SafeTEE: Combining Safety and Security on ARM-based Microcontrollers

Martin Sch¨onstedt^a, Ferdinand Brasser^b, Patrick Jauernig^c, Emmanuel Stapf^d and Ahmad-Reza Sadeghi^f
Technical University of Darmstadt Darmstadt, Germany
^amartin.schoenstedt@sanctuary.dev
^bferdinand.brasser@sanctuary.dev
^cpatrick.jauernig@sanctuary.dev
^demmanuel.stapf@sanctuary.dev
^eahmad.sadeghi@trust.tu-darmstadt.de

ABSTRACT

From industry automation to smart home, embedded devices are already ubiquitous, and the number of applications continues to grow rapidly. However, the plethora of embedded devices used in these systems leads to considerable hardware and maintenance costs. To reduce these costs, it is necessary to consolidate applications and functionalities that are currently implemented on individual embedded devices. Especially in mixedcriticality systems, consolidating applications on a single device is highly challenging and requires strong isolation to ensure the security and safety of each application. Existing isolation solutions, such as partitioning designs for ARM-based microcontrollers, do not meet these requirements.

In this paper, we present SafeTEE, a novel approach to enable security- and safety-critical applications on a single embedded device. We leverage hardware mechanisms of commercially available ARM-based microcontrollers to strongly isolate applications on individual cores. This makes SafeTEE the first solution to provide strong isolation for multiple applications in terms of security as well as safety. We thoroughly evaluate our prototype of SafeTEE for the most recent ARM microcontrollers using a standard microcontroller benchmark suite.

Keywords: Safety, Embedded, Arm, Trustzone, TEE.

---

Full Text (PDF)

© 2022 EDAA. All rights reserved.