Injecting Security Features into Constrained Embedded Firmware
Within the last decade, emerging use-cases like ``Ambient Assistive Technologies``, ``Car2X`` communication, ``Smart Homes``, ``Smart Cities`` and Industry 4.0 transformed computer systems to ubiquitous companions in our daily lives. The inevitable interconnection of these devices is better known as Internet of Things (IoT). The vast majority of the IoT is made up of computing devices that are highly specialized for their particular purpose. These devices are called embedded systems. Due to their specialization and the thereof resulting constraints such as energy consumption and the deterministic fulfillment of deadlines (real-time requirements), many embedded systems cannot be equipped with a standard operating system for embedded devices like Windows IoT Core, or Linux. As a consequence, a plethora of computers in the IoT lack a sufficient amount of security features that are common in standard operating systems. However, the retrofitting of all available software for embedded systems at a source level is clearly illusive due to the high degree of software (systems with special operating systems, or without operating systems) and hardware diversity (different processor architectures, memory sizes, additional hardware). Therefore, the aim of project ISaFe is to provide automated approaches to implant security features into connected embedded systems to counter the lack of security features in the backbone of the IoT. Together with the IoT startup Riddle & Code, who's aim is to provide an interface between embedded systems and blockchain technology, SBA-Research and the FH Technikum Wien pursue a novel approach based on binary rewriting to retrofit already existing IoT systems in order to make them more resilient against unauthorized access attempts.
Partners: SBA Research gGmbH (LEAD), FH Technikum Wien, Riddle&Code