During the last years, researchers have been trying to incorporate standard communication protocols, e.g., the widely used family of Internet protocols, into embedded systems. The expected advantages are increased interoperability, ease of training, and the possibility of using commercial off-the-shelf (COTS) components.
However, the Internet is designed to be open for every network participant and follows the best-effort principle. This limits its applicability in the area of ultra-dependable embedded systems. On the other hand, recently integrated system architectures combining safety-critical and non safety-critical subsystems into one system for higher dependability at lower hardware effort have been proposed. Both the non safety-critical part and the safety-critical part of such mixed-criticality systems can benefit from standard Internet communication interfaces. Condition-based maintenance, fault diagnosis, and engineering feedback are example applications. While the non safety-critical subsystem can be connected to the Internet via bidirectional interfaces, the safety-critical subsystem can exploit the standard Internet interfaces via unidirectional gateways in order to keep the certification effort as low as possible.
One obstacle for the employment of standard Internet protocols in embedded systems is the fact that protocol security holes and attack strategies have been extensively investigated and the respective information and tools are available to many people. This thesis presents a system model for mixed-criticality systems offering secure Internet communication services. Existing dependability concepts are adopted for security and applied to the system model of the integrated system architecture developed in the course of the European research project DECOS (Dependable Embedded Components and Systems).
Vulnerability-scanning software is used and attacks are performed in order to experimentally evaluate the effectiveness of the security services incorporated into a DECOS prototype cluster.