SafeTEE: Combining Safety and Security on ARM-based Microcontrollers
Martin Sch¨onstedta, Ferdinand Brasserb, Patrick Jauernigc, Emmanuel Stapfd and
Ahmad-Reza Sadeghif
Technical University of Darmstadt Darmstadt, Germany
amartin.schoenstedt@sanctuary.dev
bferdinand.brasser@sanctuary.dev
cpatrick.jauernig@sanctuary.dev
demmanuel.stapf@sanctuary.dev
eahmad.sadeghi@trust.tu-darmstadt.de
ABSTRACT
From industry automation to smart home, embedded devices are already ubiquitous, and the number of applications continues to grow rapidly. However, the plethora of embedded devices used in these systems leads to considerable hardware and maintenance costs. To reduce these costs, it is necessary to consolidate applications and functionalities that are currently implemented on individual embedded devices. Especially in mixedcriticality systems, consolidating applications on a single device is highly challenging and requires strong isolation to ensure the security and safety of each application. Existing isolation solutions, such as partitioning designs for ARM-based microcontrollers, do not meet these requirements.
In this paper, we present SafeTEE, a novel approach to enable security- and safety-critical applications on a single embedded device. We leverage hardware mechanisms of commercially available ARM-based microcontrollers to strongly isolate applications on individual cores. This makes SafeTEE the first solution to provide strong isolation for multiple applications in terms of security as well as safety. We thoroughly evaluate our prototype of SafeTEE for the most recent ARM microcontrollers using a standard microcontroller benchmark suite.
Keywords: Safety, Embedded, Arm, Trustzone, TEE.