Femto-Containers: DevOps on Microcontrollers with Lightweight Virtualization &amp; Isolation for IoT Software Modules

Zandberg, Koen; Baccelli, Emmanuel

doi:10.48550/arxiv.2106.12553

Cited by 3 publications

(3 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore, the SUIT workflow allows an Information System Management (ISM) service to upload a firmware image containing security vulnerabilities or malicious behaviors. Furthermore, as demonstrated by some recent work, the SUIT workflow is flexible in that it allows not only pre-quantum, but also post-quantum security [22], and does not only cater for full IoT firmware updates, but also for securing modular software updates on low-power IoT devices [23]. Last but not least, SUIT allows the ISM to transfer its authority to another entity, e.g., a third-party developer, that can deliver to the ISM some components of a software update (e.g., the executable of the application to be updated) or trigger the update process directly.…”

Section: Discussionmentioning

confidence: 99%

HArMoNICS: High-Assurance Microgrid Network Infrastructure Case Study

Roascio

Costa

Baccelli³

et al. 2022

IEEE Access

View full text Add to dashboard Cite

Modern Intelligent Infrastructures (II) are highly complex, interconnected systems that are now emerging. For instance, II can integrate technologies and processes to provide citizens with faster services and better goods. An average II can include many technologies, e.g., Cloud applications and IoT devices, under different environments, e.g., industry 4.0 production plants and smart buildings. Although II bring concrete benefits to all of these contexts, they also carry security concerns. Reasoning about threats and security exposures that might affect II is non trivial. This is only partially due to their inherent complexity. As a matter of fact, real II are typically in charge of some critical operations that cannot be interrupted or compromised for experimental purposes. An alternative solution is to rely on digital replicas which can provide a good trade off between realism and usability. These assets represent a strategic and highly demanded resource for the security community. In this paper we present HArMoNICS, a case study infrastructure meant to provide a playground for security experts interested in II security. HArMoNICS revolves around a digital replica of a real Smart Polygeneration Microgrid (SPM) located in Italy. Although most of the components are based on or inspired to the real system, HArMoNICS has been enriched with further security-relevant features. As a result, the case study includes vertical uses cases focusing on specific security topics. Security researchers can use it to assess the effectiveness of new methodologies, to carry out security training activities, or even to extend it with new elements.

show abstract

Section: Discussionmentioning

confidence: 99%

HArMoNICS: High-Assurance Microgrid Network Infrastructure Case Study

Roascio

Costa

Baccelli³

et al. 2022

IEEE Access

View full text Add to dashboard Cite

show abstract

“…We generalized the SUIT state machine to add support for (i) Heterogeneous update delivery mechanisms with configurable {message model, network stack, network interface} bundle, or FileSystem read/write functions, (ii) Heterogeneous storage destination with configurable internal/external memory either Volatile (e.g. RAM for mission files, or for tiny runtime execution containers such as Fem-toContainers [24]) or non-volatile (e.g. FileSystem or internal Flash) and (iii) Heterogeneous update data URI with either a local file (e.g.…”

Section: Cubedate Implementationmentioning

confidence: 99%

Cubedate: Securing Software Updates in Orbit for Low-Power Payloads Hosted on CubeSats

Molina,

Baccelli,

Zandberg

et al. 2023

2023 12th IFIP/IEEE International Conference on Performance Evaluation and Modeling in Wired and Wireless Networks (PEMWN)

View full text Add to dashboard Cite

CubeSat design is facilitated by the increasing availability of open-source software in the domain, and a variety of low-cost hardware blueprints based on commodity microcontrollers. We attain the rock-bottom price to reach orbit as entities that design, launch and operate CubeSats started selling to multiple tenants tiny rack slots for low-power payloads that may be hosted on their CubeSat. The question arises of how to provide state-of-the-art security for software updates on a multitenant CubeSat, whereby mutual trust between tenants is limited. In this paper, we provide a case-study: ThingSat, a low-power payload we designed, is currently hosted on a CubeSat orbiting at 500km altitude operated by a separate entity. We then design Cubedate, a framework for securing continuous deployment of software to be updated on orbiting multi-tenant CubeSats. We also provide a highly portable open-source implementation of Cubedate, based on the IoT operating system RIOT, which we evaluate experimentally.

show abstract

“…Hardware vendors typically provide a HdS implementation in the C programming language only. However, newer compiled languages and dynamic runtime environments, such as C++ [34], Rust [59], Python [38], and IoT-focused Femto-Containers [80], bring new programming paradigms and features to resource-limited embedded systems, but they require a custom HdS stack [15,30].…”

Section: Introductionmentioning

confidence: 99%

[Tool] Automatically Extracting Hardware Descriptions from PDF Technical Documentation

Hauser,

Pennekamp

2023

Journal of Systems Research

View full text Add to dashboard Cite

The paper presents a modular processor designed to extract detailed data sets from technical documentation in PDF format, specifically targeting microcontroller hardware descriptions. The extracted data can be used for code generation in the embedded software domain. The table processing and text mining paradigms are applied to extract and convert data from the technical documentation in a deterministic process that yields reproducible results. The processor functionality is verified by comparing the data extracted from the technical documentation against the existing machine-readable sources. Most reviewers find the work very interesting and beneficial for the community.

show abstract

Femto-Containers: DevOps on Microcontrollers with Lightweight Virtualization & Isolation for IoT Software Modules

Cited by 3 publications

References 10 publications

HArMoNICS: High-Assurance Microgrid Network Infrastructure Case Study

HArMoNICS: High-Assurance Microgrid Network Infrastructure Case Study

Cubedate: Securing Software Updates in Orbit for Low-Power Payloads Hosted on CubeSats

[Tool] Automatically Extracting Hardware Descriptions from PDF Technical Documentation

Contact Info

Product

Resources

About