Hardware components, cables and test equipment for Ethernet are field-proven and much more affordable than “built-to-spec” Avionics solutions. Standard commercial grade Ethernet won’t meet Avionics network requirements. Therefore, AFDX extends the Ethernet standard by adding Quality of Service (QoS) and deterministic behaviour with a guaranteed dedicated bandwidth.

Nov 2017 | PDF (0.5 MB)
wp-avsecsaf

Share via E-Mail

Description

People like paradigms. One common way to define Safety goals is to ensure that "something good does happen" where the Security problem is more focused on "something bad won’t happen". Safety and Security seem to be antagonist. They are in a way. The Safety process is applied, to ensure, that the developed software respects high-level requirements, in other terms, the final application is correctly designed and tested to follow known expectations in a known and strictly defined environment. Avionics system are more and more exposed to the external world, from the pure Avionics communications point of view, but also because aircraft host more and more facilities for the travellers.

Aug 2017 | PDF (0.6 MB)
wp-socos

Share via E-Mail

Description

The world of Avionics is continually changing in terms of technology and application, whether on manned or unmanned platforms. The same goals exist for software operating system vendors to meet the demands of system designers with new system architectures, which feature any number of processor types and core configurations. Avionics systems require different certification levels based on the guidelines of the RTCA DO-178C document, where Level A or DAL A (Design Assurance Level) defines the highest safety certifiable requirements and Level E defines the lowest. System Safety Assessments for the system as a whole determines the highest required safety level for the aircraft systems to be certified.

Nov 2016 | PDF (0.7 MB)
wp-mccpart

Share via E-Mail

Description

This paper addresses the current state on multi-core certification in the industry mainly based on experiences from the Railway, Avionics and Automotive industry. It will address the certification aspects of multi-core based platforms with the focus on today's technologies and processes related to the new requirements of Avionics certification authorities for multi-core processors. The paper provides an overview of certification concerns on multi-core processors and possible answers which can be given by a multi-core supporting hypervisor operating system.

Sep 2016 | PDF (0.5 MB)
wp-uhamcs

Share via E-Mail

Description

The recent Security news from the Automotive domain highlighted the urgent need for secure architectures for modern vehicles. The vast number of software components originating from diverse developers, open-source and reused IT COTS modules makes the development of secure systems an impossible task. One piece in the Security puzzle is the secure update of ECUs, which is an important component in a life-cycle of a system in the field. In this paper we demonstrate how a high assurance mixed-critical ECU can provide secure update functionality for various use-cases while preserving Safety guarantees. We present a novel architecture based on a separation kernel and describe how Safety and Security concerns are addressed within a certification context.

Sep 2015 | PDF (0.7 MB)
wp-tpen50128

Share via E-Mail

Description

Scheduling a complex application scenario is an own area of science and handle by various scheduling schemes, which are optimized for specific use cases. The complexity rises, if the CPU has multiple cores, so that applications can run concurrently on all cores in parallel. Appropriate scheduling mechanisms are able to handle this with various concepts so that ideally a scheduler should be adaptable by considering the system configuration and the application design. Learn with this whitepaper how to use an adaptive time-partitioning scheduler for EN 50128 certified multi-core platforms.

Sep 2015 | PDF (0.5 MB)
wp-indauto

Share via E-Mail

Description

Today policy specification and enforcement mechanisms are often interwoven with the industrial control processes on which the Security policy is enforced. This leads to interferences and nonsecure behaviour as well as increases the system’s attack surface. This paper presents a Security system architecture and a framework where the processes, policies, and enforcement are strictly separated.

Sep 2015 | PDF (0.5 MB)
wp-secboot

Share via E-Mail

Description

The Internet of Things (IoT) is the backbone for Industry 4.0 and means seamless communication between all connected devices. Connectivity requires Security, because the vulnerability of a communication channel can end in malfunction of a device or theft of intellectual property. Using standard Security means (firewalls, cryptography, antivirus/antimalware software) is a first step to make your IoT devices more secure, but these Security means are not easily applicable to industrial systems, because they need updating, maintenance via remote access and they might not be available for the OS in use or the processor architecture.

Apr 2014 | PDF (0.2 MB)
wp-saseauto

Share via E-Mail

Description

The Automotive industry is evolving faster than any industry today and brings with it more and more technology into our cars. The days of simple control systems to manage engine timings and fuel mappings are long gone. Today’s cars have many processors in them governing everything from internal lighting to braking systems. The driver may not be aware but from the moment he or she unlocks the door they are totally reliant on both hardware and software to keep their vehicle safe and secure from unwanted intervention.

Jan 2014 | PDF (0.3 MB)
wp-mcsil4

Share via E-Mail

Description

An introduction how PikeOS achieves the first formal multi-core certification in an industry where Safety is a key requirement for Commercial-Off-The-Shelf-Software (COTS).

May 2013 | PDF (0.4 MB)
wp_pikeostt

Share via E-Mail

Description

This paper looks at SYSGO's involvement in the ARTEMIS-JU ACROSS program which was funded by the European Union to examine the needs of time-triggered network on chip in conjunction with PikeOS's strict time partitioning.