Embedded Linux Security

Theoretical basics and hands-on session / March 11, 2025, From 2 p.m. to 5 p.m.

Class 3.3 at Embedded World 2025

The embedded world Conference is going into its 23rd edition in 2025. It is driven by a unique combination of an exhibition for engineers and technical management on one hand and a world-leading conference at the intersection of applied research and industrial applications on the other hand.

Benefit from the expertise of our researchers

The cybersecurity scientists of Fraunhofer AISEC invite you to session 3.3 on Embedded Linux Security. In the theoretical part of the class you will learn about the security mechanisms of the Linux kernel as well as measures to protect the integrity of code and data. In the practical, hands-on part of the session, you will be able to try out the security techniques presented on an ARM-based hardware platform.

Event details

Program

CLASS 3.3

In this class, we will provide an overview of security mechanisms provided by the Linux kernel which can be used to secure embedded systems. Additional mechanisms to protect the integrity of code and data such as Secure and Measured Boot will also be addressed. We will give theoretical background information on those mechanisms as well as supporting mechanisms implemented in bootloaders, UEFI and uboot using trust anchors in hardware such as TPMs or Secure Elements.
We will give practical insights into the implementation of those mechanisms on the example of the open source software GyroidOS. GyroidOS is a multi-arch OS-level virtualization solution with focus on platform security based on hardware features. As a deep dive, current approaches for secure container migration will be discussed and the implementation on GyroidOS is shown. This includes, among other things, the use of ARM TrustZone for end-to-end token migration.
The initial discussion will be followed by a practical session on deployment and usage of GyroidOS and the presented security techniques on an ARM-based hardware platform. Note that this class does not comprise network security, e.g., firewall configuration, and user space Linux security. The focus lies on platform security and the Linux kernel itself.

Prior Knowledge:

Basic knowledge of the Linux operating system is essential.
Knowledge of the embedded Linux Project Yocto is beneficial but not necessary.

Learning Outcomes:

Attendees will know Linux-kernel mechanisms and supporting methods from hardware and boot loaders, which they can use to build a secure Linux based embedded System.

Attendees will know how to use GyroidOS as baseline for a secure platform with own services.

Costs

Vary depending on your program selection.

Contact

Speaker:
Dr. Michael Weiß

Michael Weiß has been working as a research assistant at Fraunhofer AISEC since 2010. During his time as a research assistant, he completed his doctorate in the field of secure architectures using microkernels and trusted computing technologies at the Technical University of Munich in 2016. Since then, as a senior scientist and security engineer, he has been responsible for topics related to secure execution environments and trusted computing technologies. Many of his activities merged into a secure platform that serves as the basis for a wide variety of projects. Over the last 14 years, he has worked on numerous projects on integrity protection using remote attestation and secure boot technologies for embedded systems (arm) and server systems (x86). He is also maintainer and core developer of GyroidOS and occasionally contributes to the Linux kernel.

Felix Wruck

Felix Wruck has been working at Fraunhofer AISEC since 2018 as a research assistant in the Secure Operating Systems department. Also, he is working on his PhD in the field of secure OS-level virtualization at Fraunhofer AISEC and the Technical University of Munich. He completed his studies in computer science at the Technical University of Munich in 2018 with Masters of Science degree. Thereafter, he worked on topics related to secure system architectures, TEEs, and virtualization technologies as a research assistant as well as a maintainer and core developer of the secure platform GyroidOS. In this context, he participated in various projects in the areas of systems and embedded security.

Johannes Wiesböck

Johannes Wiesböck has been a research assistant at Fraunhofer AISEC since 2022. His research focuses on trustworthy embedded systems, Linux kernel security, and applied cryptography. Before joining Fraunhofer AISEC, he completed his master's degree in computer science at the Technical University of Munich (TUM) in 2022. During his studies, he worked as a student assistant at TUM and at the Research Institute of the Free State of Bavaria for Software-Intensive Systems (fortiss), concentrating on microkernel operating systems and embedded real-time systems. Currently, Johannes is a frequent contributor to the GyroidOS project with a focus on build automation and integration.

Maximilian Peisl

Maximilian Peisl has been a research associate at Fraunhofer AISEC in the field of Secure Operating Systems since 2023. Previously, he completed a bachelor's and master's degree in computer science at the Technical University of Munich, focusing on computer networks, distributed systems, and IT security. In his master's thesis, he addressed the question of how to automate the analysis and evaluation of the isolation properties of containers on Linux systems, regardless of the container runtime used. Furthermore, he worked on topics related to secure execution environments and confidential computing technologies. At Fraunhofer AISEC, his current work and research focus is on secure (container) virtualization.

Location

NCC Ost Convention Centre
NürnbergMesse GmbH
Messezentrum 1
NCC Ost Convention Centre
90471 Nürnberg, Germany

Date

March 11, 2025, From 2 p.m. to 5 p.m.

Language

English

Session »Embedded Linux Security« at Embedded World

Theoretical basics and hands-on session / March 11, 2025, From 2 p.m. to 5 p.m.