H2020 EU TAPPS research project
Trusted APPS for open CPSs (TAPPS)
Open and smart cyber-physical systems (CPS) are considered to be the next revolution in ICT, enabling novel business models for integrated services and products. The main goal of the TAPPS research project is to extend and customize CPS devices with new 3rd party services and features within a Trusted Apps platform in an efficient, secure and most important trusted way. This extensibility is an important differentiating factor that enables new market extensions to keep pace with user expectations and latest technology. For instance, first generation Apps for vehicles provide infotainment or control/monitoring functionalities, which might lack safety critical conditions.
TAPPS is based on a dedicated execution environment for distributed, safety-critical CPS applications offering multiple layers of security and a holistic, open end-to-end tool chain for developing and deploying CPS Apps. TAPPS aims to achieve three objectives:
Design, implement and validate a separate, dedicated, real-time Trusted Execution Environment (TEE) for highly-trusted CPS Apps. The TEE is located inside the system control unit and uses TAPPS’ processor, a network-centric security mechanisms and a hypervisor for virtualization.
Provide and validate an end-to-end solution for development and deployment of trusted Apps.
Validate the multi-level trusted Apps platform and tool chain in several application domains using realistic industrial, automotive use cases enabling the project exploitation.
Innovative TAPPS Architecture
The TAPPS architecture consolidates three isolated execution environments (EEs), REE, TEE and CEE, in a single system. In particular, TEE and REE will be the entry point of the user’s input, hosting the user interface (GNU/linux-based) which the user interacts with, while CEE addresses safety critical applications running upon Real Time Operating System (RTOS). Underneath these isolated compartments there are the middleware/libraries allowing the interaction between the TEE and the CEE. The scheduling of the three EEs is regulated by VOSYSmonitor as it acts as a secure monitor, allowing the co-execution of an RTOS and a Linux KVM host.
Activity in VOSYSmonitor ISO 26262 certification
Among the possible applications of the TAPPS architecture, Virtual Open Systems has given, within its activities in TAPPS, a particular focus in the automotive market and its related strong requirements in term of safety functional certification. In this context, the automotive ISO-26262 certification of VOSYSmonitor is of utmost importance to bring to the automotive market a mixed-critical solution able to co-execute several OS upon a single multicore and heterogeneous hardware platform. Within TAPPS, Virtual Open Systems has dealt with the software verification activities of the VOSYSmonitor certification; in fact the ISO-26262 certification requires VOSYSmonitor to go through an extensive test suite, including static (i.e., MISRA-C 2012 compliance) and dynamic analyses of the code (i.e., code coverage) which led to the definition of a rigorous work flow to follow throughout the development process.
Automotive Grade Linux (AGL) involvement
The concept of isolated execution environments has been disseminated by Virtual Open Systems, becoming soon the starting point of an open source community effort in AGL. AGL is a collaborative open source project that is accelerating the development and adoption of a fully open software platform for automotive applications. As a result of this activity, in 2017 Virtual Open Systems created the AGL Virtualization Expert Group (EG-VIRT). Under Virtual Open Systems' leadership, this group is today working to the definition of the AGL virtualized software defined vehicle architecture.
This project has received funding from the European Union Horizon 2020 research and innovation program, TAPPS, under grant agreement No 645119. The concepts presented in this web page reflects only authors' view and the European Commission is not responsible for any use that may be made of the information it contains.