Certified System-On-Chip for Safety Critical Industrial Applications

There is a gap in in the security model of hardware/software systems where the interface between hardware and software lacks a contract. Users rely on software environments to provide security functions, but there is no guarantee that the software function can do that due to dependencies on functionality provided by the hardware platform.

There is a trend towards moving to higher computational performance and higher integration of system-on-chip hardware components. Increased performance, and in many cases additional processor cores within one hardware component, allows integrating software functions that were previously using separate hardware components onto the same component. This integration of software functions allows system cost to be reduced where savings in components, area, and power can be attained by just lowering the number of integrated circuits that make up the electronics system. At the same time it creates safety and security issues. To optimize performance the integrated systems use internal shared resources, e.g., caches or interconnects, and this may create side channels that can be critical for security and safety.

The CSSTII project addresses these challenges:

• The project extends an existing hardware design to provide timing isolation between software images. The hardware design will undergo a security evaluation, which is necessary to provide the guarantees towards the higher software layers.

• A goal is also to increase awareness of the importance of hardware functions for cybersecurity and the gap between certified software and hardware platforms.

• The project addresses the gap between software and hardware by performing a Common Criteria security evaluation of the developed hardware platform. This, combined with a CC evaluated software environment, will enable the creation of a CC certified HW+SW platform.