Logo der PTB - Messen, Forschen, Wissen

Metrological ICT-Systems

Working Grouß 8.52

A Reference Architecture for Secure Embedded Systems

Using microkernels to securely encapsulate software into modules


Measuring instruments often use large standard operating systems as their software foundation. These operating systems hinder software testing because they contain numerous "bugs". A new software reference architecture developed at the PTB makes use of the benefits standard operating systems have, such as the greater functionality, a familiar user interface and many drivers, but still ensures security due to the encapsulation and modularization of the software.

This configurable software reference architecture is based on a microkernel. The microkernel is software that runs on the lowest level, under the actual operating systems. These operating systems in turn, are encapsulated into modules, so-called virtual machine (VM). The operating systems can continue to load their usual programs and drivers, but are obligated to communicate via the microkernel with each other and the hardware. The system architecture is based on a modular design that fulfils the requirements of the Measuring Instruments Directive of the European Union (MID) and the WELMEC 7.2 Software Guides. These can be seen in the figure and are as follows: displaying data (Secure GUI), data protection (Key & Signature Manager), storing data (Storage Manager), executing downloads (Download Manager), transferring data (Connection Manager), and internal data processing (Communication Monitor). Hence, the reference architecture ensures that all legally relevant measurement functions can be monitored safely. In addition, the architecture separates non-legally relevant software (N) and legally relevant software (L). All calculations that fall under legal control are carried out in the L-VM, everything else in the N-VM. This strict separation ensures that legally relevant software is not irregularly affected.




Fig.: Communication between the individual modules within the system architecture


The project will be continued in cooperation with the Technical University of Berlin, which is developing a new microkernel that will be mathematically formally verified, showing that typical operating system vulnerabilities are not present. This is important for instruments that need to judicially prove their correctness (e.g. traffic enforcement cameras). With this microkernel, the proposed framework has been implemented on a demonstrator. In addition, the system architecture is being adapted for specific measuring instruments, which have to fulfill different tasks, in cooperation with two SMEs. These measuring instruments are a medical device and a traffic enforcement camera.






   Daniel Peters

   Department 8.5 Metrological Information Technology

   Phone: +49 (0)30 3481-7916

   EMail: daniel.peters@ptb.de




Scientific Publications


  1. D. Peters, M. Peter , J.-P. Seifert, F. Thiel: A Secure System Architecture for Measuring Instruments in Legal Metrology. Computers - Open Access Journal 4(2), 61-86, 2015
  2. D. Peters, U. Grottker, F. Thiel, M. Peter, J.-P. Seifert, Achieving Software Security for Measuring Instruments under Legal Control, FedCSIS (EAIS), Warsaw, Poland, 7-10 September, 2014
  3. D. Peters, F. Thiel, M. Peter, J.-P. Seifert, A Secure Software Framework for Measuring Instruments in Legal Metrology, IEEE International Instrumentation and Measurement Technology Conference (I2MTC), Pisa, Italy, May 11-14, 2015
  4. J. Fischer, D. Peters, A Practical Succinct Data Structure for Tree-Like Graphs, WALCOM: Algorithms and Computation, LNCS, Springer International Publishing, ISBN: 978-3-319-15611-8