For Safety and Security Reasons: The Cost of Component-Isolation in IoT

Alexander Zuepke 1 , Kai Beckmann 1 , Andreas Zoor 1 ,  and Reinhold Kroeger 1
  • 1 RheinMain University of Applied Sciences, Wiesbaden, Germany


The current development trend of Internet of Things (IoT) aims for a tighter integration of mobile and stationary devices via various networks. This includes communication of vehicles to roadside infrastructure (V2I), as well as intelligent sensors / actors in Logistics and smart home environments.

Compared to isolated traditional embedded systems, the exposure to open networks increases the attack surface, and errors in the networking components could compromise the safety and security of the embedded application or the whole network. But often current system architectures for mass-market IoT devices lack the required isolation concepts.

Using a partitioning microkernel and enforcing the use of a microcontroller’s memory protection unit (MPU) facilities, we compare different isolation concepts for a publish/subscribe middleware implementing OMG’s Data Distribution Service (DDS) standard and we evaluate our results on an STM32F4 microcontroller. The results of this case study show moderate costs for increased memory usage and additional context switches.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • 1. Beckmann, K. & Dedi, O. (2015). sDDS: A portable data distribution service implementation for WSN and IoT platforms. In 12th International Workshop on Intelligent Solutions in Embedded Systems (WISES), 29-30 October 2015 (pp. 115-120). Ancona, Italy: IEEE.J. Clerk Maxwell, A Treatise on Electricity and Magnetism, 3rd ed., vol. 2. Oxford: Clarendon, 1892, pp. 68–73.

  • 2. Object Management Group. (2015). Data Distribution Service. DDS Version 1.4. Retrieved June 6, 2016, from

  • 3. Various. (2016, June). Lightweight TCP/IP Stack [computer software]. Retrieved June 6, 2016, from

  • 4. Züpke, A., Bommert, M. & Lohmann, D. (2015). AUTOBEST: A United AUTOSAR-OS and ARINC 653 Kernel. In 21th IEEE Real-Time and Embedded Technology and Application Symposium (RTAS), 13-16 April 2015 (pp. 133-144). Los Alamitos, CA: IEEE.

  • 5. AUTOSAR Consortium. (2016). AUTomotive Open System ARchitecture. Version 4.1. Retrieved June 6, 2016, from

  • 6. International Organization for Standardization. (2011). Road vehicles - Functional safety. ISO 26262:2011.

  • 7. Airlines Electronic Engineering Committee. (2010). Avionics Application Software Standard Interface. ARINC Specification 653.

  • 8. Gefflaut, A., Jaeger, T., Park, Y., Liedtke, J., Elphinstone, K., Uhlig, V., Tidswell, J. E., Deller, L. & Reuther, L. (2000). The SawMill Multiserver Approach. In 9th Workshop on ACM SIGOPS European Workshop: Beyond the PC: New Challenges for the Operating System, 17-20 September 2000 (pp. 109-114). New York, NY: ACM.

  • 9. Liedtke J. (1993). Improving IPC by Kernel Design. In 14th ACM Symposium on Operating Systems Principles (SOSP), 5-8 December 1993 (pp. 175-188), New York, NY: ACM.

  • 10. Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Pratt, I., Warfield, A., Barham, P. & Neugebauer, R.. (2003). Xen and the Art of Virtualization. In 19th ACM Symposium on Operating Systems Principles (SOSP), 19-22 October 2003 (pp. 164-177), New York, NY: ACM.


Journal + Issues