Documenting Security Assurance for Resource-Constrained IIoT Devices—The CERTIFY Project Methodology

Securing resource-constrained Industrial Internet of Things (IIoT) devices requires guarantees of integrity and confidentiality. This paper presents a security framework developed under the CERTIFY project to document and justify trustworthy execution of sensitive software running on resource-constrained devices. Our architecture model assumes the presence of a separation kernel, that employs hardware Memory Protection Units to enforce Memory isolation and mediate communications during boot, provisioning, and run-time. On the other side, the paper does not cover implementation aspects, but leaves them to the choice of the user intending to adopt the proposed solution architecture. To systematically show the trustworthiness of this proposed architecture, we develop an assurance case using Goal Structuring Notation: we map system requirements to architecture-specific security objectives and introduce a novel “attacker action” graphical element to explicitly integrate threat modeling into our arguments. The resulting assurance case provides a structured, auditable, and reusable foundation architecture for the secure implementation of the CERTIFY IIoT framework.