Embedded systems are dedicated to a single function in a larger system. They are present in every field of our daily life, from routers to thermostats and are also commonly applied in safety-critical systems, such as industrial control systems, railway or automotive. These systems are also the main driving force behind the concept of the Internet of Things, where the majority of the connected devices will not be traditional computers but embedded systems.
Traditionally, embedded systems must conform with a number of requirements such as reliability, availability and fault-tolerance and safety. Safety of an embedded system ensures that the operation of the system does not endanger human life or the environment. However, a new requirement arises for embedded systems nowadays: security. The increased connectivity of devices and the usage of off-the-shelf software results in a scenario when a piece of malware is capable of undermining the safety of the embedded system and cause harm in the physical environment, like Stuxnet did. Embedded systems must be fortified against these attacks but the introduced security mechanisms must not hinder the system in conforming with safety requirements. As a result, safety and security should be designed together in embedded systems but the methodology required is still an area of active research.
This diploma project explores the emerging trend of virtualization in embedded systems as a basis on top of which embedded systems can be designed to satisfy both safety and security requirements. A system of rotating virtual machines is presented that provides proactive security for embedded devices while the multiple virtual machines in the system provide redundancy as a safety measure. The designed system satisfies liveness and safety requirements, the evaluation of which requirements was done with formal verification. The diploma project also includes a proof-of-concept implementation of the designed system by implementing and testing an Internet Protocol Security (IPsec) gateway.