The current approach for security on safety-critical embedded systems is generally to keep subsystems separated, but this approach is now being challenged by technological evolution towards openness, increased communications and use of multi-core architectures. SAFURE will push forward the limits of current approaches on safety and security mixed-critical systems in a way that has never been done before.

SAFURE’s mission is to design a cyber-physical systems by implementing a methodology that ensures safety and security by construction. This methodology is enabled by a framework developed to extend system capabilities so as to control the concurrent effects of security threats on the system behavior. With this in mind, the project aims at allowing European suppliers of safety-critical embedded products to develop more cost and energy-aware solutions.

The SAFURE project comprises 12 partners from 6 European countries:

• Technikon Forschungs- und Planungsgesellschaft mbH, Villach, Austria
• Escrypt GmbH Embedded Security, Bochum, Germany
• Magneti Marelli S.P.A., Milano, Italy
• TTTech Computertechnik AG, Vienna, Austria
• Sysgo AG, Klein-Whinternheim, Germany
• Symtavision GmbH, Braunschweig, Germany
• Thales SA, Neuilly Sur Seine, France
• Technische Universität Braunschweig, Braunschweig, Germany
• Barcelona Supercomputing Center, Barcelona, Spain
• Scuola Superiore Di Studi Universitari E Di Perfezionamento Sant'Anna, Pisa, Italy
• Eidgenoessische Technische Hochschule Zürich, Zürich, Switzerland
• Thales Communications & Security SAS, Gennevilliers, France

IDA will contribute to the SAFURE project in the increasingly important area of switched real-time networks. Specifically, methods and algorithms for safe mixed-critical communication over switched Ethernet (including IEEE 802.1Q (Standard Ethernet), IEEE 802.1Qav (Ethernet AVB), and IEEE 802.1Qbv (Ethernet TSN)) will be developed.

Contributions include:

• Formal worst-case analysis methods for safe and timely message delivery
• Support for mixed-critical traffic, e.g. via isolation or sufficient independence
• Proactive network admission and congestion control, e.g. via Software Defined Networking (SDN)
• Error and attack detection, prevention, containment, and recovery mechanisms, e.g. via ingress filtering and monitoring, and network reconfiguration (SDN mechanisms)

Further contributions include:

• Analysis of the transport of legacy data (e.g. CAN) via gateways over an Ethernet backbone network
• Weakly-hard transmission guarantees in multi-hop topologies (e.g. Ethernet)

For further information, please visit the project website at: www.safure.eu

This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 644080.

This work was supported by the Swiss State Secretariat for Education‚ Research and Innovation (SERI) under contract number 15.0025. The opinions expressed and arguments employed herein do not necessarily reflect the official views of the Swiss Government.

People at IDA

Daniel Thiele (email)

Robin Hofmann