• About CASED
• News & Events
• Research
  • Research Areas
  • Main Research Topics
  • Publications
  • CASED at conferences
  • Software & Downloads
• Transfer & Innovation
• Education
• Press
• Links

• Contact
• Sitemap
• Imprint

search

Secure Things Research Department

Head of Department: Prof. Dr. Sorin A. Huss

“How can embedded systems, which generally have very limited resources and different communication options, be secured such that they can protect themselves to a large extent autonomously from attacks, adapt dynamically to changing requirements and co-operate securely with their environment?”

The increasing networking of embedded systems of different granularity gives rise to new security and reliability problems. To date, IT security aspects have not been adequately taken into account. Particular problems are created by the limited resources of embedded systems, which are frequently used in safety-critical areas, and by the high demands on their quality.

Networked embedded systems will shortly reach a level of function complexity which will require frequent adaptations and extensions of their functionality during their planned run-time, particularly in response to attempted attacks, which are beyond the capacity of available internal protection measures. New procedures are, therefore, required to reconfigure the systems accordingly.

New types of attack scenarios give rise to further work. Some owners of products which contain embedded software consciously and deliberately attack these systems, for example, by manipulating car odometers.

These challenges mean that there is significant demand from the industry for security measures for embedded systems. Alongside new resource-saving encryption procedures, innovative measures will be required in the following four areas: self-monitoring, self-repair, reliable component identification and methodical hardware-software co-design of secure and reliable embedded systems.

The objective of the CASED “Secure Things” research department is to make networked embedded systems significantly more secure and more robust and thus suitable for safety-critical applications.

The research department is therefore concerned with the following key themes:

Self-protection: New solutions are being developed for self-protection functions, using hardware-software co-design methods to combine components with different properties: hardware-based, effective and non-bypassable self-protection components and software-based, flexibly configurable components. In addition, operating system services are being developed for continuous monitoring and control, which take into account real-time requirements and are resource-saving.

Self-monitoring: CASED is developing effective techniques for the description and verification of security-related hardware/software properties of an embedded system using combined threat and error models. These describe reliable expected behaviour patterns and known attack scenarios. The techniques are specified and combined with modelling concepts. This means that for the first time security requirements are uniformly included for the partial functions performed in the hardware and the software.

Based on these specifications, local monitoring procedures are automatically generated, which identify behaviour deviations and known attack scenarios at as early a stage as possible. They take into account the run-time and storage space restrictions of embedded systems by using special operating system services. Moreover, the definition of adequate indicators for security and vulnerability to attack of embedded systems supports a robust self-diagnosis.

Self-repair: Research is being conducted into new self-repair mechanisms for embedded systems which identify weak points that only occur during the system run-time. CASED is, therefore, developing secure update techniques which do not affect the current operation, procedures for event-controlled reconfiguration of hardware and software architectures and general model-based development processes.

Secure Interaction: In this field, CASED is working on efficient and resource-saving encryption processes and procedures for the forgery-proof identification of hardware and software components. These allow a secure and, at the same time, practical interaction of embedded systems with their environment.

Identity and Rights Management: Identity and rights management solutions are being developed to enable forgery-proof identification of components which protects confidentiality and resource-efficient, reliable control of access to the functions of the embedded components.