Secured Open Source Embedded Software

The modern vehicle is facing a fundamental problem: the more connected it gets, the more cybersecurity threats it faces.

Data link reliability or bandwidth changes caused by roaming also make it much harder to reliably push car sensor data to the cloud.

This presentation is about implementing a reliable Vehicle to Cloud (V2C) scheme in the AGL ecosystem.

It starts with lessons learned from real-world use cases: sending data from thousands of sensors to a cloud backend served by a choppy connection.

It then describes how the AGL microservice framework and its security model, coupled with RedisTimeSeries, can be used to securely and selectively funnel data from the target to the cloud.

The talk concludes with a proposal on how this infrastructure could be integrated into the core of AGL to benefit the community at large.

This talk was presented at the AGL All Member Virtual Meeting 2021.

Slides: [click here]

Video: [click here]

 

This talk given at the AGL All Member Metting [VIRTUAL] of Spring 2021 presents how the application framework and its core components can shift from being based on Smack to SELinux.

The Linux kernel has many security mechanisms: capabilities, credentials, cgroups, namespaces, security modules, SELinux, AppArmor, Smack, ...

The talk reviews their benefits. As of today, the AGL application framework leverages these security features in order to achieve safety, security and privacy of the system, applications and users.

The talk summarizes the current state of the application framework.

Finally, the talk presents the work done in replacing Smack with SELinux and shows the designs that make the transition transparent to application developers while providing the same level of security.

Slides: [click here]

Video: [click here]

This video is a short introduction of the redpesk® factory WebUI.
As you can see, the following features are available :

  • easy workflow to create a new project and an application
  • team and user management
  • integrated specfile editor
  • automated CI tests based on virtual lab / targets

The main objective of this paper is to implement an Intrusion Detection System (IDS) over the Controller Area Network (CAN) data buses. In order to achieve this, we will first study the architecture of CAN buses in the automotive industry and then develop a detection method plan in order to treat various attacks.

Paper: [click here]

IoT.bzh investigated on lazy object synchronization techniques combined with an appropriate serialization format and shows that performance can be improved by a ratio from 10 to 100 depending on use cases. This benefits to low-latency and/or high-throughput applications: High frequency sensors, fast CAN messaging, realtime applications, ...

Changing serialization format may provide a performance gain from 20% to 50%. To go further, the only solution is to reduce drastically the number of (de)serializations. This can be achieved by adopting a dual internal and external representation for objects coupled with new transport mechanisms between bindings.

This talk presents the benchmark results obtained by our team and proposes new ways to boost performance in the AGL Application Framework, including a new binding API v4 compatible with current API v3.

Slides: [click here]

Video: [click here]

Archived Publications

About us

Our redpesk® product: a software factory in a white box enabling you to speed up and control your embedded developments from the initial design cycle to your product end of life.

Contact information

IoT.bzh

Halles St Louis,
    rue Docteur Bodelio
56100 Lorient
02 57 62 02 47