engineering the
embedded world

Safety & Security

Today, functionally safe products are mostly networked and must therefore be particularly protected against cyber risks due to normative requirements. As a leading development service provider in embedded security and as the first company worldwide whose development process for functionally safe products was certified with the highest maturity level, embeX combines the know-how from both areas in the combination of functional safety and embedded security developing products up to SIL 3 and SL 4 certifications.

Engineering Services

In addition to the normative requirements, it should be noted in the product definition that a higher security level (SL) of a component such as a control system requires fewer protective measures to be taken externally. Since system considerations always require intensive coordination with the end user, embeX advises on the cost-benefit analysis of improved security protection, where further system components and coordination are not necessary.

The certified embeX development process covers both safety and security requirements and is made available to customers for adaptation on request.

On the one hand, synergies are created in the development of safe and secure products, as both areas place high demands on the care taken in development and predictable behaviour. On the other hand, it is necessary to strike a balance between a large number of opposing objectives of the security concepts on a project-specific basis, as the following table illustrates:

Balancing Safety and Security Requirements

Safety Security
Norm IEC 61508 (SIL 1-4) IEC 62443 (SL 1-4)
Description Complete, detailled and static Dynamic description in categories
Source of damage System Internal & external
Threat analysis Failure Vulnerability
Target Constant safety function State-of-the-art security
Temporal development One-time development Regular reassessment and improvement
Availability Only required with active safety . Depending on threat
System usability High If required: Limited
Standard building blocks No, due to common cause Yes to minimise weaknesses
Coding style Specific safety rules Specific security rules
Updates To be avoided Required
Reaction time for updates . Months Typ. 1-90 days

KISS: Safe & Secure Platform for the IoT

The networking of functionally safe devices in the IoT environment requires the safeguarding of functional safety through suitable cybersecurity measures. embeX has developed the powerful and field-proven multiprocessor platform KISS for these diverse areas of application - KISS stands for “Keep It Save and Secure. The platform covers the following core functions of cybersecurity:

  • Implementation of access restrictions
  • Use of secure and proven protocols
  • Updateability of bootloader, operating system, application SW

The technical basis of the KISS multiprocessor platform is a Yocto-based embedded Linux with the following advantages for manufacturers:

  • Highly efficient development through integration of modules
  • Very large, constantly growing range of functions
  • Future-proofing through upcoming advances in the Yocto project

Safety solutions from a wide range of standards (IEC 61508, ISO 13849, MDR, FDA, etc.) can be integrated into the KISS platform to get protected effectively and efficiently with regard to security.

Typical Hardware Architecture of the Platform

Separation of safe and non-safe process areas through processor partitioning.

  • For Linux, processors from ARM A7 are recommended.
  • The safety processors are usually based on Cortex M0+ to M4

Scope

  • Functional safety protection according to the zone model
    • Including high-performance interprocessor communication between main and safe controllers
  • Realisation of the required cybersecurity measures through Linux functionality
    • Secure operation of network interfaces (protocols, encryption, certificates...)
    • Access and rights management at user and application level
    • Update capability to eliminate vulnerabilities according to the current state of the art
  • Basic software components in the Linux area for the realisation of common basic functionalities
    • Application and device configuration
    • Logging
    • Import of updates
    • Diagnostic access
    • Access to internal and external interfaces and (real-time) processing of data
    • High-performance inter-process communication
    • VPN
    • Remote maintenance

Tools

  •  Linux
    • Yocto recipes and configurations to create a custom embedded Linux Development environment
  • Setups for Visual Studio Code and QtCreator
    • for building applications on a Linux development host
    • for debugging on development host and on target platform

Documentation

  • Requirements and verification proofs for functionality of base software components
  • Base architecture model in Sparx Enterprise Architect
  • Unit tests for basic software components (GTest Framework)
  • Code review evidence

Standards and Directives

We work according to the following guidelines and standards:

  • IEC 61508: “Functional safety of electrical/electronic/programmable electronic safety-related systems”
  • IEC 62443: “Industrial communication networks - Network and system security”
  • IEC TR 63069: “Industrial-process measurement, control and automation - Framework for functional safety and security”
  • IEC TR 63074: “Security aspects related to functional safety of safety-related control systems”
  • Guidances for FDA
    • “Cybersecurity in Medical Devices: ... Premarket Submissions; Draft Guidance for Industry and Food and Drug Administration Staff” (2022)
    • “Postmarket Management of Cybersecurity in Medical Devices”
  • CLC/TS 50701: “Railway applications - Cybersecurity”

Further Reading

MEDengineering International/2020: “Efficient Separation of Safety Critical and Non-Safety Critical Tasks in Medical Embedded Systems”

Save field devices: 'Secure' in the industry as well? (German Language)

Contact

Tel.: +49 761 479799-677
k.borgwarth(at)embeX.de