Our story

01

Task

To develop a centralized and secure Intrusion Detection System (IDS) that logs events within a hypervisor-based in-vehicle infotainment system. The objective was to implement a centralized, tamper-resistant IDS logging mechanism that can securely capture and preserve security event data across multiple isolated virtual machines. 

The solution needed to eliminate reliance on unsecured, fragmented logging methods while ensuring seamless integration with the existing platform, supporting role-based access, and maintaining traceability in case of system compromise. 

02

Challenge

The key challenge of the project involved ensuring isolation between VMs that ran on Android AOSP and custom Linux OS while still enabling secure communication for logging and analysis. 

In addition, the system needed to function reliably even during a security breach, preventing compromised VMs from manipulating or deleting logs. Moreover, the solution also required to comply with  internal security validation frameworks, deployed globally across different teams. 

03

Solution

To address these challenges, our team at Diconium Germany followed a consultative approach. We analyzed their requirements and suggested the most appropriate method to develop a solution that integrates within their existing setup with minimal disruption. 

Our team developed a Trusted Application (TA) validated and tested using OP-TEE, that can run independently of the guest operating systems, enabling secure access from both Android and Linux VMs without breaking isolation enforced by the hypervisor. 

During regular operations, both VMs continuously log data into circular buffers. However, when an intrusion is detected, the TA captures and preserves buffered data at that moment, preserving key logs and incident context. It also alerts the unaffected VM, prompting it to capture its own snapshot, which is securely transmitted to a centralized forensic server. 

04

Successes

Leveraging our prior experience in embedded security and TEE development, we were able to successfully integrate a secure IDS logging platform within the client’s production environment. The solution not only helped them significantly reduce implementation time but also lower development costs. 

Furthermore, the system enabled 100% traceability and audit integrity with a forensic-ready logging, protected against tampering, and maintained continuity of operations.  

Furthermore, along with the delivery of a robust IDS platform the customer also received full ownership of the TA source code, enabling them to maintain, extend, or integrate the solution independently.