engineering the
embedded world

Safety & Security

Today, functionally safe products are mostly networked and must therefore be particularly protected against cyber risks due to normative requirements. As a leading development service provider in embedded security and as the first company worldwide whose development process for functionally safe products was certified with the highest maturity level, embeX combines the know-how from both areas in the combination of safety and security developing products up to SIL 3 and SL 4 certifications.

Engineering Services

In addition to the normative requirements, it should be noted in the product definition that a higher security level (SL) of a component such as a control system requires fewer protective measures to be taken externally. Since system considerations always require intensive coordination with the end user, embeX advises on the cost-benefit analysis of improved security protection, where further system components and coordination are not necessary.

The certified embeX development process covers both safety and security requirements and is made available to customers for adaptation on request.

On the one hand, synergies are created in the development of safe and secure products, as both areas place high demands on the care taken in development and predictable behaviour. On the other hand, it is necessary to strike a balance between a large number of opposing objectives of the security concepts on a project-specific basis, as the following table illustrates:

Balancing Safety and Security Requirements

Safe & Secure Multiprocessor Platform for the IoT

The networking of functionally safe devices in the IoT environment requires the safeguarding of functional safety through suitable cyber security measures. embeX has developed a powerful and field-proven multiprocessor platform for these diverse areas of application, which is covers the following core functions of cyber security:

  • Implementation of access restrictions
  • Use of secure and proven protocols
  • Updateability of bootloader, operating system, application SW

The technical basis of the Safe & Secure multiprocessor platform is a Yocto-based embedded Linux with the following advantages for manufacturers:

  • Highly efficient development through integration of modules
  • Very large, constantly growing range of functions
  • Future-proofing through upcoming advances in the Yocto project

Safety solutions from a wide range of standards (IEC 61508, ISO 13849, MDR, FDA, etc.) can be integrated into this platform to get protected effectively and efficiently with regard to security.

Typical Hardware Architecture of the Platform

Separation of safe and non-safe process areas through processor partitioning.

  • For Linux, processors from ARM A7 are recommended.
  • The safety processors are usually based on Cortex M0+ to M4

Scope

  • Functional safety protection according to the zone model
    • Including high-performance interprocessor communication between main and safe controllers
  • Realisation of the required cyber security measures through Linux functionality
    • Secure operation of network interfaces (protocols, encryption, certificates...)
    • Access and rights management at user and application level
    • Update capability to eliminate vulnerabilities according to the current state of the art
  • Basic software components in the Linux area for the realisation of common basic functionalities
    • Application and device configuration
    • Logging
    • Import of updates
    • Diagnostic access
    • Access to internal and external interfaces and (real-time) processing of data
    • High-performance inter-process communication
    • VPN
    • Remote maintenance

Tools

  •  Linux
    • Yocto recipes and configurations to create a custom embedded Linux Development environment
  • Setups for Visual Studio Code and QtCreator
    • for building applications on a Linux development host
    • for debugging on development host and on target platform

Documentation

  • Requirements and verification proofs for functionality of base software components
  • Base architecture model in Sparx Enterprise Architect
  • Unit tests for basic software components (GTest Framework)
  • Code review evidence

Standards and Directives

We work according to the following guidelines and standards:

  • IEC 61508: “Functional safety of electrical/electronic/programmable electronic safety-related systems”
  • IEC 62443: “Industrial communication networks - Network and system security”
  • IEC TR 63069: “Industrial-process measurement, control and automation - Framework for functional safety and security”
  • IEC TR 63074: “Security aspects related to functional safety of safety-related control systems”
  • Medical Device Certification Group: MDCG 2019-16: “Guidance on Cybersecurity”
  • Guidances for FDA
    • “Premarket Submissions for Management of Cybersecurity in Medical Devices”
    • “Postmarket Management of Cybersecurity in Medical Devices”
  • IEC 50159: “Railway applications. Communication, signalling and processing systems. Safety-related communication in transmission systems”

Further Reading

MEDengineering International/2020: “Efficient Separation of Safety Critical and Non-Safety Critical Tasks in Medical Embedded Systems”

Save field devices: 'Secure' in the industry as well? (German Language)

Who to contact

Dr. Kai Borgwarth

Director Marketing and Sales

Phone: +49 761 479799-677
Mobile: +49 151 4223 2542
k.borgwarth(at)embex.de

Download vCard

Contact

Tel.: +49 761 479799-677
k.borgwarth(at)embeX.de