WeForming
Buildings as efficient and interoperable components of the future energy system
SASVI
Security at multiple system layers based on chains of trust and isolation
Start: 07/2022
End: 06/2025
SASVI addresses the design of trustworthy IT systems considering the following problems:
- Growing attack surface of (I)IoT systems due to the ongoing networking of highly integrated devices and lack of development support
- Analysis and configuration options of secure trust chains, such as for the implementation of zoning concepts from IEC 62443 in industrial applications
These problems are solved in SASVI by trust chains with end-to-end isolation consisting of secure RISC-V-based processor architectures, dedicated operating system components, hardware-based root-of-trust (RoT) components and trusted execution environments (TEE).
The FZI’s goal in SASVI is to develop a multi-layer concept for trust chains with end-to-end isolation across systems. This includes the layers hardware/software components, operating system and IIoT applications, starting from secure processor architectures, hardware-related operating system components, hardware-based root-of-trust components and TEE. In addition, a special focus will be placed on the secure and end-to-end integration of components into a trustworthy, industry-ready overall system. To achieve the broadest possible impact of the developed security technologies, SASVI relies on the open RISC-V architecture for hardware components.
The resulting continuously trustworthy overall system will then be researched and evaluated based on use cases – for example, in water supply and wastewater disposal – in critical or sensitive infrastructures.
The technical goals, enumerated from the hardware to the system level, are the development of:
- Flexible RoT component for trust chains in RISC-V systems
- Consistent HW primitive for Extended TEE in RISC-V architecture
- Application in IIOT services remote maintenance, remote monitoring and over-the-air updates using smart pump applications as an example
In addition, the FZI intends to research novel isolation mechanisms that can be implemented with open-source hardware and software components in the embedded area. In this way, methods and concepts for secure IIoT systems are developed at various levels that can be used in future Industry 4.0 and automotive research projects.
Contact
Victor Pazmino Betancourt
Department Manager
Division: Embedded Systems and Sensors Engineering
- +49 721 9654-190
- pazmino@fzi.de
- Headquarters Karlsruhe
Research focus
Safety, Security and the Law
The FZI focuses in this research area on the topics of resilience for critical infrastructures, managing security, legal tech and (post-)quantum cryptography, and also deals with the mutual influence of artificial intelligence on safety and security.
Funding notice:
The SASVI project is funded by the Federal Ministry of Education and Research (BMBF). Funding Code: 16KIS1577.
Further links:
Project partners:
More projects
Hybrenergy
Hybrid building twins for increased energy efficiency
FlexBlue
Flexible refrigeration systems against the background of increased decarbonization
EDIH-AICS
European Digital Innovation Hub applied Artificial Intelligence and Cybersecurity
MINGA “Munich’s Automated Public Transport with Ridepooling, Solo Bus and Bus Platoons”
Automation of vehicles in local public transport
RepliCar
Reference sensor platform for high-precision sensor validation for automated driving
Transformation Hub Automotive Software Engineering (TASTE)
Software development skills are the foundation of the software-defined vehicle
TWON
Online social networks influence the dissemination of news
ROUTINE
Living lab for the transfer of digital health applications and AI into healthcare
KI4BoardNet
Next-generation distributed, continuously learning onboard power management system