Vision & Objectives
The project vision is to build an eco-system of secure Apps by drawing resources from a well-defined set of hardware security primitives and software libraries, and thereafter invite 3rd parties to innovate on top of secure, trustworthy platforms.
The TAPPS project aims to exploit and to strengthen the technology and market competence of the partners, in order to impact the market, first in the above areas, later extending it to other domains with medium to high execution and QoS requirements such as smart homes, manufacturing or energy systems.
In particular, the consortium includes three innovative small and medium companies (SMEs), which are eager to significantly advance the state of the art and build a new platform for trusted Apps.
Design, implement and validate a separate, dedicated, realtime Trusted Execution Environment (TEE) for highly-trusted CPS Apps
The TEE is located inside the system control units and uses TAPPS’ processor- and network-centric security mechanisms and a hypervisor for virtualization. The TEE provides several independent layers of security as follows:
• Computing and network virtualization based on novel, flexible hardware security mechanims, while maintaining stringent realtime constraints in CPS devices and their internal networks.
• Fine-grained access control to resources of the smart cyber-physical device to ensure safety and privacy.
• Formally verified Apps to ensure correct and secure behavior.
TEE will be based (as much as possible) on open source technologies, as pursued in the Automotive Grade Linux alliance (AGL). The project will perform a safety certification for the TEE to ensure safety and maximize impact. In parallel to the TEE, this rich execution environment (REE) will be offered to execute the less critical parts of Apps, e.g. the user interface of external interfaces. Only the small core of the critical functions is run in the new TEE, leveraging its native safety and security features.
Provide and validate an end-to-end solution for development and deployment of trusted Apps
• An application store for management of CPS Apps and for deployment, supporting both the rich execution environment and the separate TEE.
• A model-based development tool chain for designing and implementing trusted Apps including APIs and verification tools.
The tool chain design will follow and extend existing standards, such as ETSI M2M. Integration and active contribution to related
Validate the multi-level trusted Apps platform and tool chain in several application domains using industrial, realistic use cases and to develop domain-specific exploitation plans
• A vehicular/automotive use case will focus on an electrical motorbike whose internals will be controlled over an internal system network via an App connected to the system.
• A health use case based on a smart trolley, which is a hub for all the monitoring devices from the patient’s room and in general for the hospital wards. Making such mediator devices more open and flexible simplifies and extends the use of medical treatment implementations.