Highligths

TAPPS Main Achievements

  • Design of the architecture with 15 mechanisms and layers for security and safety for open app platform (see Architecture and Methods for 1st Iteration)

    • Integrated in one architecture, including partner innovations
    • Designed and validated for 3 domains, automotive, medical and industrial automation
    • Based on open-source as much as possible and suitable for exploitation
  • Real-world use cases,  (See Prototypes Demo, 2nd Iteration)

    • Automotive use case with hardware-based security on top of a real full electric motorbike. Safety-critical and real-time applications like drive by wire and traction control Development, implementation and validation of Secure CAN Concept (sCAN) and Secure Firmware update Over the Air (FOTA) of the Trusted Dashboard (T-Dash).  
    • Health-care use case with fine granular access control to hardware thanks to communication over multiple execution environments and a full end-to-end development flow from app verification to secure deployment
    • Industry 4.0 use case with distributed real-time control based on TTTech technology, including the distribution real-time functions over the network, while preserving safety and security
  • Model-based tool chain for CPS Apps development, showing a development time reduction by 46-52% reduction (see https://www.fortiss.org/forschung/projekte/tapps/)

  • A novel, secure monitor (VOSYSmonitor) for trusted execution environments, allowing the co-execution of an RTOS and a Linux KVM host.

  • Secure CAN: an innovative way to securing the standard legacy and future in-vehicle network, featuring:

    • less then 1 millisecond latency threshold required by real-time automotive ECU applications
    • support for legacy CAN devices
    • secure and not secure communication can coexist at the same time over the same CAN-bus
    • CAN frames are anonymized and coding policy are changed periodically support for any high level protocol (e.g., KW2000)
  • Secure over-the-air firmware updating for Automotive Vehicles through authorized signed metadata of firmware, version and timestamping, synchronized across different Supplier roles: OEM, Supplier, Marketplace repositories and matched with legitimate-signed vehicle compilation of its components counterpart firmware.

  • On-chip communication hardware firewalling service with dynamic rule-based access control to protect memory compartments and any peripheral controller (e.g. CAN-bus controller). Integrated hardware firewaling with Write-Once-Read-Many technology for on-chip communication protection (e.g. from malicious DMA accesses).

  • Novel Apps Market place for CPS featuring different business roles, security and workflows

  • Targeted dissemination at many industry events and fairs, including very good feedback from stakeholder surveys (See Deliverable D6.3)

    • JRC-Ispra Workshop, 2017
    • DATE2017
    • CES Las Vegas 2018
    • SPS Drive, 2017
    • EFECS, 2017. Here, TAPPS received a innovation award for "Secure CAN"  

  • TAPPS results have led to 7 patent applications, including the following

    • Compute node supporting virtual machines and services, PCT/EP2016/055951 and US/15/073874.
    • Virtual Switch for multi-compartment mixed criticality network communication, EP 16305784.7 and US 15/625052.