Research Projects

SASVI

Security at multiple system layers based on chains of trust and isolation

Start: 07/2022

End: 06/2025

SASVI addresses the design of trustworthy IT systems considering the following problems:

  1. Growing attack surface of (I)IoT systems due to the ongoing networking of highly integrated devices and lack of development support
  2. Analysis and configuration options of secure trust chains, such as for the implementation of zoning concepts from IEC 62443 in industrial applications

These problems are solved in SASVI by trust chains with end-to-end isolation consisting of secure RISC-V-based processor architectures, dedicated operating system components, hardware-based root-of-trust (RoT) components and trusted execution environments (TEE).

The FZI’s goal in SASVI is to develop a multi-layer concept for trust chains with end-to-end isolation across systems. This includes the layers hardware/software components, operating system and IIoT applications, starting from secure processor architectures, hardware-related operating system components, hardware-based root-of-trust components and TEE. In addition, a special focus will be placed on the secure and end-to-end integration of components into a trustworthy, industry-ready overall system. To achieve the broadest possible impact of the developed security technologies, SASVI relies on the open RISC-V architecture for hardware components.

The resulting continuously trustworthy overall system will then be researched and evaluated based on use cases – for example, in water supply and wastewater disposal – in critical or sensitive infrastructures.

The technical goals, enumerated from the hardware to the system level, are the development of:

  • Flexible RoT component for trust chains in RISC-V systems
  • Consistent HW primitive for Extended TEE in RISC-V architecture
  • Application in IIOT services remote maintenance, remote monitoring and over-the-air updates using smart pump applications as an example

In addition, the FZI intends to research novel isolation mechanisms that can be implemented with open-source hardware and software components in the embedded area. In this way, methods and concepts for secure IIoT systems are developed at various levels that can be used in future Industry 4.0 and automotive research projects.

Contact

Victor Pazmino Betancourt

Department Manager
Division: Embedded Systems and Sensors Engineering

Research focus

Safety, Security and the Law

In this research focus, the FZI investigates and conveys innovative concepts, methods for protecting IT systems, and legal framework conditions to enable secure digitalization.

Funding notice:
The SASVI project is funded by the Federal Ministry of Education and Research (BMBF). Funding Code: 16KIS1577.

Further links:

Project partners:

More projects