We conducted this interview with SYSGO SAS (José Almeida) and SYSGO GmbH (Mario Brotz)
Considering your company’s area of activity, what was your motivation to participate in H2020 project ADMORPH?
José: We are one of the leading producers of high-assurance embedded systems in Europe, in particular we provide a small-codebase MILS separation kernel [1], which has the property of providing strong and reliable separation of workloads. In ADMORPH, to ensure security and safety of the application workloads, we have used a separation kernel to provide that strict separation for the use cases. Historically, a governing principle of a separation kernel was to enable static configurations for relatively simple embedded systems and applications. With safety-critical embedded systems and CPS(oS) growing to more powerful hardware, more complex embedded systems become feasible, and, in part the ADMORPH use cases were helpful to gather demands for runtime and OS support.
[1] https://en.wikipedia.org/wiki/Multiple_Independent_Levels_of_Security
The ADMORPH project foresees the following three use cases: autonomous aerospace systems, radar surveillance systems and subway transportation systems. Can you explain in more detail the use case that you contributed to the project or in which you are more involved? Which challenges does it raise?
José: We have contributed to two of the use cases, that is autonomous aerospace and subway transportation systems. For the subway transportation systems, we were able to use the MILS separation kernel largely “as is”. From the aerospace partner we got the request to look at whether, from a research perspective, scheduling could me more flexible (e.g. run-time adaptation of time windows and cross-CPU thread/task migration).
The project started just before the COVID-19 pandemic and is now nearing completion. How do you feel the pandemic affected the project development (if at all)?
Mario: The pandemic gave us less direct contact, which first was an unusual situation. However, since we had previous exchange with some of the partners in other projects or just by having worked in the field for a long time, we have been able to manage the technical challenges.
As the project comes to an end, how would you describe the state of integration of ADMORPH technologies in the use case you are working on?
Mario: We are happy to see our separation kernel being used/investigated by two of the use cases, so the integration state (from our component’s provider view) is a good one. The last word for this is with the use case owners of course.
Looking ahead, which of the ADMORPH results you see with more potential for exploitation? Do you plan to exploit any of them?
José: As stated before, an interesting and relevant challenge was to make more complex hardware available to our separation kernel. For instance, new embedded hardware platforms such as UltraScale ZCU combine application cores (A-Cores) and safety cores, which are more restricted but more deterministic and higher-qualified cores (R-Cores), on the same platform. One of the things that we have developed in Admorph is a communication mechanism between the A-Cores and the R-Cores to enable safety monitoring of cores, and this even already has made it into the main separation kernel product (PikeOS ICCOM)! On the more experimental side, we have already mentioned the task to make scheduling more flexible. We have also shown that it is possible to extend the separation kernel on the sensing side by host intrusion detection by control flow integrity, network intrusion detection with Suricata, and safety monitoring infrastructure for heterogeneous systems. The intrusion detection work, culminating in a PhD thesis [2], is not yet part of our product but it is the fundament for new on-going research on integrating intrusion detection with e.g. secure gateway functionality at SYSGO.
[2] Kadar, M. (2022). Integration Methods For Host Intrusion Detection Into Embedded Mixed-Criticality Sytems [TU Kaiserslautern]. https://kluedo.ub.uni-kl.de/frontdoor/deliver/index/docId/6822/file/mkadar-thesis-final.pdf