Op&Sec

In many applications embedded systems need to fulfil somewhat contradictory goals: they must host control applications requesting a high security and reliability, and they must be opened to internet for monitoring, supervision and configuration. For this purpose, they need to run classical internet software components like database management systems and web frameworks.

To address this challenge, the Op&Sec platform hosts the hypervisor EmbeddedXEN (an open source project developed by HES-SO) with two virtual machines called “domains”: Dom0 for the secure control application and DomU for the world open to internet. Local I/Os (GPIOs, USB…) are basically managed by Dom0, which may “tunnel” some interfaces to DomU. The Ethernet IP interface is also securely shared by both domains.

EmbeddedXEN has been ported to a dual core ARM Cortex-A9 based micro-controller (target platform is a Xilinx/Zynq development board).

The Open (DomU) domain is managed by OSGi, a Java modular system and service platform. Applications can use services for databases and web, and may access local inputs / outputs if allowed by Dom0. Applications have an abstract view of their local environment through so-called resources. Resources are objects (as in object oriented programming) representing concrete peripheral devices.

The security of the Op&Sec platform has also been assessed.

In the developed prototype, Dom0 acts as a smart metering gateway whereas DomU can host different energy management services.

Valorisation

HES-SO VS uses Op&Sec technology as basis for the design of a customer energy management gateway for the SEMIAH EU project.