Development of an Embedded Platform for Secure CPS Services

  • Vincent Raes
  • Jan Vossaert
  • Vincent Naessens
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10683)


Cyber-Physical Systems are growing more complex and the evolution of the Internet of Things is causing them to be more connected to other networks. This trend, combined with the fact that increasingly powerful embedded devices are added to these systems opens up many new opportunities for the development of richer and more complex CPS services. This, however, introduces several new challenges with respect to the data and software managed on these CPS devices and gateways. This paper proposes a platform for the development of secure cyber-physical devices and gateways. The platform provides a secure environment in which critical CPS services can be running. The secure environment relies on the ARM TrustZone security extensions. A commodity Android environment is provided in which the user can install additional software components to extend the functionality of the devices. A prototype of the platform is developed and this prototype is evaluated.


TrustZone Genode Android CPS Security Embedded system 


  1. 1.
    Dolev, D., Yao, A.C.: On the security of public key protocols. Trans. Inf. Theory 29(2), 198–208 (1983)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Feske, N.: Genode Operating System Framework 15.05Google Scholar
  3. 3.
    Freescale Semiconductor Inc.: i.MX6 Processor Reference Manual (2013)Google Scholar
  4. 4.
    Ge, X., Vijayakumar, H., Jaeger, T.: SPROBES: enforcing kernel code integrity on the trustzone architecture. In: Proceedings of the Mobile Security Technologies 2014 Workshop (2014)Google Scholar
  5. 5.
    Hofmann, O.S., Kim, S., Dunn, A.M., Lee, M.Z., Witchel, E.: InkTag: secure applications on an untrusted operating system. ASPLOS 2013, 253–264 (2013)Google Scholar
  6. 6.
    Jacobs, B., Smans, J., Piessens, F.: A quick tour of the verifast program verifier. In: Ueda, K. (ed.) APLAS 2010. LNCS, vol. 6461, pp. 304–311. Springer, Heidelberg (2010).
  7. 7.
    Klein, G., Elphinstone, K., Heiser, G., Andronick, J., Cock, D., Derrin, P., Elkaduwe, D., Engelhardt, K., Kolanski, R., Norrish, M., Sewell, T., Tuch, H., Winwood, S.: seL4: formal verification of an OS kernel. In: Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles, SOSP 2009, pp. 207–220. ACM, New York (2009)Google Scholar
  8. 8.
    Laginimaineb: Extracting Qualcomm’s Keymaster Keys (2016).
  9. 9.
    Mayer, C.P.: Security and privacy challenges in the internet of things. Electron. Commun. Eur. Assoc. Softw. Sci. Technol. ECEASST 17, 1–12 (2009)Google Scholar
  10. 10.
    Nipkow, T., Wenzel, M., Paulson, L.C.: Isabelle/HOL: Proof Assistant for Higher-order Logic, vol. 2283. Springer, Heidelberg (2002).
  11. 11.
    Noorman, J., Preneel, B., Agten, P., Daniels, W., Strackx, R., Huygens, C., Piessens, F., Van Herrewege, A., Verbauwhede, I.: Sancus: low-cost trustworthy extensible networked devices with a zero-software trusted computing base. In: 22nd USENIX Security (2013). K U LeuvenGoogle Scholar
  12. 12.
    Santos, N., Raj, H., Saroiu, S., Wolman, A.: Using ARM TrustZone to Build a Trusted Language Runtime for Mobile Applications (i)Google Scholar
  13. 13.
    Santos, N., Raj, H., Saroiu, S., Wolman, A.: Trusted language runtime (TLR): enabling trusted applications on smartphones. In: Proceedings of the 12th Workshop on Mobile Computing Systems and Applications (HotMobile), pp. 21–26 (2011)Google Scholar
  14. 14.
    Freescale Semiconductor: Secure Boot on i.MX50, i.MX53, and i.MX 6 Series using HABv4, pp. 1–22 (2012)Google Scholar
  15. 15.
    Shen, D.: Exploiting Trustzone on Android. Black Hat (2015)Google Scholar
  16. 16.
    Strackx, R., Noorman, J., Verbauwhede, I., Preneel, B., Piessens, F.: Protected software module architectures. In: Reimer, H., Pohlmann, N., Schneider, W. (eds.) ISSE 2013 Securing Electronic Business Processes, pp. 241–251. Springer, Wiesbaden (2013).
  17. 17.
    Zha, Z., Li, M., Zang, W., Yu, M. and Chen, S.: AppGuard: a hardware virtualization based approach on protecting user applications from untrusted commodity operating system. In: 2015 International Conference on Computing, Networking and Communications, ICNC 2015, pp. 685–689 (2015)Google Scholar

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  1. 1.MSEC, imec-DistriNetKU LeuvenGhentBelgium

Personalised recommendations