Exploitation of TAPPS results

Exploitation forms a key aspect of the TAPPS project in order to achieve impact on an individual partner level, on a joint cooperative level, as well as on an European level. In order to maximize this impact, exploitation and eco-system building activities are planned and performed during the course of the project.

The project aims to produce results that correspond to a Technology Readiness Level of TRL 4 to 6, which implies that the project results can be demonstrated partly in a lab environment and partly in simulated real environments. In order to perform full exploitation of the project results, they must be further developed to an actual system completed and qualified through test and demonstration before they can be successfully deployed in a market environment. Although the realization of this actual exploitation is beyond the end of the lifetime of the TAPPS project, the careful planning of the Joint Key Exploitable Results (KERs) as well as Individual Key Exploitable Results must be performed during the project lifetime.

Considering the complexity of integrated platforms such as the platform developed in TAPPS, there is not one specific customer, but rather an environment of various stakeholders. The exploitation of the results is propelled through the alignment of these stakeholders, such as for example 3rd party developers, system integrators, and institutional parties.

The activities planned for the expoitaion phase of the TAPPS project ensure the uptake of results and will be refined during the project lifetime. In particular, the KERs will be further analyzed with regards to the following aspects:

  • Target customers/groups
  • Assets exploited
  • Possible services offered
  • Initial estimation of economic benefits
  • Concrete planned actions for exploiting assets during and after the project timeframe.

A new Demonstrator for the TAPPS Project

A new demonstrator was introduced in the TAPPS project after a request from the European Commision.

The new demonstartor is the implementation of the TAPPS platform in the context of an industrial production environment, specifically targeted at the deployment of distributed real-time control applications for the control on the shop floor. In production environments, criticality relates to both real-time criticality for robotics and machine control as well as mission-criticality, i.e. the availability (uptime) of the production environment is directly tied to financial gains and losses.

The goal of the demonstrator is to demonstrate the following TAPPS elements:

  • TAPPS development methodology for critical applications using 4DIAC
  • Installation of C-apps through the TAPPS marketplace and execution environments through XME.
  • Safe and secure isolation of R-apps, T-apps and C-apps deployed on the ARM Juno platform utilizing the safe and secure switch between normal and secure worlds.
  • Control of distributed CPS from the CEE utilizing TAPPS deterministic Ethernet.

The First Healthcare Demonstrator of the TAPPS Project

The healthcare demonstrator of the TAPPS Project is a new model of Health Trolley, specifically designed to assist healthcare professionals in daily patient care activities, such as pharma administration or application of medical aids and devices. The demo, elaborated for the month #20 of the project shows the implementation of the communication between the Critical World (where essential trolley functions run, namely drawer management) and the Trusted World (hosting mainly the application to assign therapies to patients). The tests have been performed using an experimental workbench, including the real trolley control board connected with three drawer locks and the HiKey board, where the TAPPS architecture is implemented. The first component is a PIC-based, custom control board for drawer management, which includes a UART interface – connected to the HiKey96 board – and up to 36 drawer locks.

According to the trusted toolchain, the Critical app to control the trolley drawers (namely, the Trolley Control Unit app) has been designed using 4DIAC, and then modeled as a Chromosome node to ensure a trusted communication with the outside world. The generated code is verified by the SMV model checker. Critical apps can be uploaded (as suppliers) and downloaded (as subscribers) on/from the marketplace. Moreover, a beta-version of a Trusted app has been developed to perform prescription and administration of drugs, medical devices and clinical consumables: this application includes a patients’ database and works to assign therapies and drawers. However, since drawer indexes are randomly generated, the match between drawers and patients is not transparent: the two Execution Environments (EE) are then isolated from each other, but a secured communication can be performed.

Tapps Workbench 2

The First Automotive Demonstrator of the TAPPS Project

The aim of the first automotive demonstrator, due at month M20 of the TAPPS Project, was to validate part of the technologies developed in TAPPS through the Energica Ego electric motorbike, that is potentially vulnerable through CAN bus. As described in previous post, the most dangerous types of attacks in the automotive industry involve three stages:

  • The first stage is to get into an ECU via attack surface (remote or physical).
  • The second stage is to jailbreak the ECU.
  • Third stage is to send messages from the compromised ECU to other ECUs in the vehicle (that control the physical actions of the vehicle), which turn those cyber physical systems (e.g. ECUs controlling the brakes, vehicle speed, etc.) to take actions not intended by the operator of the vehicle.

These types of attacks could cause accidents while a vehicle is in motion, unlock a vehicle’s doors to make it easier to steal, or make a vehicle inaccessible to the vehicle’s owner.

In order to validate different technologies developed in TAPPS, and how these technologies can stop cyber-attacks, an incremental approach has been followed. The initial automotive demo is focusing on the integration of security mechanisms for the off-chip network that stops the stage two of the automotive attack above described. Validating the secure CAN (sCAN) concept on the Trusted Dashboard (T-DASH), we demonstrate how a compromised ECU cannot anymore send meaningful messages to other ECUs.  In addition, this demonstrator shows the implementation of the Critical Execution Environment (CEE), implemented by an STM32 board, connected via a standard CAN to the other motorbike ECUs.

The demo set up consists of a novel T-DASH connected to the CAN network of the motorbike via a commodity and simple STM32 board. In this CAN network we also have another ECU that interacts with the outside world via a wired (e.g. USB, OBD etc.) or wireless (e.g. cellular, Bluetooth, etc.) network.  With regards to remote code execution, the later ECU provides an attack surface with one or more vulnerabilities. Finally, the sCAN technology consists of a software library that is executed within the Critical Execution Environment (CEE) of the T-DASH, with the objective to guarantee a secure and robust communication over the CAN.

The enclosure of T-DASH has been redesigned in order to host the STM32 board and it has been made in Rapid Prototyping Technology. The T-DASH has a 4.3” LCD-TFT display. The figure shows one driving page that is developed on the STM32 board with the emWin library. This Main Driving Page shows the main driving information. In particular, this screen displays the Regeneration icon, Power icon, Air temperature, Time, Motoring Map, Regeneration Map, State Of Charge, Motor Temperature, Ice Warning Lamp, Check Lamp, Speed, RPM, Trip, Range and Odometer.

The importance of the Security in the Automotive Sector

Automotive security is very important since most people use vehicles and understand the dangers of an attacker that can gain the control of the vehicle. This makes them prone not only to thefts but also to automated attacks that endanger passengers’ safety.  Due to the number of breaches that have occurred within the last few years, car-makers have started to take security into account in order to detect and mitigate possible vulnerabilities.

The examples of vehicle hacking are not confined to the U.S. vehicle fleet. In Europe, German Automotive Association (ADAC) found a flaw in BMW’s companion smartphone app for its ConnectedDrive platform that would enable hackers to modify the app to allow them to remotely unlock any BMW, MINI, or Rolls Royce models equipped with the technologies underpinning the OEM’s ConnectedDrive telematics platform. The need for security of hardware and software systems in cars is driven by the ever-increasing connectivity between the car and the external world, which includes not only telematics services and internet access, but also upcoming vehicle-to-vehicle or vehicle-to-infrastructure communication [1].

Since the number of wired and wireless attack surfaces has grown in modern vehicles, there are more opportunities than ever before for criminals to hack into vehicles. In many cases, researchers have performed the hacks reported on by the media, but there have also been a number of criminal hacks of vehicles, for example using various electronic means to bypass remote key-less entry systems and immobilizer systems in order to steal cars. Unfortunately for the automotive industry, the growing number of ECUs for different applications in vehicles — around 100 in a premium vehicle — and the number of outside devices and servers connecting to those vehicles, makes security a very complex issue to solve.

One of the biggest challenge is in balancing the cost of security versus the risk potential (and therefore financial risk) that the multitude of attack surfaces presents. The sheer number of attack surfaces, from wireless connections such as cellular, Bluetooth, Wi-Fi, and Dedicated Short-Range Communications (DSRC) to wired connections, such as SD cards and USB ports, has dramatically expanded within the last few years [2].

Securing attack surfaces is essential, for this reason, the TAPPS Project is developing scalable, cost-effective solution that enable the manufacturing of secure connected cars.



[2] Solutions and Services for the AUTOMOTIVE INDUSTRY TXT e-solutions S.p.A. 2015

TAPPS with Virtual Open Systems at the Automotive Grade Linux 2016

The Automotive Linux Summit (ALS) is the main event organized yearly by the Linux Foundation for the open source automotive community Automotive Grade Linux (AGL), which main members are Toyota, Denso, Jaguar, Panasonic, Mazda, NXP, Samsung and Intel. The importance of this event is continuously growing, and this year ALS gathered 346 attendees from 15 countries and 120 companies represented.

Virtual Open Systems participated at ALS 2016 with a TAPPS demonstrator related to the work the Company is doing in the direction of the ECU consolidation and KVM VMs/real time operating system coexistence. We demonstrated the functionality and the communication between virtual machines (TAPPS Trusted Execution Environment and TAPPS Rich Execution Environments) and a real time operating system (TAPPS Critical Execution environment) in a real use case scenario. A video demo is available here.


At the same event, Virtual Open Systems presented a TAPPS platform entitled “High computing ARMv8 platforms to support centralized ECU functions”. The presentation described the possible ARMv8 deployments in automotive, with particular focus on the TAPPS architecture porting to recent ARMv8 platforms such as the Renesas R-CAR H3. The slides are publicly available here.


Virtual Open Systems is actively working to bring virtualization to AGL with an official proposal to create an Expert Group within the AGL organization with the intent of defining the requirements, use cases and architecture of virtualized AGL solutions (see Birds of Feather BOF Hypervisor). The discussion is ongoing, and will continue with a Birds Of a Feather (BOF) during the upcoming AGL All Member Meeting (AMM) 2016 which will be held in Munich on September 7th 2016.

TAPPS at the Industrial Technologies 2016

The European Conference Industrial Technologies 2016 is the largest networking conference in the field of new technologies, materials, nanotechnology, biotechnology and digitalization in Europe. The conference was organized as an associated event of the Netherlands Presidency of the Council of the European Union in the first half of 2016. The conference was held on 22 – 24 June 2016 in the RAI Amsterdam, The Netherlands.


click the logo above to be redirected to Industrial Technologies 2016 website

The three day conference provided a wide variety of plenary and interactive workshops, interesting key note speakers, poster sessions, company exhibition and many opportunities to get into contact with new potential business partners.

The TAPPS project was given the possibility to present results at the poster session at the exhibition. Together with many interesting topics, the TAPPS poster highlighted the results so far from the project.


The numerous visitors at the TAPPS poster varied from industry, academia, research up to policy makers. Intensive discussions took place among others regarding the underlying technologies implemented in the project (e.g. distributed communication, mixed-criticality, etc.) and the applicability and usability of CPS in manufacturing processes.

Click here to see the poster in high definition.


Smart Trolley for Odysseus 2016

As explained in the first post, the Smart Trolley is one of TAPPS case studies. A strong consortium of Italian SMEs (Small-Medium Enterprises) has developed its prototype, under the management of Ospedale San Raffaele. In the previous weeks, the project has been presented in the contest Odysseus 2016: navigare nelle idee (i.e. surfing in the ideas).


(click the logo to see more details on Odysseus 2016 in italian)


Odysseus aims at finding fresh and innovative ideas that bring together SMEs, technology and values for the development and growth of smart societies.

In this context, the Smart Trolley is a healthcare example that enriches the actual therapy trolley. In fact, the trolley is a Cyber-Physical System that reduces medication errors, enhances the standards of quality during patient care and ensures efficiency, security during all phases of patient therapy.



Thanks to TAPPS architecture, the interaction between the therapy application and the actuation of automatic drawers is secured and controlled by independent security layers (see front page of TAPPS website for TAPPS architecture and key elements).

As for now, the proposal of Smart Trolley is under examination by the Commission of Odysseus 2016. If accepted, it will be presented in Bergamo, October 3rd 2016.


Stay tuned, we will keep you updated!

TAPPS at the Road2CPS Workshop

The CPS Week 2016 brought together the main experts from academia, industry and policy-making in the area of Cyber Physical Systems. It was organized in four leading conferences, 21 workshops and several tutorials as well as special events like the ARTEMIS Spring Event, which were located in the Hofburg Palace – historical building of the 13th century and part of which is open  to the public as a conference center since 1958.



The focus of the first day of the ARTEMIS Spring Event was the presentation of the Strategic Research Agenda 2016.


The second day of the ARTEMIS Spring Event was organized by the Horizon2020 project Road2CPS in collaboration with ARTEMIS-IA and the European Commission. At this ‘Smart Cyber-Physical Systems – EC Clustering Event’ the TAPPS approach was presented by FORTISS – coordinator of the project. The presentation focused on the security aspects that should be provided in open CPSs.

The main objective of the event was to foster exchange on and creating synergies regarding projects involved in the research and development of innovative CPSs and their engineering aspects. Short presentations with enough time for questions and answers as well as posters and flyers of the projects promoted fruitful discussions between members of 15 Horizon2020 and ARTEMIS projects, invited speakers and workshop attendees. See full program and speakers-list at ARTEMIS-IA Spring Event.

e-TAPPS presentation

The participation in this two-day event was an enriching experience proving an excellent overview on the focus and activities of the other projects related to the same ICT cluster.



For our TAPPS project it was interesting to talk to members of other project that use similar scenarios to validate their results, which could provide potential synergy effects. An overview of the case study domains of all RIA projects was presented by Werner Steinhögl (DG CONNECT – A3).

Workshop for the Healthcare: TAPPS meets Master in Service Design

The Use Case is a means to understand how a technology, innovation is applied in real life and what kind of advantages this could bring to end-users and stakeholders. TAPPS project has two Use Cases: Automotive and Healthcare. On one side, TAPPS is applied on an electrical motorbike (Energica); on the other, on a smart trolley for preparation and administration of therapy in the hospital (San Raffaele Hospital – FCSR).

In this post, we would like to share the experience of the workshop we organized for the Healthcare Use Case, that took place in Milan in the San Raffaele Hospital structure (third party of TAPPS project) from the 3rd to 10th of February 2016.


The Workshop for the Healthcare involved 17 students from Master in Service Design of, Politecnico di Milano, who worked on the topic of Future Therapy for six full days. The Future Therapy workshop had two main objectives:

  • Disseminate TAPPS project in the university context, with special regards to CPS framework and its openness, partners involved and use cases;
  • Exploit coCreation Methodology and methods to generate ideas and concepts to solve specific problems of today’s process of preparation and administration of therapy to patients exploiting CPS concept;
  • Explore the synergy between CPSs and end-users (i.e. nurses) and understand the core values of their interaction


The output we asked the students was four high-level concepts each concerning one of the four macro-areas of problem: 1) misleading communication and misunderstanding between hospital staff; 2) interaction, usability and management of the therapy trolley; 3) misalignment between nurse activities and standard rules of the Hospital 4) distractions the nurses are forced to face during therapy sessions.

The aim was to receive as many “fresh” ideas as possible in terms of potential functions, applications of/in the smart trolley as an open CPS.

We gave as input material our desk and field research reports, such as state of the art, interviews and direct observations, and exploited some typical design thinking tools for the generation of ideas: brainstorming, clustering, mapping, and so on. The students also had the chance to visit four San Raffaele Hospital departments and see the medical context themselves.


The phases of the Workshop consisted in: 1) IMMERSION to the context; 2) GENERATION OF IDEAS divided into DIVERGENCE (many different ideas) and CONVERGENCE (cluster/selection of a few best ideas); 3) CRAFTING of the concept and 4) SHINING through a presentation to Hospital representatives.

The results of students’ work were four different developments and improvements to the actual therapy trolley. For the staff communication problem, smart glasses were exploited to facilitate nurse-nurse and nurse-doctor real-time communication; for the enhancement of trolley-nurse interaction, the smart trolley was seen as part of a complex system that included clinical wards, pharmacy and all medical stakeholders to reduce the medication errors through automatized components that help nurses’ tasks. For the alignment of nurses’ activities with Hospital procedures, a smart tracking bracelet was seen as a solution to raise awareness to nurses of their own activities by keeping track and giving real-time alerts; this device would transmit data to the smart trolley dashboard, where each nurse would see her activities regarding specific aspects. For the distraction problem, the concept consisted of a smart cabinet to put away the nurses’ phone and a system to indicate the next available nurse “to be disturbed”.


The workshop was an enriching, huge experience to involve people external to TAPPS project from different fields of interest into creating high-level concepts on how open CPSs could be implemented in the form of services to be used at end-users’ advantage.

The Workshop for the Healthcare was organised by our partners FCSR in Milan with the participation of different experts from the Hospital: Health Department (Hygiene & Sanitation and Quality & Accreditation), Nursing services, Scientific Research Department.

Thanks again to the teachers and students from Master in Service Design of Politecnico di Milano for such a big interest in our project and for their effort!